If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Well what the fuck. I thought they had an actually secure setup where MS vetted every kernel mode signing cert. If you can just buy one for 200$, that's just asking for rootkits.
I'm sure they do vet it- which is why it's kind of pointless to try getting a cert if you plan to do malicious things. You still have to provide information, and if you're going to try to convince the certificate authority that you're real when you're not, might as well just borrow someone else's or do something that doesn't require a signed cert.
MS can blacklist your cert, and it'll probably be a big news story if an issued code signing cert turns out to be malicious and not stolen, which will further limit the damage that can be done.