Does code-signing without strong-naming leave your app open to abuse?

Question

Trying to get my head around authenticode code-signing and strong-naming.

Am I right in thinking that if I code-sign an exe that references a few dlls (not strong named)

Answer 1

Once someone can replace dll's or run code on your machine there arent that many safeguards left to you. In my case all the Dll's are code signed individually. My code refuses to download Dll's that are not signed as part of the self update. However any app running at my integrity level or higher on my system (In the case of >= Vista Windows) can still inject a dll into my exe with something like CreateRemoteThread etc (http://www.codeguru.com/Cpp/W-P/dll/article.php/c105) But again assuming someone can get foreign code into the system is the hard part. The rest is easy.