To demonstrate the usefulness of signatures and digital fingerprints I loaded mspaint into a hex editor and altered one character from P to X (the character was located in a string). When I later on launched mspaint I was expecting Windows (xp) to pop up a dialog to warn me and say that the file had been tampered. But no such dialog popped up! Why?
Asked
Active
Viewed 163 times
2 Answers
1
The check probably isn't done for performance reasons. You might have a multi-megabyte executable, and checking it might take a long time.
However, if you load up Process Explorer and tell it to verify digital signatures, it will probably tell you that the digital signature on your tampered version of Paint is invalid.
Anthony Mills
- 111
1
Windows XP by itself does not offer very effective anti-tampering solutions. It's probably up to the developer to write verification code for his app if he wants to protect it from tampering. As for the non-kernel parts of the OS, such as the bundled programs (paint, for instance), they weren't considered critical enough to be protected in such a manner.
luvieere
- 185