I might be missing something but since code signing certificates get stolen shouldn't AV products ignore them and treat signed EXEs like any other?
-
-
Excluding signed apps is a performance hack, one that can make your product look better on benchmarks than those that don't use it. However I'm questioning how much time you can save as checking the signature also requires you to read the entire file.
-
Which makes the assumption that the AV software is checking for a *valid* signature, as opposed to *a* signature.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.