26 Jul
2008
26 Jul
'08
8:22 a.m.
Hi,
Paul Millar wrote:
As an aside: this looks to me like a logical fallacy. If I may rephrase your argument:
- Most signed software is from a large code-base (probably true)
- Large code-bases are more likely to have vulnerabilities (probably true)
- Therefore, signed software is more likely to have vulnerabilities (wrong:
not deducible) See: http://en.wikipedia.org/wiki/Fallacy#Logical_fallacy
A digital signature is intended to certify that the software was really published by it's claimed vendor.
It does not protect against bugs, vulnerabilities, intentional malware or anything else.
But protects you from hosting that modify intallers to drop malware for example. Or may save you from viruses pretending to be Microsoft software.
Kornél