Why is algo.dll not signed on windows? Seems like it would be easy since you are signing most of the other dll’s that are located in the same dir.

Are you doing some other type of verification against that file?

Thanks for the info - hopefully you’ll be signing all files soon.
Chris

Yes, all the files are being verified (but not by the usual signatures you see, i.e. they are kinda unnecessary there anyway).

Seems like it wouldn’t be hard to sign all the files. This would give users who care a higher confidence that those files really belong to avast (instead of just some abstract “assurance” that you are checking to make sure they are yours and unmodified by an attacker).

This is a security company after all, seems like an obvious step to sign all files that would execute.
c

I’m not saying it couldn’t/shouldn’t be done, just that the “higher confidence” would be kinda false as those embedded signatures are not checked anyway (by the program at least - and when the user checks them manually, the files are already loaded, so it’s a bit too late).

As for the “abstract” assurance - there are a few (signed) .txt files in the same folder, containing the hashes of the files; that’s what is really used to check the file validity before loading. Additionally, the packages transferred from our servers to the users are signed as well, of course - which is what actually matters. I mean, if the attacker has the ability to change the files you already have on your disk, he can change the antivirus executables as well, e.g. not the check the signatures in the first place, so the signatures on the local files won’t help you much. Sure, they might be useful against a generic file infector, for instance.

That’s a reasonable explanation. Thanks for taking the time to answer.
c