Whitelist my desktop application in user's machine - security

I have a desktop application built by InstallJammer. The application is not a problem but when it is installed on user's machine, the anti-virus on user's machine stops the services created by my application and so it stops communicating with my server. I need to get it whitelisted so that it won't be treated as a risk to the machine and the anti-virus won't stop it.
What I've known so far is
Adding a 'Publisher' to the application may help it to be treated as not risky as this process has steps of authenticating my application with a certificate. (Though I don't know if this is correct. I've refereed this link)
Googling about it I found some anti-viruses site asking me to register with my application there.
My questions:
Adding 'publisher' would serve my purpose? If yes, how would it whitelist my application?
If the above option doesn't work, do I need to get whitelisted with each and every anti-virus software product?

Answer after I achieved all that I wanted to for this.
tl;dr;
For the people directly reading the answer:
I had an installer for windows(built using InstallJammer) that creates windows services on the user's machine, which got frequently blacklisted by anti-virus programs and firewall. Also downloading it in your browser would show a message like the picture below.
Why does this occur:
This occurs because the anti-virus softwares and the firewall does not recognise your code(that is, it cannot verify that it has come from a trustworthy source). Hence it attempts to block the download or blacklist the services(services because I'm referring to my application) by stopping it or does not allow it to communicate through the network.
Solution:
You'll need to get your code verified(i.e. get your code digitally signed) by a code signing certificate(from here forward will be refereed to as CSC). These certificates are provided by Certificate Authorities(from here forward will be refereed to as CA).
Some the examples of CA(s) are : Symantec(the one that I used, because we had our SSL certificate for webapp from this CA), GlobalSign, DigiCert, Comodo, etc.)
This page shows a pricing list of CSC from different CAs.
The process to get the certificate:
This is a bit tedious process, as it has certain standards and rules to adhere to. The process of acquiring a certificate typically takes a few days. For instance, the validation process requires to fax a copy of license and a few utility bills to the Certificate Authority, for reasonable proof of my identity. They also validate phone number and there might be a need to speak to a representative.(I'm a little unsure about this process as it was done by my client back in USA).
After you get CSC:
You'll need to save the certificate as a .p12 file which will then be used to sign your code.
How to sign:
Microsoft SDK includes a the tool(signtool.exe) that can be used to sign your code (generally located at C:\Program Files (x86)\Windows Kits\8.0\bin\x86, depending upon the version of SDK installed, '8.0' can be different in our machine.
If you are a newb and have either not reached to a time where you need automation in your process of signing files(ambiguous to signing code) or have very a few files to sign(max 3 or 4) or have a lot a files to sign and are a crazy person with plenty of time, you might want to use this excellent utility provided by DigiCert that provides a really good UI(might be sarcasm) to sign and also check if your files are actually signed. Thank you DigiCert people.
How to check if your files are signed:
Of course the simplest process would be to check the properties of your file whether it contains a tab for digital signature. Other way is that Microsoft has tools that can check if your code is digitally signed, it can be found out by easy googling.
How I did my CODE Signing(automation):
For the main windows executable application that I build, it has quite some binaries and executables. So I created a batch file that does the following signing and building tasks. (I've used Microsoft's SignTool to sign the files from command line)
Asks me what environment do I want to make a build for(dev, staging or production).
Copies all those required(for build) files to a main folder.
Signs all the inner binaries and executables.
Performs an InstallJammer build from the command line itself(as I mentioned earlier, my application is built using InstallJammer). It outputs the final Setup.exe file.
And then Setup.exe too gets signed.
P.S. :
After code signing, the success and failure of your software getting whitelisted(authenticated or verified by anti-virus software and firewall) depends upon the reputation of your certificate. This reputation is determined heuristically and a good reputation means lesser chances of your application getting blocked.
Tip for Geeky people lurking out there
Try to buy a CSC subscription with a longest time period. This will help you avoid certificate rollover.
What is certificate roll over?
Certificate rollover occurs when your old certificate expires and you begin signing your code with a new replacement certificate; all of your reputation that was gained against the old certificate might be hampered, and hence there may be a time lag for your new certificate to acquire a good reputation.
So for the conditions when your CSC expires and you want to avoid mishaps, you might want to sign your software from the start using timestamp. Googling about it's(signing using timestamp) will make you 5 inches smarter.
For the people, blogs and sites that helped me throughout; more details can be found on Didier Stevens's blog.
Also a detailed explanation all about this and the mighty friend of all web developers, Internet Explorer's smart filter can be found on MSDN blog.

