I have been trying to find some answers to some very simple questions, but I am having no luck. I am writing a program to help us identify potential viruses easily. I think I know the answer, but really need to verify that I am correct.
Here are the questions.
#1. I would assume that a virus writer could digitally sign their own file, but could they digitally sign it as Microsoft or some other legitimate company?
#2. Does a digitally signed file just guarantee that the file has not been altered or does it also guarantee that is is from the company it says its from?
#3. To summarize my questions, If a file passes verification using a tool like signtool.exe, does that guarantee it is not a virus or does that just mean that the file is unchanged and is from the company it says it's from?
Any other useful info or explanations would be greatly appreciated.