The last time I saw this, I looked at the details. The reason the signing certificate was being flagged was because the verification code was unable to find a current revocation list, so was unable to certify that the certificate was still valid. This means the certificate source is trusted and the certificate itself is not expired, but that the software could not guarantee that the Certification Authority had not issued a revocation for the certificate.
For my part, that was a "good enough" confidence level to proceed with the installation. But I would never proceed without checking the reason a signature was flagged. This does beg the question of why a valid CRL wasn't available though. -----Original Message----- From: Eric [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 2:56 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Unsigned Windows 2000 Patches All security patches are signed. Once you download the file, right click on it and view properties, you should see a tab for digital signatures. If you expand the signed package, the files within the patch won't have a digital signatures tab, however, after you install it, run sigverif.exe and you can verify that all the files are now signed (the CAT file registers all the files as signed) What gave you the error messages below? Had you enabled a security policy on your system to "not install unsigned drivers"? I've found that this will usually cause problems as it views the files as unsigned before they are registered via the CAT file. At 04:32 PM 2/21/2002 +0800, [EMAIL PROTECTED] wrote: >Hi, > >Recently, when I try to download patches from Microsoft I get the messages >"Unknown Software Package", "The Software you are trying to install is not >signed." "Microsoft cannot guarantee that this software will work with >Windows." etc. > >Is this just temporary or is this the extension of the Mircrosoft >"We-don't-test-our-software-and-don't-guarantee-it-is-working-and-if-you-us e-it-you-have-to-blame-only-yourself-Policy" > >towards the patches? > >What is safer, install no patches or install unsigned patches? > >Cheers, >Andreas
