How can I verify that the software is trustworthy? Have you been tampered with?

In addition to validating a Web site, a certificate can be used to verify that a file has been tampered with. Software developers need to purchase a code signing certificate to the published software signature to verify the source and completeness of the software code. The following specifically tells you how to verify the digital signature of the file. Just take the example of Windows.

For example, I have a Firefox installation file (with a digital signature) on hand. When I look at the properties of the file, I see the following interface. A good-looking classmate will notice that there is a " digital signature " tab on it. If this tab does not appear, the file does not have a digital signature attached.
650) this.width=650; "src=" Http://www.evtrust.com/knowledge/images/sign-1.png "height=" 578 "width=" 540 "alt=" Sign-1.png "/>

Select the tab and see the following screen.

By the way, some digital signatures do not contain "e-mail Address", then this item will be "not available"; Similarly, some digital signatures do not contain "timestamps", and "unavailable" is also displayed. Don't be nervous, the "unavailable" shown here is not the same as the validity of the digital signature.

650) this.width=650; "src=" Http://www.evtrust.com/knowledge/images/sign-2.png "alt=" Sign-2.png "/>

In general, there is only one signature in the signature list. Select it and click the Details button. Jump out of the following screen: Usually this interface will display a line of words: " the digital signature is normal " (The red circle marked in the figure). If there is this line of words, it means that the file from the factory to your hands, Midway has not been tampered with (is the original drip, is pure drop). 650) this.width=650; "src=" Http://www.evtrust.com/knowledge/images/sign-3.png "height=" 548 "width=" 540 "alt=" Sign-3.png "/>

If the file has been tampered with (for example, infected with a virus and is injected into a trojan), a warning appears in the dialog box that " the digital signature is invalid " (The red circle is marked in the figure). Interface as follows: 650) this.width=650; "src=" Http://www.evtrust.com/knowledge/images/sign-4.png "height=" 548 "width=" 540 "alt=" Sign-4.png "/>

Whether your signature is normal or not, you can click the "View Certificate" button. At this point, the dialog box will jump out of the certificate. as follows: 650) this.width=650; "src=" Http://www.evtrust.com/knowledge/images/sign-5.png "height=" 548 "width=" 540 "alt=" Sign-5.png "/>650) this.width=650;" src= "Http://www.evtrust.com/knowledge/images/sign-6.png" height= "548" width= "540" alt= "Sign-6.png"/>

From the latter interface, you can see the certificate trust chain I just said. The chain of trust in the figure is 3 layers:

The 1th tier is the root certificate (Thawte Premium Server CA).

The 2nd layer is a certificate Thawte specifically used to sign.

The 3rd layer is Mozilla's own certificate.

Most well-known companies (or organizations) currently have digital signatures for published executables (such as software installation packages, drivers, security patches). You can go and see for yourself.

We recommend that you first see if you have a digital signature before installing the software. If there is one, follow the steps above to verify it. Once the digital signature is bad, don't pretend to.

How can I verify that the software is trustworthy? Have you been tampered with?