Do you know? The SP2 with digital signature released by Microsoft is the official version (right click on the file properties window to view the digital signature information shown in Figure 1). What is the matter?
Figure 1
a, the Windows File Protection feature in Windows 2000
previous versions of Windows, the software beyond the operating system is installed, you may overwrite some shared System files, such as dynamic link libraries (*.dll files), executable files (*.exe), may cause unstable programs and system failures, mainly due to so-called DLL traps.
In order to completely solve this problem, in Windows 2000 and Windows XP, Microsoft introduced the "Windows File Protection" mechanism to prevent replacement of protected system files, including *.sys, *.dll, * .ocx, *.ttf, *.fon, *.exe and other types of files, Windows file protection automatically runs in the background, can protect all files installed by the Windows installer.
Windows File Protection can detect other programs to replace or move intent protected system files, then on what basis it is to detect it? In fact, Windows file protection is by detecting the digital signature of the file to determine whether the version of the new file is the correct version of Microsoft. If the file version is incorrect, Windows File Protection will automatically call the dllcache folder or the backup file stored in Windows to replace the file. File, if Windows File Protection cannot locate the corresponding file, the user will be prompted to enter the location or insert the installation CD.
Second, recognize digital signatures
digital signature that allows the user to verify if the file does not have a valid digital signature, it will not ensure that the file is actually from the source it claims to be, or not Make sure it has not been tampered with after the release (may be tampered with by the virus). At this point, it is safer to open the file safely unless you determine the creator of the file and know its contents, otherwise it is not recommended to open the file easily. Any hardware or software that has been digitally signed by Microsoft will generally have the logo "Designed for Microsoft Windows XP" on its outer packaging.
When installing new software on your computer, system files and device driver files are sometimes overwritten by unsigned or incompatible versions, causing system instability. The system files and device driver files provided with Windows XP are Microsoft digitally signed, which indicates that these files are original unmodified system files, or they have been approved by Microsoft for Windows. The File Signature Verification tool is available in Windows 2000/XP (see Figure 2), and Windows 9x provides the System File Checker, which allows us to check the digital signature status of system files.
Figure 2
By default, Windows File Protection is always enabled, while allowing Windows digital signature files to replace existing files. Currently, signature files are distributed in the following ways: Windows Service Pack, Patch Distribution, Operating System Upgrade, Windows Update, Windows Device Manager/Category Installer.
Third, the digital signature examples show
said a long time, in addition to protecting system files, the digital signature exactly what benefits it can bring to ordinary users? Below, we carried out a few examples illustrate:
Example 1: Verify that Windows XP's core files are replaced
Windows XP version now has a large corporate version, Lenovo and other random version, then How to verify that Windows XP at hand belongs to Microsoft original?
Here, we just check if Windows XP system files through the file signature verification can be. In the "Start → Run" dialog box, type "sigverif" command to open the "File Signature Verification" window, click the "Start" button, the file list will be created first, and the window shown in Figure 3 will be seen later, where it is not digitally signed. Most of the files are driver files. As long as the two files winlogon.exe and licdll.dll do not appear in the list, your Windows XP has not been tampered with. 3
example
Figure 2: Driver Signing
Windows XP comes with the drivers have passed Microsoft's WHQL digital signature, viewed through the digital signature of the driver You will see an icon. However, when we install or upgrade the device driver, we often see the warning message shown in Figure 4, saying "I have not passed the Windows logo test, can not verify its compatibility with Windows XP", in fact, this is Windows XP The file protection feature works to reduce the risk of users installing unprotected drivers. Of course, we only need to select the "still continue" button to ignore this prompt and complete the driver installation.
Figure 4
If you think this warning box is very annoying, you can open the "System Properties" window, switch to the "Hardware" tab, click "Driver" The Program Signature button enters the Figure 5 window. There are three options under File Signature Verification:
Figure 5
Ignore: Allows the computer to install all device drivers, whether or not they have digital signature.
Warning: When the installer attempts to install a device driver that does not have a digital signature, a warning message is displayed, which is the default behavior of Windows XP.
Block: Prevents the installer from installing device drivers that do not have a digital signature.
Obviously, the "Ignore" option is selected and set to the system default option. When the device driver is installed or upgraded later, the signature verification warning will not pop up.
Example 3: Write digital signature information to the log file
Open the "File Signature Verification" window, click the "Advanced" button to enter the "Advanced File Signature Verification Settings" dialog box, switch to " The "Recording" tab, select the "Save file signature verification results to a log file" check box (see Figure 5), if you select "Append to existing log file" you can add new search results to the end of the log file Select "Overwrite existing log file" to replace the existing log file with the new one, then type the name of the log file, and then you can write the search results to the file.
if you just want to overwrite the log file, then type "sigverif /defscan" directly in the "Start → Run" dialog box, you can execute commands.
Example 4: Disable the Windows File Protection feature
have a folder named dllcache WindowsSystem32 directory under Windows 2000 /XP, and which holds a backup of important files, such as Windows XP There are 2169 important files in the dllcache folder, which occupies as much as 364.5MB. If Windows 2000/XP finds that a protected system file has been replaced or corrupted, it will be automatically restored from the dllcache folder.
If you need to free up some free space for some reason, you can empty the Dllcache folder by typing "sfc /purgecache" in the "Start → Run" dialog box. Note that there is a "/" before A space character in the English half-width, which will clear the file cache saved in the dllcache. However, Windows File Protection can only recover system files from the Windows installation CD, so you will often see a prompt to insert the Windows installation CD, so it is not recommended for friends to use this technique if you wish to disable Windows files. To protect, you can type "gpedit.msc" in the "Start → Run" dialog box to open the "Local Computer Policy → Computer Configuration → Administrative Templates → System" window, find the "Windows File Protection" group, and double-click in the right pane. The "Set Windows File Protection Scan" item is set to "Disabled", where you can also limit the size of the file protection cache and the location of the specified file protection cache.