Open eiqnepm opened 2 months ago
TomfromBerlin
commented
2 months ago Microsoft certificates for signing applications have already been abused to inject malware into systems. See the following article. https://borncity.com/win/2022/12/16/microsoft-certificates-misused-to-sign-malware-dec-2022/ Even though the article is older, the incident is still a good example of how giving up control can be risky.
eiqnepm
commented
1 month ago Microsoft certificates for signing applications have already been abused to inject malware into systems. See the following article. https://borncity.com/win/2022/12/16/microsoft-certificates-misused-to-sign-malware-dec-2022/ Even though the article is older, the incident is still a good example of how giving up control can be risky.
I'm aware of the risks of automatically allowing signed software internet access, however considering the default on Windows is to allow all software internet access, allowing just signed software is still a security improvement, a security improvement with a much lower impact to convenience at that. I have been using Windows Firewall Control as it has this feature, however I would like to use simplewall given I was able to automatically allow signed software.
I know Windows certificates aren't impenetrable, however it's certainly not commonplace for day-to-day malware to exploit them, as the vast majority of malware is unsigned.
Malware can also use binaries shipped with Windows that are likely to have internet access to bypass executable based firewalls, however once again this isn't commonplace as the target is the default firewall of Windows.
Is there a feature to automatically allow signed apps like in Malwarebytes Windows Firewall Control?
App version: 3.8.3 Windows version: 22631.4112