Mysterious digital signature in Windows 2 K/XP

Do you know? Microsoft released a digital-Signed SP2 version (right-click the file attribute window to view the digital signature information shown in Figure 1). What is this?

　　

Figure 1

　　I. Windows File Protection
In Windows Versions earlier than Windows 2000, software installed outside the operating system may overwrite some shared system files, such as dynamic link library (*. dll files), executable files (*..

To completely solve this problem, Microsoft introduced the "Windows File Protection" mechanism in Windows 2000 and Windows XP to prevent replacement of protected system files, including *. sys ,*. dll ,*. ocx ,*. ttf ,*. fon ,*. files such as exe, Windows files are protected to run automatically in the background, and all files installed by Windows Installer can be protected.

Windows File Protection can detect the intention of other programs to replace or move protected system files. So what is the basis for detection? In fact, Windows File Protection checks the digital signature of the file to determine whether the version of the new file is the correct Microsoft version. If the file version is incorrect, windows File Protection will automatically call the dllcache folder or the backup file stored in Windows to replace this file. If Windows File Protection cannot locate the corresponding file, it will prompt you to enter this location or insert the installation disc.

2. Recognize Digital Signatures

A digital signature allows user verification. If a file does not have a valid digital signature, it cannot be ensured that the file actually comes from the declared source, or it cannot be ensured that it has not been tampered with after release (possibly by virus tampering ). In this case, it is safer to open the file securely unless you are sure that the file creator knows its content. Otherwise, it is recommended that you do not open the file easily. For any hardware or software that has passed Microsoft's digital signature, the logo "Designed for Microsoft Windows XP" is usually displayed on the outer packaging.
When new software is installed on a computer, system files and device driver files are sometimes overwritten by unsigned or incompatible versions, resulting in system instability. Both the system files and the device driver files provided with Windows XP have Microsoft digital signatures, which indicates that these files are original and unchanged system files, or they have been approved by Microsoft for use in Windows. The file signature verification tool is provided in Windows 2000/XP (see figure 2) and Windows 9x provides the System File Checker ", we can use these tools to check the digital signature status of system files.

　　

Figure 2

By default, Windows File Protection is always enabled, while Windows digital signature files are allowed to replace existing files. Currently, signature files are distributed in the following ways: Windows Service Pack, patch distribution, operating system upgrade, Windows Update, and Windows Device Manager/type installer.

　　Iii. Digital signature instance show

After talking about it for a long time, apart from protecting system files, what benefits does digital signatures bring to common users? The following describes several instances:

Instance 1: Verify that the Windows XP core file is replaced

Currently, Windows XP has major enterprise versions and Lenovo's random version. How can we verify that the Windows XP at hand belongs to Microsoft's original version?

Here, we only need to check whether the Windows XP system file can pass the file signature verification. License and licdll. dll files are not listed in the list, which means your Windows XP has not been tampered.
　　

Figure 3
Instance 2: Driver Signature

Windows XP drivers all use Microsoft's WHQL digital signature. An icon is displayed when you view a digital signature driver. However, when we install or upgrade the device driver, we often see the warning message shown in figure 4, saying that it was not tested using the Windows logo and could not verify its compatibility with Windows XP ", in fact, this is the file protection function of Windows XP, in order to reduce the risk of Users Installing unprotected drivers, of course, you only need to select the "continue" button to ignore this prompt and complete the driver installation.
　　

　　

Figure 4 if you think this warning box is annoying, you can open the System Properties window, switch to the hardware option page, and click the driver signature button to enter the figure 5 window, there are three options for "file Signature Verification:

] Ignore: allow the computer to install all device drivers, regardless of whether they have a digital signature.

Warning a warning message is displayed when the installer tries to install a device driver without a digital signature, which is the default behavior of Windows XP.

Blocking: prevents the installer from installing device drivers without digital signatures.

Obviously, if you select the "Ignore" option and set it to the system default option, no signature verification warning will pop up when you install or upgrade the driver.

Instance 3: Write digital signature information to the log file

Open the "file Signature Verification" window, click the "advanced" button to enter the "advanced file signature verification Settings" dialog box, switch to the "Recording in progress" tab, select the "save file signature verification result to a log file" check box (see figure 5 ), if you select "attach to existing Log File", you can add new search results to the end of the log file, select "rewrite existing Log File" to replace the existing log file with the new log file. Then, enter the name of the log file to write the search results to the file.

If you only want to overwrite the log file, type the "sigverif/defscan" command in the "Start> Run" dialog box to execute the command.

Instance 4: Disable Windows File Protection

In the Windows 2000/XP WindowsSystem32 directory, there is a folder named dllcache, which stores the backup of important files. For example, the Windows XP dllcache folder contains 2169 important files, occupying MB. If Windows 2000/XP finds that a protected system file is replaced or damaged, it will be automatically restored from the dllcache folder.

If you need to free up some available space for some reason, you can enter the "sfc/purgecache" command in the "Start> Run" dialog box to clear the Dllcache folder, note that there is a space character in front of "/". This will clear the File Cache stored in the dllcache. However, in this way, Windows File Protection can only recover system files from the Windows installation CD, so you will often see a prompt for inserting a Windows installation CD, so we do not recommend that you use this technique, if you want to disable Windows File Protection, type "gpedit. msc opens the "Local Computer Policy> Computer Configuration> management template> System" window, finds the "Windows File Protection" group, and double-click the "set Windows File Protection scan" item in the right pane, set it to "disabled". You can also limit the File Protection Cache size and specify the File Protection Cache location.