Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about Malwarebytes and some other antimalware programs not having updat


  • Please log in to reply
9 replies to this topic

#1 herbman

herbman

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 28 September 2013 - 05:04 PM

I see that Mbam certificate is not updated, i believe it says it ran out in june,  why do some programs show valid dates and some don't?
 
Whats the real value of these anyway if some don't bother keeping them valid?
 
Thank you

Edit: Moved topic from General Security to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 AM

Posted 28 September 2013 - 05:40 PM

Please refer to this page in regards to Malwarebytes.

http://forums.malwarebytes.org/index.php?showtopic=128830

Edited by LiquidTension, 28 September 2013 - 05:51 PM.

Posted Image

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:43 AM

Posted 28 September 2013 - 05:55 PM

This is general information to add to the link provided by LiquidTension.
 
If you click the "Learn more about certificates" link at the bottom of the Certificate General tab, the Certificates Overview Help file will open with information about certificates.
 

...A certificate is valid only for the period of time specified within it; every certificate contains Valid From and Valid To dates, which set the boundaries of the validity period. Once a certificate's validity period has passed, a new certificate must be requested by the subject of the now-expired certificate.

 
Digital certificates are a part of Authenticode technology, which identifies where programs come from and verifies that programs have not changed. Digital certificates are authenticated, issued, and managed by a trusted third party called a Certificate Authority (CA). After the certificate expires, the software publisher has to resign the code and post new versions of it so the certificate will have a new expiration date. Publishers generally do this upon releasing a new version of the software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 29 September 2013 - 05:24 AM

I see that Mbam certificate is not updated, i believe it says it ran out in june,  why do some programs show valid dates and some don't?
 
Whats the real value of these anyway if some don't bother keeping them valid?
 
Thank you

Edit: Moved topic from General Security to the more appropriate forum. ~ Animal

 

The certificate has experied, but not the signature.

 

A certificate has a validity period: this means that it can only be used during that validity period.

The validity of the MBAM code signing certificate you are refering to is from 24/05/2011 to 05/06/2013.

So the certificate is now expired. This means it can no longer be used to sign new executables.

 

But the MBAM program was signed on 04/04/2013. This is within the validity period, and thus the signature is valid and remains valid.

You can also see that the signature was timestamped by COMODO on 04/04/2013 (countersignatures).

This assures you that the MBAM program was signed on 04/04/2013, and that the developers did not tamper with the clock of the machine that was used to sign the MBAM executable.

 

If an executable is signed without countersignature, and the certificate is no longer within its validity period, then the signature also becomes invalid.

But if there is a countersignature, the signature remains valid.


Edited by Didier Stevens, 29 September 2013 - 05:25 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:43 AM

Posted 29 September 2013 - 07:17 AM

Since certificates is a topic we don't often see in regards to discussion, I have complied a few helpful links:

Understanding Digital Certificates & Secure Sockets Layer
How Does SSL Work?

Authenticode
Code signing

Time Stamping Authenticode Signatures
Timestamping extends the valid date of a digital certificate

How to view digital signature and certificate details
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 AM

Posted 29 September 2013 - 07:38 AM

Very informative - both yours and Didier Stevens' post.

Thank you!
Posted Image

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 29 September 2013 - 07:59 AM

Great list quietman7.

 

FYI: executables can also be signed via a catalog file, and then you don't have a digital signatures tab to check the signature.

I explain this here:

http://blog.didierstevens.com/2008/01/11/the-case-of-the-missing-digital-signatures-tab/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:43 AM

Posted 29 September 2013 - 08:36 AM

Another well written informative article by Didier Stevens which I will have to add to my list.

Very informative - both yours and Didier Stevens' post.

Thank you!

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 29 September 2013 - 09:37 AM

Thanks quietman7!


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:43 AM

Posted 29 September 2013 - 03:33 PM

:thumbup2:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users