Tuesday, 27 August 2013

Why do large organisations still not sign various EXEs?

Why do large organisations still not sign various EXEs?

We run a controlled Windows 7 environment and have several applications
that are digitally signed by the publisher that run under user context
fine. However, even now we still get vendors large and small providing us
with non signed exe which we have to create "hash rules" in AppLocker that
need updating every time the software is updating.
In some cases we get an application from a vendor that has a mixture of
both signed and unsigned executables. This infuriates me!
I was just wondering, why would these companies not simply sign all their
software? Is it just sloppy development or is there a genuine reason such
as a cost per exe signed?

No comments:

Post a Comment