> And presumably those certificates are revoked, or will be revoked soon.

The way code signing works means this doesn't matter. So long as the certificate wasn't revoked when the file was signed, the signature will be indefinitely valid.

Ignoring the fact good AVs are difficult to evade because of things like behavior blocking and heuristics, you also won't be able to protect yourself against adware, because they are borderline legal and are almost always signed.

Of course code signing could allow revocation, not sure what you mean by it not being done currently.

Antivirus doesn't stop adware either, does it? If you're going to start disallowing certain software it's going to be far easier to do it based on certificates than it will be on heuristics.

Doing revocation checks on every executable whenever it's launched would introduce non-trivial latency with starting applications and a _lot_ of load on revocation servers. It probably wouldn't be feasible.

And yes, AVs stop adware ("potentially unwanted programs") unless you tell them not to.

Not sure why you'd check revocation servers on every launch... Check when launched the first time, and then the system checks for new revocations periodically; let's say as frequently as AV software checks for definition updates.

As for adware, if AV can stop it, code-signing methods can do it more efficiently and cheaper.