Site hosted by Build your free website today!



MS signed software seems to have very special privileges with regard to software signed by other publishers.
This demo is intended to demonstrate that MS signed code has the power of override IE security settings .
I have only tested IE 5.01 ,  IE 4.01 and IE 5 with all the security fixes . Note that the back door I am describing can also be used by HTML e-mail messages.
The affected component is the Install Engine Control (Active Setup), this  ActiveX component is not well  documented the only documentation I know is here.

Before run the demos below make sure that your security setting  "Download signed ActiveX" controls is set to "prompt" which is the default value for this option. You must also make sure that you do not have a permanent trust to MS signed software.Permanent  trusts are stored in the registry branch :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database

Standar behaviour of signed code

Because I am a poor man I can't spend 400$ to buy a Software Developer ID certificate for Authenticode (This link will also provide you a lot of info about code signing technologies).   If you want to look at the demo you must first download and install a home made certificate by clicking in the line below.

Install a Home Made Root CA Certificate.

Select "Open in this file from its current location" and then OK, in the subsequent window click "Install Certificate" and then Next Next and Finish .

After the certificate has been installed push the button below to execute the demo. The demo will show you how signed software will prompt  the user before execution .

Do not forget to remove the certificate, select your IE Internet Options screen select the content tab click certificates select the tab Trusted Root Certification Authorities click on the line "Certificados JC" and then push the Remove button.

The behaviour of MS signed code

Now we'll see what happen when the software has been signed by MS. I have prepared a dummy demo that will install nothing. But the important thing is that the installer program will start without prompt the user (I could install any of the IE 5 components on your system but I prefer to leave your system as it is).


It seems that MS signed code has a very  "special treatment" . I would conclude that MS has a back door to install and execute software without the user approval.

How to close the back door

Disable the "Download signed ActiveX" security option" . But  this solution  will also forbid other software manufacturers to offer you  their software in the clear way,  that is : asking before install.
As usual, you can also disable JavaScripting as an alternative to the first solution.


In the news

Cinco Días

Why is MS signature so special ?

Created by Juan Carlos G. Cuartango

Visitors since 02-07-2000

Updated 03-03-2000