1. Field of the Invention
This invention pertains in general to computer security and in particular to preventing malicious and/or unauthorized code (i.e., malware) from executing on a computer system through code signing by a certificate authority.
2. Description of the Related Art
A parasitic computer virus typically infects a computer system by inserting viral code into other executable programs stored on the computer system. This code can infect other files and/or computer systems, destroy data on the computer system, or perform other malicious actions. Other types of malicious code, including Trojan horses, worms, keystroke grabbers, etc. can also damage computer systems. Thus, there is a strong desire to prevent viruses and other malicious code from infecting and/or executing on a computer system.
One technique for preventing attacks is to establish mechanisms for detecting whether software has been altered by a virus or other malicious code. Code signing is one technique for detecting alterations. Digitally signed code includes values in computer programs that the computer system can use to detect whether the code has been altered. Code signing thus prevents tampering with executable content.
In conventional systems, a software developer obtains signing keys and a corresponding digital certificate from a certificate authority (CA) in order to sign code. The digital certificate may be used by the software developer until the certificate expires. At that time, the certificate must be renewed by the certificate authority that issued the certificate. However, during the period of time in which the certificate is valid, the software developer need not further interact with the certificate authority. Thus, the usage of the signing keys is unknown to the certificate authority.
Malware authors have begun stealing code signing certificates from legitimate software companies as well as registering certificates under numerous false business names. Because the certificate authority is not aware of the usage of the digital certificates, the malware authors are able to use the legitimate certificates to digitally sign malware. By digitally signing malware, anti-malware systems are circumvented because these systems often give higher trust to signed software and assume that the signed code is non-malicious.
Accordingly, there is a need to address problems created by stolen and/or misused digital certificates.