On Mon, Apr 6, 2009 at 2:47 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote: > Ben Laurie <benl at google.com> writes: > >>I find it pretty annoying that signing widgets is described as a "trust and >>quality assurance mechanism". > > It's a valid comment though. A large-scale study (from Microsoft's malware > research group) has shown that the majority of CA-certified signed malware is > in the "severe" or "high-risk" category. So seeing a signature on malware > provides a high level of trust that this is the high-quality stuff you're > seeing and not some cheap knockoff. Awesome! Link? > > Peter. > >
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.