Is there any way to make a file totally uneditable and undeleteable ? I am creating simple Anti-Virus program and I want to protect my malware signatures which are saved in files.
The short answer is 'you can't.' The long answer follows. =)
You may implement it via file permissions, but those can be changed if a process have enough privileges.
TMK, the only way to implement this kind of restriction is to keep a process running, with the file open in exclusive mode. That won't prevent an application like Unlocker from killing your main process or deleting the block handles, though.
No, you can't. If a software runs with enough privileges, it will be able to erase them along with your antivirus. This also happens with commercial antivirus software.
What you can do, in order to at least prevent modifications, is store the definitions as compressed, signed and, encrypted. In this way, unless the malware can obtain the criptographic key, it won't be able to meaningfully modify the virus database, but only to delete it. In both cases, your software can detect the intervention and try to react (but if a malware is privileged enough to delete system files, maybe it' already too late)
you cant really do so, but you can try outsmarting malware...
Save a checksum of the file so you know if it was tampered.
Use Async Encryption on the file (somwhat similar to 1.)
make the signatures downloadable through Internet access, and make your software download those...
check the last accessed times of the files.
there are many more tricks like the four above, but they are all NOT boolet proof...
One Crazy idea that i dont really know how to implement... but came to mind is that:
you can create a SATA/IDE Driver and make the a specific file unaccesible...
but again thats my kind of creativity crazy talk :)
The best you can do with C# is to just set the permissions of the file so that only your service has full access, and anyone else doesn't. That don't protects against someone/something that managed to get administrator access, as they always can change permissions.
What many antiviruses do for self-protecting their files and services is to install kernel-mode drivers that block both the critical files and processes, so not even administrators can stop them. Of course C# is unable to create them.
Related
I am working on a c# application that is serially encrypted when user install the application and runs application first time I ask user for key and if he enters right key. I run the application. But my requirement that this process should be one time after installation only,
I think there are two possibilities.
Store software validation state in a variable and use it to allow the running of application (I do not want to use XML,Object serialize as I have to save the state of one variable also user can remove files created by serialize).
Ask user about key while he is installing application,If he enter wrong key then he should not be able to install the software.
Can some body answer
Is there a simple way to store the state of a single variable.
Or
2. How to trigger installer manually (after validation).
Software Protection is an old and expansive topic. The current state of the art, is that it's not really possible to protect you software 100% reliable. Sooner or later, someone will crack it anyway, given enough exposure and/or interest.
Nonetheless, a lot of people and companies protect their software products and there are a number of way to this (not 100% reliably however).
It is not clear what your requirements are, from your question. Given what you've described, the simplest option would be to zip up the installer with a password. If a user don't know the correct password they won't be able to unpack the zip file and install your program.
This is usually not very practical, as the same password is provided for everyone. You want to do your own serial key validation, and you considering doing this at installation time. If this is the route you want to go for you will need to provide some script that will do validation to your installation system. You indicated, that you are using windows installer. You can user Windows Installer XML (WiX) toolset to author an installation. Given enough patience, you can built the key validation into your windows installer package. Most practical way possible is to call your validation routine that you've writen in c# from the wix package. You can use Conditional Syntax to check conditions in your installation. This should cover your option 2.
As for option 1, then whenever in the system you store your piece of information, user always will be able to get there and change it (it's their computer after all). Some people store this in registry, some in key files. Deleting these files is usually not a problem, because if user deletes them, your program will know that it should not run. However a user would be able to copy them on other machine, etc.
Isolated Storage is yet another place to store you information with .NET. Ultimately it is some deeply buried files in the file system anyway.
Once again, Software Protection is a complex topic, it's up to you to decide, what you requirements are, what compromises you can afford and what you choose to implement.
Good luck!
for something like this, i would encrypt it and store it in the registry. this is not they type of thing that you want to store in a settings file. you can check out this codeproject article on how to access the registry using C#.
Is this even possible?
I realize that asking them to enter data when the program runs and saving it in the executable file itself is out. (Or is it?)
Right now I'm considering trying to build the program server-side with php and have it incorporate a separate text file which would contain the information. This seems marginally feasible, though I would have quite a bit of learning to accomplish it.
I was hoping for some other ideas of how I might accomplish this.
I am not interested in separate configuration or text files or putting data in windows registry. I am only looking for solutions where it can be quite-solidly a part of the executable.
Does anybody have any experience with this?
Thank you.
Its perfectly possible, that's how self-extracting zip files work.
Basically, you can add as much stuff to the end of the executable file as you want. Your program can then open its own file up on disk and read it back.
How about using Settings within your app? It depends on what you mean by "storing the user registration" as to how you would best achieve this, though. If you could give some more information about what you actually want to store, that would be useful.
An example would be to save a username, or an authentication token, and use that each time you need to check a "registration". As I say, though, the details of what to store would depend entirely on what you want to do it that data...
You could use it to embed in the unmanaged resources.
