Asked By
Borj Claire
0 points
N/A
Posted on - 12/12/2011
I just need an expert opinion about security warnings related to digital signature. For instance, I tried to install an application but a message popped up asking if I would want to run it even if the application’s digital signature has expired.
Please refer to the screen shot I uploaded. Should I hit Run or Cancel?
Warning – Security
The application's digital signature has an error. Do you
want to run the application?
Name: com.webct.platform.tools.dragndrop.common.DetectPluginApplet
Publisher: Blackboard
From: http://webstudies.sun.ac.za
What’s the risk of an expired digital signature?
Probably the digital certificate of the application that you are installing has expired and therefore you will need to do the following to use the application again:
-
Lower the security settings that you are using – This means the security credentials for the application will be lowered to medium or low, and therefore the fee that you pay for the application in the time allocated will be reduced.
-
Renew the digital signature – This will be useful where the digital signature has just expired. Maybe you were supposed to use it for a span of one year and that period has come to an end. You will need to contact the provider of the application to be able to renew the digital signature.
Regards,
Thompson Locker
What’s the risk of an expired digital signature?
Microsoft has a public key infrastructure technology where the digital signatures are referenced. This public key infrastructure technology is based on Microsoft Authenticode which is composed of trusted certification authorities, or what is called the Certification Authority (CA).
Microsoft Authenticode is referenced on industry standards that allow vendors or software publishers to sign a single or collection of files by using code-signing digital certification which is issued by certification authorities. Windows uses digital signatures to verify that the files are signed, the signer is trusted, the certification authority that authenticated the signer is trusted, and the files are not altered after publishing.
With regards to this warning window, you are manually capable of allowing the application to execute given that you are familiar with this software and knows exactly its use.