We publish the update for our software package in one executable file. The file is digitally signed by Authenticode using the certificate issued to us. The file is downloaded to the Windows XP or Vista systems that our customers work with, where they run it to update our software.
Our PCI compliance auditor asked us to protect against the following situations:
- After downloading our executable file, the attacker modifies the file. The observer will be able to check the properties of the file and determine that the signature is no longer valid.
- An attacker places a modified executable file somewhere that an unsuspecting user can run it.
- An unsuspecting user launches the modified file, freeing up undefined chaos.
The auditor claims that there is a way (or there must be a way) to prevent the file from running at all if the signature is invalid.
Do you know how to do this?
Matthew smith
source
share