Concerned about the integrity of the web installer I used
Moderators: FranklinDM, Lootyhoof
Concerned about the integrity of the web installer I used
I read the "Data Breach Post-Mortem" post and I have concerns about the installer I downloaded and ran on one of my computers last year. It was downloaded & ran on 15-02-2018. The file name is "palemoon-websetup.exe" and it is 776KB and the version in the details states 5.2.0.97.
I was not very concerned initially as the post states it is only archived files affected and I would have downloaded it from the palemoon main website. However I ran a powershell script to get the hash details of the above and the SHA256 is: 286588A186ADFFD4719DBB725131DF17F06CFC5AB3F11B762635D7FDCB39942F . There does not seem to be any such hash number listed on https://pastebin.com/Lp27meQe (the page you linked to with clean hashes). I wondered if that was only because the page lists the full & portable 32bit & 64bit installers only, but then I saw on your downloads page on palemoon that the web installer has been removed due to a security issue.
So now I'm worried that the file I used was one of the infected installers. I do not recall my AV complaining when I ran the file, but obviously this a while ago so I may have forgotten.
Please could "Moonchild" or someone who knows about the web installer hashes advise me about the integrity of this file. It is detected by just one engine in virustotal: https://www.virustotal.com/gui/file/286 ... /detection
I was not very concerned initially as the post states it is only archived files affected and I would have downloaded it from the palemoon main website. However I ran a powershell script to get the hash details of the above and the SHA256 is: 286588A186ADFFD4719DBB725131DF17F06CFC5AB3F11B762635D7FDCB39942F . There does not seem to be any such hash number listed on https://pastebin.com/Lp27meQe (the page you linked to with clean hashes). I wondered if that was only because the page lists the full & portable 32bit & 64bit installers only, but then I saw on your downloads page on palemoon that the web installer has been removed due to a security issue.
So now I'm worried that the file I used was one of the infected installers. I do not recall my AV complaining when I ran the file, but obviously this a while ago so I may have forgotten.
Please could "Moonchild" or someone who knows about the web installer hashes advise me about the integrity of this file. It is detected by just one engine in virustotal: https://www.virustotal.com/gui/file/286 ... /detection
Re: Concerned about the integrity of the web installer I used
Web installers/stub installers are no longer used due to concerns about it insecurely loading dlls.
There is no use for this program anymore, as on-line installations are no longer a thing at this time. So, you can just delete it.
As for its integrity, the web installer was never archived on the archive server to my knowledge so should never have been compromised. Do note that all web installers were code-signed so it should have a digital signature if unmodified.
There is no use for this program anymore, as on-line installations are no longer a thing at this time. So, you can just delete it.
As for its integrity, the web installer was never archived on the archive server to my knowledge so should never have been compromised. Do note that all web installers were code-signed so it should have a digital signature if unmodified.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Concerned about the integrity of the web installer I used
I apologize for the dumb question.
I think I have never used the archive server, but i've been using PM for long and I'm not sure. I have run an antivirus scan and everything seems fine. One last thing remains to be done to be totally sure I'm ok, checking the hashes.
But I never checked the signature of a file and I dunno where to start regarding a program that's already being installed. The only times I did it it was after the download to see if it was ok, but once it's on, what do I do?
Once again apologies for the dumb question, could anyone give me a link to a site explaining the steps with simple words and little techincal language?
Thanks
PS the linux files are all ok, correct? I have a dual boot system... PM on both ends.
I think I have never used the archive server, but i've been using PM for long and I'm not sure. I have run an antivirus scan and everything seems fine. One last thing remains to be done to be totally sure I'm ok, checking the hashes.
But I never checked the signature of a file and I dunno where to start regarding a program that's already being installed. The only times I did it it was after the download to see if it was ok, but once it's on, what do I do?
Once again apologies for the dumb question, could anyone give me a link to a site explaining the steps with simple words and little techincal language?
Thanks
PS the linux files are all ok, correct? I have a dual boot system... PM on both ends.
