On 21-Oct-2012 19:32, firstname.lastname@example.org wrote:
>> With such a virus in the wild, the very concept of code signing becomes totally
> pointless - software developers will be unknowingly producing malicious binaries
> that are built from totally harmless sources, and signing them with their own
Yep, this is basically same as explained by Thompson back in 1984.
You cannot "automate" trust, or trust blindly.http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
>It may be impossible for Microsoft to ever repair that damage.
Believe or not, it seems that they are very busy exactly doing that,
and we may see something quite soon.
All NDAs aside, who else can do such job - Apple? Google? Kaspersky's
labs? Nope, only MS can do this.