0

This Stackoverflow question shows how to modify version information in some classes of binary files, like DLLs. I often rely on the version information as one metric (amongst many) for peace of mind that a binary is legitimate. I'm sure I'm not alone. If the "Company" or "Publisher" says "Microsoft Corporation" you probably can't be blamed for letting your guard down, at least a bit.

My question is whether this version information was ever considered reliable? Was I just being an idiot for thinking this is a useful bit of information?

Note: This Superuser question has a high-rated answer that suggests using the fantastic utility Autoruns as one of the tools for detecting system problems, including malware. Worryingly, I managed to spoof Autoruns by manually editing the "Publisher" of a listed DLL from "Oracle Corporation" to "HonkyTonks"...

Community
  • 1
AlainD
  • 4,447
  • 15
  • 49
  • 96
  • 2
    None of that data can be trusted unless the executable is signed and you've [verified that signature](http://stackoverflow.com/a/386606/94928). – heavyd Feb 02 '16 at 16:25
  • 1
    If the file isn't signed then it doesn't matter what it says. Which is the reason Microsoft signs everything. – Ramhound Feb 02 '16 at 17:44
  • So digital-signing is the answer and I should rely on version information with a large measure of scepticism. Got it, thanks for the comments! – AlainD Feb 03 '16 at 10:31

1 Answers1

0

As per @heavyd comment, none of that data can be trusted unless the executable is signed and you've verified that signature.

If the file isn't signed then it doesn't matter what it says.

Community
  • 1
kenorb
  • 24,736
  • 27
  • 129
  • 199