After you sign a document, you cannot make any changes to it. It is precisely the reason why we take signatures. They make a document valid and authentic. When the document is digital in nature, the signature is also digital. For a computer software or driver, you need code signing to make it valid for use.
So, to be precise code signing is digitally signing a software, driver, program or application before you publish it. It verifies that what you’re about to install in your operating system is 100% authentic and safe.
How Does Code Signing Ensure that Your Software is Safe?
A digital signature is a double-encryption signature that comprises a public key and a private key. The private key belongs only to the person who is signing the document while the person accessing it uses the public key. If you try making any changes in the document, the keys will not match.
So, when you digitally sign a code that you’ve written for a software, driver, program or application, the same thing happens. After you’ve signed the code, any alterations in the code will cause a problem. In most cases, if the code is altered, you won’t be able to install the program on your computer.
Can You Install a Program that is Not Code-Signed?
In most cases, the answer is no. You can always check for the code sign of the application in the properties before you run it. You’ll find the digital signature tab in the properties in that case. In most cases, the operating system will not trust a software, program, application or driver that does not have a digital signature. In that case, the download is most likely to fail.
What If a Malicious Code is Signed?
That can be a big problem. Hackers are equally capable of digitally signing a software they create which in reality might be malware or spyware. In some rare situations, even a software company can make the error of code signing a malware. This happened once with the most trusted company we know – Microsoft Corporation.
Yes, Microsoft had mistakenly code-signed a driver called Netfilter which had Rootkit malware. A rootkit malware protects any form of malware to gain access to a software or an operating system. This one was used to communicate with Chinese command and control servers.
So far, professional users haven’t faced any serious damage. However, Microsoft has ensured that it will provide a clean driver to users.
So, you ideally shouldn’t be downloading or using Netfilter as of now for obvious reasons. Microsoft will have to go through the entire process of writing the code, ensuring it is not harmful and then digitally signing it again. In other words, code signing a malicious program implies starting the process from scratch after removing the availability of the existing malicious program.