Code signing only alows you to check if a certain executable was indeed
signed by a certain party. But it does in now way guarantee that the signed
code is well behaved. The moment the code is executed, it has pretty much
full control over your machine. When the executable is loaded, it will be
linked to whatever system DLL it wants, including kernel, gdi, user, and
thus has full access to the interfaces. Even if Microsoft prohibited this
static linking, the binary could perform kernel API calls by executing INT
assembly instructions and totally bypass the DLL interface layer. Executing
Active X controls on your machine exposes you to exactly the same risks as
executing full-blown EXEs.

Carsten Kuckuk

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]