Some viruses employ names of extant (already installed) programs to hide their existence. A virus might name itself "notepad.exe," for example.
Windows employs hashes to verify the user passwords, and these hashes can be "scooped," or copied, for brute force analysis elsewhere. Thus there is no "magic" in hashes.
Nonetheless, if every executable program were required to submit a hash of it's code and install date (even a simple md5,) then the OS or an antivirus program could take a moment every time any program is called, and run an md5 hash of it for comparison against the maintained list of such hashes.
It is not possible to require installation for every program. A VB or C++ program written ad hoc would not be required to call the MSI (microsoft installer.) However, standardized programs would have a standard hash value, and a compiler or IDE could have a routine to authorize developmental code, within the developer's OS, until such time as it was released.
While an end user who received such a program might consider it an imposition to click on an alert to authorize it every time, this construct provides another line of defense against the program that executes WITHOUT the end user's KNOWLEDGE or APPROVAL.
This idea cannot be called "ready for prime time," but it serves as food for thought to security conscious developers and theorists.
No comments:
Post a Comment