Is there a way i could bundle virus protection(a kind of virus shield) for my final .exe?
A:
If you want to prevent modification of your executable files, you can save checksums of them and check them when application is started.
Athari
2010-10-31 10:41:40
What if a change is detected
objectiveME
2010-10-31 10:44:18
You can stop running and warn the user. You can try restoring from previously created backup.
Athari
2010-10-31 10:55:35
+2
A:
You could digitally sign your exe and check if the exe is signed by you on startup.
Or you can just embed a hash of the exe. The problem is that you need to arrange it so that the hashing ignores the place where the hash is embedded since else the hash changes the hash.
CodeInChaos
2010-10-31 10:44:42
With .NET, all you need to do is define a strong key. Visual Studio will then do the signing automagically.
Quandary
2010-10-31 10:59:52
+3
A:
If they edit your program (what you are trying to guard against), then they will remove any checks you add, or bypass them.
Your only real option (that won't eventually be circumvented) is to install as admin, and rely on virus scanning software on the user's system.
If your program is .NET, then you can do code signing, and install the real guts of your program in the GAC, as .DLLs, and leave only your .exe unprotected. Then at least most of your program would be guarded by elevation/admin access being required to modify it.
No matter what solution you use, if hackers get admin access on the box, there is nothing you can do to protect your program.
If you're trying to protect your server, then don't trust client programs - program checks and attack protections into the server software. And of course, learn about security, and perform IT best practices to make sure your server isn't cracked, and if it does get cracked, doesn't give much advantage to the hacker.
Merlyn Morgan-Graham
2010-10-31 10:56:42
You're right if the program is specifically targeted by a hacker. But if an unspecific infection by a virus which tries to infect any .exe it finds can be prevented.
CodeInChaos
2010-10-31 11:15:20
@CodeInChaos: What are you trying to prevent - the computer from getting a virus, or for it to somehow attach to your program? If it isn't targeting your program specifically, what will it gain from your program that it wouldn't *better* gain from hacking a system file?
Merlyn Morgan-Graham
2010-10-31 11:21:01
@CodeInChaos: You're free to write whatever you want into your program. But if anyone cares enough they're either a) going to hack some other program that isn't as vigilant as you are, b) going to hack system files, so any APIs you use are jeopordized, and you're hosed anyhow, or c) hack your specific code. In any case, you've wasted your time. It is a virus scanner's job to protect a system from viruses, because viruses will always be able to attach to programs, one way or another, once the admin access barrier is breached
Merlyn Morgan-Graham
2010-10-31 11:25:21
You're absolutely right. A program can't protect itself against a hacker trying to hack that program. And self integrity checks are rather useless. But there are many, mainly older viruses which just append themselves to any program they find and rewrite it to call the virus before the program itself. And against this threat self integrity checking helps. Digital signatures have the advantage that the OS can check them too if it wants to.
CodeInChaos
2010-10-31 11:45:56
@CodeInChaos: This is why I said .NET might have an exception to this rule. I guess my point is, if he's building a signature checking mechanism from scratch, he's not really going to get anywhere. The program loader in the OS will have to do the check for him to get any benefit. Out of curiosity, is there a way to get windows to digital signature check regular executables before running them (not .NET executables)?
Merlyn Morgan-Graham
2010-10-31 11:49:03
I know that you can sign them, and that process explorer can check them. And I think the UAC prompt validates digital signatures before it displays the dialog. And a file without signature gets background color different from one with a valid signature.
CodeInChaos
2010-10-31 11:53:19
@CodeInChaos: Okay, lets go at this another way. It's generally considered bad, from a security best-practice standpoint, to install any new trusted root certificates. It costs money to do real signing, that the OS will enforce. Is that money worth it? Does it buy you much? If you are a driver author, since Windows *requires* that your software be signed, or the box be compromised via enabling test signing, then yes, it is worth it. If you're an application author, I say it isn't, unless you're already signing other stuff, or you want to install .NET assemblies to to the GAC.
Merlyn Morgan-Graham
2010-10-31 20:43:15
A:
check the entry point of your exe viruses modify it in order to execute their own code
opc0de
2010-10-31 11:11:18