Really understand the mysterious digital signature

Do you know? The SP2 with digital signature released by Microsoft is the official version (right click on the file properties window to view the digital signature information shown in Figure 1). What is the matter?

Figure 1

First, Windows file protection function

In Windows versions prior to Windows 2000, installing software other than the operating system may overwrite some sharing. System files, such as dynamic link libraries (*.dll files), executable files (*.exe), may cause unstable programs and system failures, mainly due to so-called DLL traps.

In order to completely solve this problem, in Windows 2000 and Windows XP, Microsoft introduced the "Windows File Protection" mechanism to prevent replacement of protected system files, including *.sys, *.dll , *.ocx, *.ttf, *.fon, *.exe and other types of files, Windows file protection automatically runs in the background, can protect all files installed by the Windows installer.

Windows file protection can detect the intent of other programs to replace or move protected system files, so what is it based on? In fact, Windows file protection is by detecting the digital signature of the file to determine whether the version of the new file is the correct version of Microsoft. If the file version is incorrect, Windows File Protection will automatically call the dllcache folder or the backup file stored in Windows to replace the file. File, if Windows File Protection cannot locate the corresponding file, the user will be prompted to enter the location or insert the installation CD.

Second, recognize digital signatures

Digital signatures allow users to verify. If a file does not have a valid digital signature, then there is no guarantee that the file will indeed come from the source it claims, or Make sure it has not been tampered with after the release (may be tampered with by the virus). At this point, it is safer to open the file safely unless you determine the creator of the file and know its contents, otherwise it is not recommended to open the file easily. Any hardware or software that has been digitally signed by Microsoft will generally have the logo "Designed for Microsoft Windows XP" on its outer packaging.

When installing new software on your computer, system files and device driver files are sometimes overwritten by unsigned or incompatible versions, causing system instability. The system files and device driver files provided with Windows XP are Microsoft digitally signed, which indicates that these files are original unmodified system files, or they have been approved by Microsoft for Windows. Windows 2000/XP provides the "File Signature Verification" tool (see Figure 2), and Windows 9x provides the "System File Checker", which allows us to check the digital signature status of system files.

Figure 2

By default, Windows File Protection is always enabled, while allowing Windows digital signature files to replace existing files. Currently, signature files are distributed in the following ways: Windows Service Pack, Patch Distribution, Operating System Upgrade, Windows Update, Windows Device Manager/Category Installer.

Third, digital signature example show

For a long time, in addition to protecting system files, what benefits can digital signatures bring to ordinary users? Below, we use a few examples to illustrate:

Example 1: Verify that the core files of Windows XP are replaced

Now Windows XP version has a large enterprise version, Lenovo random version, etc. How to verify that Windows XP at hand belongs to Microsoft original?

Here, we only need to check whether the system files of Windows XP can be verified by file signature. In the "Start → Run" dialog box, type the "sigverif" command to open the "File Signature Verification" window, click the "Start" button, the file list will be created first, and you will see Figure 3 later. Windows, files that are not digitally signed here are mostly driver files. As long as the two files winLogon.exe and licdll.dll do not appear in the list, your Windows XP has not been tampered with.

Figure 3

Example 2: Driver Signing

Windows XP comes with drivers that pass Microsoft's WHQL digital signature and view drivers that are digitally signed. You will see an icon. However, when we install or upgrade the device driver, we often see the warning message shown in Figure 4, saying that it is "not verified by Windows logo test, it can not verify its compatibility with Windows XP", in fact, this is The file protection feature of Windows XP is working to reduce the risk of users installing unprotected drivers. Of course, we just need to select the “Continue” button to ignore this prompt and complete the driver installation.

Figure 4

If you think this warning box is very annoying, you can open the "System Properties" window, switch to the "Hardware" tab, click on the "Driver" The "Signature" button enters the window of Figure 5 and has three options under "File Signature Verification":

Figure 5

Ignore: Allows the computer to install all device drivers, regardless of their Whether it has a digital signature.

Warning: When the installer attempts to install a device driver that does not have a digital signature, a warning message is displayed, which is the default behavior of Windows XP.

Block: Prevents the installer from installing device drivers that are not digitally signed.

Obviously, check the “ignore" option and set it as the system default option. When you install or upgrade the device driver later, the signature verification warning will not pop up.

Example 3: Write Digital Signature Information to a Log File

Open the “File Signature Verification” window and click on the “Advanced” button to enter the “Advanced File Signature Verification Settings” ” Dialog box, switch to the "Recording" tab, select the "Save file signature verification results to a log file" check box (see Figure 5), if you select “ Attach to existing log file & rdquo; You can add new search results to the end of the log file, select “overwrite existing log files” replace the existing log files with new ones, then type the name of the log files, and then you can write the search results Enter the file.

If you just want to overwrite the log file, type the “sigverif /defscan” command directly in the &Startquo;Run & rdquo; dialog box.

Example 4: Disabling File Protection for Windows

There is a folder called dllcache in the Windows System 32 directory of Windows 2000/XP, which saves backups of important files, such as Windows XP. There are 2169 important files in the dllcache folder, which occupies as much as 364.5MB. If Windows 2000/XP finds that a protected system file has been replaced or corrupted, it will be automatically restored from the dllcache folder.

If you need to free up some of the available space for some reason, you can type the “sfc /purgecache” command to empty the Dllcache folder in the &Startquo;Run & rdquo; dialog box, note that “ /” There is a space character in front of the English half, which will clear the file cache saved in the dllcache. However, Windows File Protection can only recover system files from the Windows installation CD, so you will often see a prompt to insert the Windows installation CD, so it is not recommended for friends to use this technique if you wish to disable Windows files. To protect, you can type "<quo;gpedit.msc" in the "Start →Run" dialog box to open “local computer strategy →computer configuration →management template →system”window, find “Windows file protection ” group, in the right pane, double-click the "Set Windows File Protection Scan" item, set to "disabled", you can also limit the size of the file protection cache and the location of the specified file protection cache. .