- Status
There are a few problems with the certificate system.
One is that levels are only used on the certificate end ie:
Verisign has multiple levels of certificate authenticity but Windows doesn't actually care - they're all considered trusted.
The other is that that certs are used for UAC and UAC is flawed. You have certs from sites that may not be that amazing/compromised and as soon as they're used the application gets full access. It's a bit silly.
I like the cert system and I would definitely use it in a security model but the implementation is kinda lame.
One is that levels are only used on the certificate end ie:
Verisign has multiple levels of certificate authenticity but Windows doesn't actually care - they're all considered trusted.
The other is that that certs are used for UAC and UAC is flawed. You have certs from sites that may not be that amazing/compromised and as soon as they're used the application gets full access. It's a bit silly.
I like the cert system and I would definitely use it in a security model but the implementation is kinda lame.
Good explanation right there Hungry Man. Certificates are great for better security, But the way most companies utilizes it is sort of shameful.
- Status
You may also like...
-
Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign- Started by Brownie2019
- Replies: 1
-
Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess- Started by enaph
- Replies: 1
-
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide- Started by Gandalf_The_Grey
- Replies: 2
-
Some guy asks if Windows Defender/Microsoft Defender is enough and this is the amazing answer he got back- Started by annaegorov
- Replies: 88
-
Poland says Russian military hackers target its govt networks
- Started by Gandalf_The_Grey
- Replies: 6