AMD using expired code-signing cert (Edit: older drivers are not signed properly)

[DaveSimmons]

It's not very reassuring when I download a Catalyst update and get a UAC prompt for running a file C : \Users\David\AppData\Local\Temp\tmp9D93.exe from "Unknown Publisher."

I checked the EXE file and there is a Verisign cert used, but it was for ATI not AMD and expired January 8. Also, there is no version for the EXE in the details.

AMD, you need to spend the $500/year for your cert just like we do.

Edit: ah, looking at the digital signature they did not use a timestamp for when it was signed, so it can't be validated after it expired. So this EXE was probably created last year and they didn't sign it using best practices, just well enough to work until January.

 

[Sabrewings]

AMD, you need to spend the $500/year for your cert just like we do.

Haven't you seen the latest financial reports? They're kinda broke.

 

[railven]

Haven't you seen the latest financial reports? They're kinda broke.

Nice!

 

[3DVagabond]

Because that certification makes them better?

 

[DaveSimmons]

Because that certification makes them better?

If an EXE is code-signed with a valid, non-expired certificate it tells you two things:

a) The EXE was really created by AMD not someone else.
b) The EXE has not been altered. Changing even one byte in the file will invalidate the signature.

So yep, a properly signed EXE is a better EXE. At work we sign both our program files and the InstallShield setups.

 

[3DVagabond]

If an EXE is code-signed with a valid, non-expired certificate it tells you two things:

a) The EXE was really created by AMD not someone else.
b) The EXE has not been altered. Changing even one byte in the file will invalidate the signature.

So yep, a properly signed EXE is a better EXE. At work we sign both our program files and the InstallShield setups.

So you think someone got a hold of the cert that AMD used in January and is using it? What drivers, BTW?

Sorry, but I just don't understand.

 

[Sabrewings]

Because that certification makes them better?

So we should just throw the entire PKI system out the window then, eh?

 

[DaveSimmons]

So you think someone got a hold of the cert that AMD used in January and is using it? What drivers, BTW?

Sorry, but I just don't understand.

The main Catalyst update. I checked for updates at work yesterday since I've started getting "driver has restarted" messages again.

Having a valid signed EXE tells you that it really came from AMD and not (for example) a hacked website, hijacked DNS entry, or some other man-in-the-middle exploit between you and the real download. It also tells you that there isn't an infection on your own PC that has altered the file.

Sure, all of that is unlikely for AMD, but major company websites like theirs have been hacked before.

 

[Elixer]

Hmm?

 

[Piotrsama]

Are you installing some legacy driver or something old?
What's the file name/version?

 

[DaveSimmons]

This is for the 6670 in my Dell at work.

Driver Packaging Version 14.10.1006-140417a-171099C
AMD Catalyst Control Center Version 2014.0417.2226.38446

Hmm, given the "2014" and Elixer's results it might just be older cards that get invalid signatures downloading updates in CCC.

Edit: ah, looking at the digital signature they did not use a timestamp for when it was signed, so it can't be validated after it expired. The version resource doesn't include a version or copyright date so it's not obvious when it was created or signed. Sloppy.

This EXE was probably created last year and they didn't sign it using best practices, just well enough to work until January. I've updated the OP and title to reflect this.