0

I have a few old software setup files in my hard disk. I am helping someone to setup their new laptop, but unfortunately there is no internet access at his place currently. Technically, how can I be sure that the setup files I have are not tampered in anyway?

Say for example, I have a Windows 10 ISO or an Office ISO. If the UAC pop-up shows the Verified Publisher as "Microsoft", can I be sure that the file is not tampered in any way? Does the Verified Publisher name show "Unknown" even when a 1 megabyte file is changed in the 6GB set-up file?

InternetUser
  • 31

1 Answers1

1

Technically, how can I be sure that the setup files I have are not tampered in anyway?

Only use installation files that have been digitally signed by somebody you trust.

Say for example, I have a Windows 10 ISO or an Office ISO. If the UAC pop-up shows the Verified Publisher as "Microsoft", can I be sure that the file is not tampered in any way?

The publisher cannot be changed without making the digital signature invalid. If the signed file indicates it was published by Microsoft, then the signature is valid, otherwise, Microsoft wouldn't be the publisher.

Does the Verified Publisher name show "Unknown" even when a 1 megabyte file is changed in the 6GB set-up file?

The installer itself is signed, which means contents of that archive, is also signed. The contents cannot be modified, if it is modified, then the signature of the archive wouldn't be valid.

Ramhound
  • 44,080