Re: Concerned about the integrity of the web installer I used
To check the digital signature of a windows executable, right-click the .exe in explorer, select "properties".
It will have a tab "Digital signatures" for signed executables. As for your Linux question: Only Windows .exe files were affected, and at that only the .exe files of the installers and portables. (zip files and files *inside* the installers or archives were not touched, as I already stated a few times).
It will have a tab "Digital signatures" for signed executables. As for your Linux question: Only Windows .exe files were affected, and at that only the .exe files of the installers and portables. (zip files and files *inside* the installers or archives were not touched, as I already stated a few times).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Concerned about the integrity of the web installer I used
Potentially, even a corrupted file will have that too.It will have a tab "Digital signatures" for signed executables.
AFAIK (I know just about nothing about such things), but you'd have to actually click (Mark Straver) -> Details, & verify that "This digital signature is OK".
. .
.
Alternatively, a tool like sigcheck (for which there are GUIs too).
Code: Select all
Sigcheck v2.71 - File version and signature viewer
Copyright (C) 2004-2018 Mark Russinovich
Sysinternals - www.sysinternals.com
Y:\XOUT\DAILYMOTION\palemoon.exe:
Verified: The digital signature of the object did not verify.
Link date: 07:23 PM 06/29/2019
Publisher: n/a
Company: Moonchild Productions
Description: Pale Moon web browser
Product: Pale Moon
Prod version: 28.6.0
File version: 4.3.0
MachineType: 64-bit
Verified: The digital signature of the object did not verify.
Re: Concerned about the integrity of the web installer I used
I'm pretty sure if a file is not just hexedited/corrupted but actually infected with malware, that it actually no longer shows the digital signature (due to the fact that these kinds of file changes tend to destroy overlays and extra-data containers...)
At least the builds that were infected on the archive server no longer have a digital signature, at all.
At least the builds that were infected on the archive server no longer have a digital signature, at all.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Concerned about the integrity of the web installer I used
Heh, OK thanks for the clarification (in your edit).
That makes more sense.
In any case, if there is a Digital Signature, it certainly can't hurt to take that extra step, click Details, & verify that is does in fact say, "OK".
-------
You're getting beyond me...
Just stating that the simple existence of a digital signature does not mean that it is valid, or that the file has not been tampered with.
That makes more sense.
In any case, if there is a Digital Signature, it certainly can't hurt to take that extra step, click Details, & verify that is does in fact say, "OK".
-------
You're getting beyond me...
Just stating that the simple existence of a digital signature does not mean that it is valid, or that the file has not been tampered with.
Code: Select all
Sigcheck v2.71 - File version and signature viewer
Copyright (C) 2004-2018 Mark Russinovich
Sysinternals - www.sysinternals.com
Y:\XOUT\DAILYMOTION\palemoon-26.4.0.Atom.WinXP.installer (XP).exe:
Verified: The digital signature of the object did not verify.
Link date: 12:50 PM 06/14/2013
Publisher: n/a
Company: Moonchild Productions
Description: Pale Moon
Product: Pale Moon
Prod version: 24.x
File version: n/a
MachineType: 32-bit
Y:\XOUT\DAILYMOTION\palemoon-26.4.0.Atom.WinXP.installer (XP).bak.exe:
Verified: Signed
Signing date: 04:43 AM 08/15/2016
Publisher: Markus Straver
Company: Moonchild Productions
Description: Pale Moon
Product: Pale Moon
Prod version: 24.x
File version: n/a
MachineType: 32-bit
Volume in drive Y is Y-NOT
Directory of Y:\XOUT\DAILYMOTION
07/13/2019 10:16 AM 20,053,976 palemoon-26.4.0.Atom.WinXP.installer (XP).exe
08/15/2016 04:51 AM 20,053,976 palemoon-26.4.0.Atom.WinXP.installer (XP).bak.exe
2 File(s) 40,107,952 bytes