Software authenticity: If it runs, it's right. Simple enough, no? Not quite. You downloaded the latest and greatest network app, text editor, or whatever your CPU desires. The software program you downloaded installed clean, runs great, works exactly as advertised. Is the new application you installed the only new thing running? Did you get exactly what was advertised, and *only* what was advertised? In the previous scenario I implied that a Trojan accompanying the new application may have been downloaded and installed. How do we protect ourselves from something like this occurring? One way is by using only software purchased from reputable vendors (99% of the time 'shrink-wrapped' software is a safe bet. There is that 1% that is not safe.) Another is Software Authenticity.
Matt Smith brought up a good point that needs to be emphasized: Just because a piece of software has a signature assosciated, and the local signature matches the source signature, doesn't mean that it is malware free; it only means that the software is exactly as the originator intended. If the originator created the software with malicious code built in, then the signature does nothing more than tell you that the malicious portion is still in there!
Oct 20th 2007
1 decade ago