Prevent .NET application being tampered or misuse

Networking/Security Forums -> Programming and More

Author: toughcanny PostPosted: Sun Jan 25, 2009 5:14 pm    Post subject: Prevent .NET application being tampered or misuse
    ----
Hi,

I am .NET developer, I have created a stand alone application (.EXE).
I want to make it secure in such way that no other person can use my application to dodge or create its replica, putting his malicious code inside and promoting his application as real one.

I have gone thorough obfuscation, strong naming but all this way I can not prevent its duplicate copy (Look and feel, functionality etc) same as of mine.

How I can force or let know my user that my application is real one, it is trusted one, it is safe to use because user can not simply find the executable they are running it actually from me or malicious one.

Your serious expert ideas / solutions required

Thanks

Author: GroovicusLocation: Centerville, South Dakota PostPosted: Sun Jan 25, 2009 5:34 pm    Post subject:
    ----
In most cases, developers provide an MD5 hash, or an SHA-1 hash. However, that can only be used as a method of validating that a file is the same as the one released by the developer. It will not protect a file from being altered. There is nothing that can prevent me from writing an application from scratch that duplicates the look and feel of your application. There isn't very much that could prevent me from writing an application to inject code into your .exe either. It happens frequently in the malware world. In fact, there is one worm going around right now that injects itself into services.exe:
http://news.bbc.co.uk/2/hi/technology/7832652.stm

Author: capiLocation: Portugal PostPosted: Sun Jan 25, 2009 5:49 pm    Post subject:
    ----
As Groovicus said, your best effort is to make sure people get the application from an official source (e.g. your website).

You should divulge hashes for your official releases. You can also sign your official releases with your private OpenPGP key, and divulge the signatures (along with your public key) on your website.

This way, even if your users obtain the EXE from some other source (e.g. download.com or some friend), they can still verify that it hasn't been tampered with. Your users can verify whether the EXE they have is a valid one, by verifying the signature against your public key, or by comparing the hash for the EXE they have with the valid hash on your website.

This is all, unfortunately, opt-in from the side of the users. They must consciously verify the file to make sure it's valid. You could make your software check its own signature, but then of course a malicious attacker could write a similar-looking software that didn't do the check.

In the end, the responsibility lies with the user to check the provenience of whatever software he runs on his computer, and to choose whether or not to trust the source.

Author: toughcanny PostPosted: Mon Jan 26, 2009 10:48 am    Post subject:
    ----
Thanks Groovicus and capi, so it means user becomes the part of responsibility. Developing touchy application makes good developer responsibile to keep his eyes on security risks so thats make me a bit worried about such creeps.

To divulage hashes and signature / thumbs prints on the website to tell user will be beneficial. Another way is to put all your core thing inside a dll/assembly then strongname it and your application using that strong name but still malicious user creates its own program will bypass this thing, create duplicate program keeping program name same but assembly strong name different...

But just a thought that there should be proper solution for touchy security related applications at operating system level to ensure and tell operating system that now I am installing abc.exe and its thumbprint or crc or digital sign or hashes or signature is xxxxxxxx, now for life time of operating system that file can not be change or alter. only can uninstall but can not reinstall with same name and has to get new copy with new signature or hashes, in this way user and operating system will get to know that now that is real file, this enforement and limitation atleast bring peace of mind or more security level Smile

Thank you

Author: capiLocation: Portugal PostPosted: Mon Jan 26, 2009 3:08 pm    Post subject:
    ----
The thing is, there is always going to be a compromise between security and flexibility.

The behavior you describe, for example, would be considered unacceptably invasive by many people. It basically means I would be unable to uninstall your application and install a competitor's, if one of its files happened to have the same name as one of yours. It is my computer, my freedom to choose exactly what goes on in it.

There are two schools of thought in this, as always. One can go in the direction of invasive OSes such as Vista, which is to treat the user's machine progressively more and more as though it doesn't actually belong to him. The software is in control and the user is "allowed" to do a few things.

Then there is the other direction, where software sits back and lets the user be in control. My machine, my software. For those of us who care about our fundamental freedom to do whatever we please with the machine we own, the difference is obvious.

Author: toughcanny PostPosted: Tue Jan 27, 2009 8:58 am    Post subject:
    ----
Yes you are right. But in this case for very touchy and secured application in which just a minor injection or temper could ruin user's important thing...

At the cost of flexibility user is going to lose many thing. In my view there is no use of computer and his important data for him when actually now this precious computer and his valuable data is not only his. Some one also sharing which user never want to even doesn't know about.

Giving power to only user in case of any change or uninstall with same sign etc could only benefit it or some other way of implementation. I am not talking about general application but for very specific and toucy application that will deal with user's important things.

Author: KNRGoodMood PostPosted: Wed Feb 25, 2009 10:25 am    Post subject:
    ----
toughcanny, there's one thing that may help.

Nobody can protect the software from everything.
But in practice, with enough effort, you can make harmful attempts as much troublesome and difficult, so that you will hardly suffer from any intrusion unless your application will become extremely popular / desirable for someone to break.

For instance, as one of measures, you may create some checksum, based on some features of the machine you want your app run on, sign it by some online service and make your application check the signature in some sophisticated way upon execution.



Networking/Security Forums -> Programming and More


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group