Antivirus doesn’t check signed code?
Does the OS check that the signature is valid (correct checksum or whatever)?
If the OS doesn't check that signed code is correctly signed then what is the point of signing code?
If the OS has robust checks then it might be just about acceptable for the antivirus to skip a detailed check because it knows code with a fake signature won't be allowed to run anyway. Not that this seems particularly desirable but it would be interesting to know how much of a real world problem this is.
Are we all at immediate risk or is this just a case of laziness/performance optimisation by the antivirus community with no real impact on the end user? Serious question. The article doesn’t say how worried we should be (if at all). No "get updating" message, for example.
The obvious problem is a known virus correctly signed with a compromised certificate, which apparently isn't checked. The problem cited where a signature is just copied from good code and the check is skipped may be a problem or just a red herring.
As others have said, name and shame please.