I bet it would be a better idea to verify the signature - ask Microsoft for the public portion of their X.509 signing key to verify the integrity of system files.
The AV package would use it's own copy of Microsoft's public key since it would have no way of knowing if the key store was somehow compromised. Ben Scott wrote: >> I wonder why the AV companies don't find a better way >> to prevent something like this, do not delete digitally >> signed files, something. > Anything they did, the attackers could do, too. > > You're asking for the inverse of the "evil bit" defined in RFC-3514 > -- a "good bit" that can be set on files that aren't dangerous. -- Phil Brutsche [EMAIL PROTECTED] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
