Currently Total Commander doesn't display if a plugin is digitally signed by its author or not. Since plugins are DLLs, which can do whatever parent process (Total Commander) does, I think it would be good for users to know if a plugin was digitally signed or not.
I did sign the SFTP plugin with dependencies build in, but the user has to go to totalcmd\plugins\wfx\sftpplug\sftpplug.wfx[64] and then hit file properties -> Digital Signatures to find out more information.
Total Commander should do this check before even installing the plugin and display some information to the user. MSDN provides an example on how to do this.
Authenticode might be a burden for plugin authors, but it should be a win for all Total Commander plugin users.
digital signatures for plugins
Moderators: Hacker, petermad, Stefan2, white
I got mine for free from Certum, see this Stackoverflow entry. You have to live with the "Open Source Developer" stigmaMVV wrote:Are you really sure that so many plugin writers can/will buy a certificate? I don't think so. Most plugins will be unsigned anyway.
And, there are a lot of other ways of injecting malicious code except infecting plugins. So there should be another level of protection, not by TC means.
Christian Ghisler signs his plugins and its a good way to know if a binary has been tempered with.
If everyone may self-sign a plugin, virus may do it too...
However I think signature checking may be done in a form of TC plugin which will show unsigned plugins (it may be setup for autorun to be loaded automatically). Additionally such plugin may sigh unsigned plugins with some certificate just to be sure that all plugins are signed.
However I think signature checking may be done in a form of TC plugin which will show unsigned plugins (it may be setup for autorun to be loaded automatically). Additionally such plugin may sigh unsigned plugins with some certificate just to be sure that all plugins are signed.
Sorry, but like MVV said:
If everyone can add a signature to their files, virus developers can too.
A signature is only worth how much users trust that third party.
But what is the security gain, besides the check at install time?
Most likely users will check the popular plug-ins first anyway, so you could always countercheck with things like virustotal, etc.
I think a bigger problem is plug-ins files being tempered with, after they are installed.
Using a hash system in TC would be much more efficient, to detect such files.
Before installing a plug-in, TC will ask the user if he wants to scan the file first or does other measures to make sure that the file is clean.
TC will then create hash sums of the main plug-in DLL file, and stores it in a secure location, that can't be tempered with by users without losing it's integrity (like the password store).
Now for every plug-in load TC will check the hash, and if not equal, it warns the user about a tempered file and inhibits loading.
Of course, the initial check for trust would still be the problem.
There are ways in Windows to automatically check for program file integrity by the OS.
But:
If everyone can add a signature to their files, virus developers can too.
A signature is only worth how much users trust that third party.
But what is the security gain, besides the check at install time?
Most likely users will check the popular plug-ins first anyway, so you could always countercheck with things like virustotal, etc.
I think a bigger problem is plug-ins files being tempered with, after they are installed.
Using a hash system in TC would be much more efficient, to detect such files.
Before installing a plug-in, TC will ask the user if he wants to scan the file first or does other measures to make sure that the file is clean.
TC will then create hash sums of the main plug-in DLL file, and stores it in a secure location, that can't be tempered with by users without losing it's integrity (like the password store).
Now for every plug-in load TC will check the hash, and if not equal, it warns the user about a tempered file and inhibits loading.
Of course, the initial check for trust would still be the problem.
There are ways in Windows to automatically check for program file integrity by the OS.
But:
- TC can't be used portable that way
- You can't just overwrite files manually any more
- TC needs a new trusted installer, most likely MSI style
- The plug-ins installation will probably not work the way it is now (every plug-in would need to be a .msp package)
TC plugins: PCREsearch and RegXtract
drac,
I am not really sure I understand. If I sign my malware plugin it would still be malware. If I am afraid the DLL has been tampered with I check the hash. Perhaps a hash check would be equivalent? Am I missing something?
Roman
I am not really sure I understand. If I sign my malware plugin it would still be malware. If I am afraid the DLL has been tampered with I check the hash. Perhaps a hash check would be equivalent? Am I missing something?
Roman
Mal angenommen, du drückst Strg+F, wählst die FTP-Verbindung (mit gespeichertem Passwort), klickst aber nicht auf Verbinden, sondern fällst tot um.