Antivirus gambit – hash code identifiers

Some viruses employ names of extant (already installed) programs to hide their existence. A virus might name itself “notepad.exe,” for example.

Windows employs hashes to verify the user passwords, and these hashes can be “scooped,” or copied, for brute force comparison elsewhere. Thus there is no “magic” in hashes.

Nonetheless, if every executable program were required to submit a hash of it’s code (perhaps including the time/date stamp of install as a characteristic,) even a simple md5 would suffice for the the OS or an antivirus program to benefit by the following effort. Take a moment every time any program is called, and run an md5 hash of it for comparison against the maintained list of such hashes.

It is not possible to require installation for every program. A VB or C++ program written ad hoc would not be required to call the MSI (Microsoft installer.) However, standardized programs would have a standard hash value, and a compiler or IDE could have a routine to authorize developmental code, within the developer’s OS, until such time as it was released.

While an end user who received such a program might consider it an imposition to click on an alert to authorize it every time, this construct provides another line of defense against the program that executes WITHOUT the end user’s KNOWLEDGE or APPROVAL.

This idea cannot be called “ready for prime time,” but it serves as food for thought to security conscious developers and theorists.

Advertisements

About James Johnson

I am an amateur mathematician & political theorist who enjoys (occasionally cerebral) humor.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s