Protection Software

[#antimalw]: Anti-Malware software
Anti-Virus, Anti-Spyware, etc.
Controlling unsolicited E-Mail

Often such E-Mails contain attacks, such as embedded malware or text designed to “phish” confidential information from people. Even if full control isn't obtainable, there may be some possibility to help reduce the amount of problems. Specialized “anti-spam” software may be helpful. (Often such software might be distributed by the same organizations who develop more generalized Anti-Malware solutions.)

[#filintgr]: File Integrity Checking
AIDE, Integrit, mtree, etc.
[#signdcod]: Code Signing

The concept of code signing allows an operating environment to refuse to run code unless that code has an authorized signature. The signature helps to identify who created the code. In theory, this can be used to help deter malware for two reasons. One is that malware authors will not be able to mimic a known and trusted software developer as easily.

Another benefit to code signing is that effective malware may be more difficult to create, distribute, and run. Even if malicious code could be designed, and therefore created, getting it to appear authorized enough that it would run on an end user's PC may be a challenge once. If software is rejected because of a malicious nature, the developer may have an even more difficult time trying to get subsequent software authorized.

Code signing may be part of another (perhaps larger) technology called “trusted computing”. Such “trusted computing” is not favored by some people/organizations, mainly because of some of the leverage that this sort of technology can provide to some (financially) powerful organizations. Some reasons for code signing may be to combat intellectual property theft (“piracy”) and controlling end users so that the end users must used solutions that are authorized (and perhaps costly) instead of using unauthorized solutions (which might be “homebrew”, and free).

One key reason that some people appreciate having unsigned code is the decentralized nature that allows an end user to run code that isn't authorized by a centralized organization. However, keep in mind that code signing could be implemented on a smaller scale. For example, code signing requirements don't have to just require that an organization like Microsoft approves of the code. The code signing requirements could require that the code is approved by a local company, the head of a family household, and/or a giant corporation like Microsoft.

If a generic executable needed to be signed by authorized people, that may help limit the code that is introduced by unauthorized people. That would likely reduce the threat of some malware that is coming from unauthorized sources. (This may be a hinderence for some employees who don't like the hassle of needing a company's IT department to sign code. However, the company's management may appreciate the benefits, and determine it is worthwhile. Even the end user might appreciate that such a code signing requirement would hinder the ability for a malware distributor from exploting a web browser bug and causing the browser to download and execute less some types of code, namely code of the less-sandboxed variety.) So, even if the technology may be used in ways that some people do not like, there seems to be some legitimate uses of the technology that will likely provide more good than harm for the general public.


There have been some cases where code signing has achieved some desired goals. For example, Microsoft's original Xbox video game system used code signing to deter homebrew software. (Although that attempt had some flaws which led it to be rather unsuccessful, the code signing likely did cause at least some partial success.) Another example of code signing may be networking equipment, like firewalls. Such code signing may have been financially motivated to ensure that clients are trapped, locked in so that they can only get code from the source providing the hardware. However, the benefits of malware protection aren't a bad side effect.

This section seems rather likely that it may become out of date soon. Consider performing more recent research about what the modern capabilities are. This is currently more of an overview section, rather than a guide how to accomplish this.

It seems that the idea of requiring multiple signatures (e.g. a software development corporation and a company's department and a household) might not be readily deployed. The main reason is likely due to infancy: widespread use of code signing technology is something that has only recently started to occur. (Requiring any or all keys is not that difficult to implement. It doesn't require three times as much disk space for the executable. For example of how this could be deployed, code could be signed with one key, which is automatically read upon entering either one of two other keys. This way, two keys are accepted, but the encrypted data only needs to be stored once. Microsoft Windows may have already implemented this sort of concept with support for encrypted files.)

Wikipedia's article on “Code signing”: “Implementations” section mentions some implementations: the earlier “Providing security” section mentions some other implementations notes, “Another major usage is to safely provide updates and patches to existing software.”

John Robbins' Blog : Code Signing - Cheaper and Easier than Thought provides a guide for code signing in Microsoft Windows at some cost. It appears that when the operating system runs unsigned code, the user is asked whether such code is desired. There are a few (potential) issues with this implementation. #1: It is implemented through User Account Control, which has often been disabled (perhaps primarily due to a rather bad implementation with Windows Vista, where UAC was considered to be much more annoying than beneficial). #2: This involves PKI, which isn't always universally trusted. It might not be a way for a way to use a private signature. (Or, it might be: further research may be needed to determine that.) #3: There is some cost, which doesn't seem to be absolutely necessary to be able to incorperate the concept of code signing. (The cost has to do with the fact that PKI is being used.)

Forum post lists some other options:
Some quoted words/phrases from that post:
BSign, DigSig and DSI:
IBM DeveloperWorks tutorial Attacking binary signatures)
the tpmddTPM Device Driver, the TrouSerS OSS TCG Software Stack, TrustedGRUB,
a TPM Manager GUI and SmartRM.

and among these IBM TCG papers is one that tries to combat wrong criticism.
Also see the OpenTC Open Trusted Computing Consortium

(For further defense, see the section on disaster recovery.)