Originally Posted by JimJoe
A Digital Signature
is used to identify software publishers, and not people (many people believe that digital signatures are actually used as an electronic form of their own handwritten signature, but this is not the case).
They can be used to detect if a file has been tampered with. For example, almost all Windows files are digitally signed, which should immediately become invalid if malware modified it. Also, many installers from many different companies are digitally signed. If you download a file, and the digital signature is invalid, consider that it has been intercepted and modified, and think malware.
Finally, ActiveX controls, other online active components, and many drivers
are digitally signed. In fact, due to the power drivers have over the system, 64bit copies of Windows (and I *think* only Vista upwards) now require all drivers to be digitally signed. Windows simply will not allow an unsigned driver
to be installed, or run. The only way to get around this is to F8 at startup, and boot with "Disable Driver Signature Verification".
Whether you like it or not, digital signatures are everywhere, and invisibly envelop your computer.
However, not all Digital Signatures are created equal. There are multiple classes, all with ever increasing price tags, which can be bought from code signing authorities. Cheap certificates can only be used to sign less important code. Very (potentially) dangerous code, such as drivers, require an expensive (and they are hugely expensive) digital certification.
However, you can also create a certificate for free. However, since anybody can do this, they are actually pretty useless, and sit next to "untrusted code" (unsigned code). For example, I could create a certificate here and now with the name Microsoft Corporation (exactly the name they actually use). There is nothing stopping me. But it would be next to useless. The real Microsoft Corporation certificate is hugely expensive (or would be if Microsoft didn't own the signing company!), and comes from Verisign (IIRC). If I attempt to apply for a Microsoft Corporation certificate from Verisign, they would tell me that the name is already in use, only allowing the real Microsoft access. And now we have a useful certificate.
Now, however, let us imagine that Microsoft accidentally released their private key to Microsoft Corporation. Suddenly, any person anywhere could sign code as Microsoft Corporation using the real certificate. Suddenly, malware could modify files, and re-sign it, or they could simply sign their own code under Microsoft's name. Suddenly, you don't know what is genuine, and what is not. What Microsoft needs is a way to remotely revoke that stolen certificate, and disable it everywhere, and prevent malware abusing it. Microsoft can then re-generate a new key, re-sign everything, and revoke the old key. Something similar to this happened to Yahoo recently in one of their Chrome Extensions (see, even those are signed) IIRC.
Alternatively, signing authorities can actually re-sell the right to sign keys. To do this, they author a wild-card certificate, which can itself sign other certificates (only the most trusted authorities get to pass on wildcard certificates at all, IIRC, and most certainly do not get to pass on extremely open wildcard certificates). Imagine the damage if one of those leaked... Well, several have leaked, and all were revoked within days.
This is why your certificate revokation update is extremely important. Digital Certificates are everywhere. Many have been stolen, including recently, warranting this update. If you hadn't installed it, your computer would never have realised that it was stolen. You would have visitied a genuine website which has been hacked (not anything dodgy at all, just some legitimate website). You wouldn't have noticed anything at the time, but via some means or other, malware would have been silently installed via a bad digital signature. Now that you have the update, if you ever visit one of these infected websites, your computer will recognise it as stolen, will not run the code, and you will have been prevented from infection.
Therefore I encourage you to always install these updates immediately.
As it happens, this one Flame malware case was actually more complicated, and was not caused by a stolen certificate at all.
In fact, it has now been seen that the whole Digital Signature process is flawed, and in fact it is possible to tamper with a file and not invalidate its digital signature. This was first proven years ago.
Also, MD5 is a broken algorithm. It has been proven that you can add data in the middle, or append/prepend, and cause a hash collision. This is known as a collision attack. So you can tamper with a file and still keep the same MD5.
This coupled with the above information allowed someone to tamper with a digital signature, AND keep the MD5 the same. Indeed, some digital signatures did not have a full binary hash AT ALL! This was a terrible design (which can only be done in one very specific way, which suggests all the more strongly it was a mistake and not a design decision) which should never have been allowed, and allowed the Flame malware to work.
Therefore, Microsoft have now revoked all no full binary hash, and MD5 hash digital signatures to prevent this kind of attack. It was a very wise decision to install that update.