This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Are the updates in the sophos virus removal tool digitally signed? I see that they are not sent over an SSL connection so I'm wondering how the tool knows the updates have not been tampered with.

Would like to understand how sophos guarantees the integrity of the update files for svrt



This thread was automatically locked due to age.
Parents
  • Hello Jim Bob,

    [I'm not Sophos]
    the individual IDEs are in a format that should ensure internal integrity and validity. The Warehouse (that's where the stuff is downloaded from) uses checksums and signed catalogs that enable the downloader to verify its and the download's integrity and completeness. Note that the detection data (IDEs and VDLs) are platform independent and SVRT comes with its own certs.

    Christian

Reply
  • Hello Jim Bob,

    [I'm not Sophos]
    the individual IDEs are in a format that should ensure internal integrity and validity. The Warehouse (that's where the stuff is downloaded from) uses checksums and signed catalogs that enable the downloader to verify its and the download's integrity and completeness. Note that the detection data (IDEs and VDLs) are platform independent and SVRT comes with its own certs.

    Christian

Children
No Data