How to Know If Digital Signatures Are Legit?


danielm92 User
post: 1uploads: 0
17 July 2016
1
I've downloaded "GOG" games from here before and they seem pretty legit but I want to know if there is a way to prove this. What if there's some hidden malware that I can't detect, you know?

I've tried to verify setup files with MD5/SHA-1 but I soon realized that this won't work because there doesn't seem to be any hashes to compare to on the GOG website and apparently they change with updates and things.

So then I realized that there are these things called digital signatures but I don't really understand them and they look kind of sketchy with just the name of the company and signer appearing, basically I can't tell them apart from normal metadata (can the signatures be fake?). Windows always reports that the signature is "OK" but I don't what that actually means. Here's an example of what I'm seeing:

image
image

Sorry if this is in the wrong category. I saw the security section but it wouldn't let me post there (seemed to be reserved for important people).

Report a bug Open chat