Is it possible for a digitally signed application to be infected by a virus?
I downloaded "java development kit" from my college computer, the computer that I used to download the software was full of virus and malware. I scanned the software with antivirus program the software was ok . I checked the software properties and there was a Digital signature on the software.
So I wanted to ask following 2 questions :
Does a digital signature on application guarantees that it has not been infected by virus or altered by any means ?
Is it possible that the digital signature remains intact even after the software get infected by virus ?
Solution 1:
Yes, it is possible, but it is highly unlikely that you will be affected by such a thing. It does, happen, however.
A digital signature does not guarantee that a program is free from malware - yes, it's supposed to, but if someone cracks into a database and steals digital signatures / certificates they can sign whatever they please. If the verification path can be trusted, then a digital signature will tell whether the integrity of the program is compromised (i.e., the program has been modified after it was signed).