I want to secure my external hard disk by writing sort of ShellExtension. But Shell extension is Workstation Specific.
Is there a way I can write an application that will show a authentication or an extension encrypt my drive data so user will get a failure message when double click on my drive.
You can't secure an external harddrive by the use of a shell extension, period.
If you want to keep your data safe, there's only one thing you can do: encrypt it. NTFS has built-in encryption, but I wouldn't recommend using that for an external drive, because of the way the encryption keys are handled.
There's a nice pre-cooked solution for you, though: TrueCrypt. It works, is available for multiple operating systems, has decent speed, and good security. Use it.
1) You should not write a shellextension in .net
This causes lots of trouble since then the .net runtime is injected into every application displaying a shell window (like the file open dialog) and if it already uses a different version of the runtime it will likely break.
2) I don't really understand what you are trying to do. But I encrypt my external harddisk with TrueCrypt. That's secure and easy to use.
This is only possible if you change the drive. Otherwise just using on a system without your software would bypass it.
Using NTFS with permissions for the drive's file system would be bypassed by anyone with applicable Window's privileges.
Using an encryption tool may be best: a single public file which contains a complete drive only accessible with the right software and authentication—there are a number around.
Is it possible to delete-protect a file/folder using Registry or using a custom written Windows Service in C#? Using Folder Permissions it is possible, but I am looking for a solution that even restricts the admin from deleting specific folders.
The requirement is that the administrator must not be easily track the nature of protection and/or may not be able to avert it easily. Obviously all administrators will be able to revert the procedure if the technique is clearly understood.
Like folder Permissions/OwnerShip Settings can easily be reset by an administrator. SO that is not an option.
Folder protection software can easily be uninstalled and show clear indication that a particular folder is protected by some special kind of software. So that too is not an option.
Most antivirus programs protect folders and files in Program Dir. Windows itself doesnt allow certain files such as registry files in c:\windows\system32\config to not even copied. Such a protection is desired for folders which allowse to read and write to files but not allow deletion. Similar functionality is desired. The protection has to seemless and invisible.
I do not want to use any protection features like FolderLock and Invisible secrets/PC Security and Desktop password etc. Moreover, the solution has to be something other than folder encryption.
The solution has to be OS-native so
** that it may implemented **
pro grammatically using C#/VB.Net.
Please help.
Obviously all administrators will be
able to revert the procedure if the
technique is clearly understood.
Please don't tell me your solution is going to rely on security by obscurity...
Anyway, if you don't trust people with administrative rights on the server not to do the right thing, then I suspect you are trying to solve the wrong problem. The problem you should be trying to solve is restricting access rights, and training those who have elevated privileges.
Well, i don't know what you are actually trying to achieve, one option to prevent the deletion is to keep the file open in write mode from your program. nobody will be able to delete it as long as it is open. This is why you are not able to delete windows registry files.
But this does mean that nobody else will be able to write to the file.
Sorry in advance for the long question.
What I'm really interested in is a way to programmatically check if the executing windows identity has adequate windows privileges to write to a directory (or file) in an ASP.NET web services application. But I'll settle for retrieving effective delete (modify) privileges for a user for a given directory or file. The problem is that I would like to be able to do this without either writing temporary files OR necessarily performing the IO action and handling the exception.
Yes, there is a question on this already ( see How can I programmatically determine if I have write privileges using C# in .Net?)
Normally I would agree with the accepted answer that the best method is to just try the IO action and handle any exceptions -- System.IO methods do throw System.UnauthorizedAccessException to indicate failure as a result of privilege denial. But in the case of of UPLOADING files, I'd really like to check the privileges BEFORE wasting the time and resources of uploading the data since it is only AFTER upload that we can attempt to write the file or folder in question. I pity any users uploading a 2GB file over http only to be told after the upload completes that they don't have permissions to upload the file to the destination.
The usual approach to testing write access if you don't want to perform the actual write is to write a temporary file. The other question has an answer pointing this out. This is what our code currently does. BUT windows security allows write access without delete privileges. Users with ONLY write access but no delete end up leaving all sorts of undeleted .tmp files. And no, we don't want to use a Domain admin account to reset the ACL on the tmp files and then delete them. The approach I've been taking is to check if the user has write privileges using System.IO.Directory.GetAccessControl(..) or System.IO.File.GetAccessControl(..) and dealing with the various access rules and ACE returns... but with this I still have issues dealing with EFFECTIVE privileges -- i.e. in most cases I also have to look up the user's membership in any of the groups listed in the ACE that do have permissions on the object. There has to be an easier way.... doesn't there?
Well kudos for going the extra mile on user experience AND trying to maintain clean program structure. Maybe if you're uploading only you could try to create an empty 'placeholder' file with the same name as the final 2GB file will have, then just overwrite it. Not perfect since you could still end up with an empty file, but pretty easy and at least a little bit more elegant that some of the alternatives.
You could also have permanent file, say 'access_test.txt', which you try to overwrite with a datestamp or something to first to test the current access.