Home   Cover Cover Cover Cover


Question: Explain why it is virtually impossible for viruses to manipulate a signed assembly.

Answer: A signed assembly contains the digital signiture of its author. This signature encodes a check sum which is generated from all bytes of the assembly.

When the assembly is loaded a new check sum is computed from the bytes of the assembly and compared with the checksum from the signature. If a virus changes or adds a single byte in the assembly a different check sum will result, which does not match the check sum in the signature.

The check sum in the digital signature cannot be modified by the virus, because that would require the private key of the author, which only the author has.