Related

Uploading Entire CdRom through browser

I am a doctor who is seeking a solution for my patients. I often receive medical CDs from my patients which contain their radiological data. What I need is a web solution which I can integrate with my web site. But the caveat is that I dont want this to happen via Choose File. Most of my patients are old people who doesnt know much about internet or computers. So I want a single button on my web site which will copy the entire CD in the CD drive and send it to me without any user intervention. Is it possible?
Update:
OK thank you all. I did not intend to break copyright issues. Actually, I thought a user who will hit that "button" will also give permission to access their files. I completely understand your concerns and I completely agree however - as an end-user - this is the problem requiring a solution in my case. After the COVID none of my patients can come to clinical visits and I need to see their follow-up. In neurosurgery, this is very important. I do not know if it is OK to send links (and sorry if it is not) here but for example, this web site makes something similar to my idea but it is not free and it is so complicated for my -low socioeconomic - patient profile.
My target population mostly deals with brain tumors and their level of concern for copyright issues is so low for that reason. I don't mean taking everything from them without their will but this is the case. So again thank you all for enlightening me and I am again sorry if I break the rules of this website.
Introduction
I'm going to go through the reasons as to why the specification as stated, cannot be implemented, and also as to why older technologies that may have allowed this implementation cannot be used.
Do note that even older technologies, would have required some sort of installation or agreement from the user- as a minimum 1 click.
Also note: It is possible to get files from a users system, but you still have to get their agreement through an action or prompt from their part!**
As to what you could do? Tukan already covers some nice alternatives but if I do think of something I will add it!
Basic Explanation
The most basic explanation is that this would be a giant unprecedented security hole. It would mean that browsers would allow a site to access files from a users computer hardware (DVD) without the permission of the user or the active actions of the user.
In your case you do have a valid non-malicious use for it. Imagine however all the malicious websites that would use this mechanism to steal stuff off the DVD/CD that is in the users tray. Imagine the privacy issues, security breaches, and even minor stuff like copyright issues.
Finally, and even worse, if the specific requested allowed access to the whole file system (including all drives like C:), a malicious site could steal everything on a user's system.
The positive (and negative for you) is that browsers have been incrementally locked down over the years and technologies/plugins/extensions/features have been incrementally either locked down, or deprecated/removed. Such technologies include: active X, java applets, and flash.
Finally, browsers like chrome and internet explorer themselves now'a'days run in sandboxes. See for example the article (and this is from 2013!!): Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program
They’re restricted to running in your browser and accessing a limited set of resources — they can’t view your webcam without permission or read your computer’s local files. If websites you visit weren’t sandboxed and isolated from the rest of your system, visiting a malicious website would be as bad as installing a virus.
Other programs on your computer are also sandboxed. For example,
Google Chrome and Internet Explorer both run in a sandbox themselves.
These browsers are programs running on your computer, but they don’t
have access to your entire computer. They run in a low-permission
mode. Even if the web page found a security vulnerability and managed
to take control of the browser, it would then have to escape the
browser’s sandbox to do real damage.
Active X (Deprecated) (Internet Explorer)
Let's start by saying that Active X would require the user to change their Internet Explorer Security Settings so we can strike it off immediately.
If a user did change their settings (see: Enable ActiveX controls in Internet Explorer ) and Enable for IE 11, a developer could use active x to access files on a users system.
Also note Active X is deprecated and rumour has it that it may not be around for long.
Java Signed Applets
Java Signed Applets could access the local file system.
However, Applets are no longer supported in firefox and chrome. They do run in Internet Explorer though IE is deprecated as well (since people are moving to Edge).
There's a very well written answer on the topic here: How do I run Java applets? [duplicate] and Why is the Java plugin (JRE) disabled in Chrome?
Adobe Flash (Previously Macromedia)
First off, flash has been removed from most Internet Browsers and is officially considered dead. Additionally, after Flash Player 10 it was possible to load a file but the user had to select it himself through a dialog (see: Can Flash action script read and write local file system? ).
FileSystem and FileWriter APIs
You can read and write using this API. However, it again requires the user to interact with the webpage and to select the files themselves.
References
Is it possible to access local file via javascript?
Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program
Enable ActiveX controls in Internet Explorer , Enable for IE 11, and active x to access files on a users system
Java Signed Applets could access the local file system, How do I run Java applets? [duplicate], Why is the Java plugin (JRE) disabled in Chrome?
Can Flash action script read and write local file system?
As Andrew mentioned this SO is used for Q&A from/to developers. I'll try to give you a general idea what could be done.
Who should do it?
I think you need some freelancer who would create a code for you.
The mechanism you are describing is not possible due to security issues.
Web page should not have access to the HW, as you would like, without user
interaction.
What is then feasible?
I think what is feasible is an application (thick - meaning .exe file) which would be executed by your patients which would search for a CD/DVD drive, pack it and send it via secure channel to your server. They would need to download it and execute it.
If you have elderly patients you need to visually confirm that the data has been send using some clear message.
Something like: Thank you for sending the data to Dr. Jones. All data has been received.
Secure channel can be for example: ftps, sftp, https, etc.
On your side you would a have a daemon which would serve as endpoint for your patient's data. After receiving the data it should be moved immediately outside the uploading folder.
Edit
One more option that came into my mind would be to distribute a tailored USB key to your patients with such application, which would be executed upon insertion.

How to preserve reputation with the SmartScreen Filter in Windows 10 after previous code-signing certificate renewal?

I had a code-signing certificate for the last 3 years. When I signed my software with it, the signature did not cause any SmartScreen warnings when the software was downloaded from the Internet.
This certificate was expiring this month, so I renewed it with the same company for another 3 years.
The issue it created is that now when I sign my software, the new certificate does not have any reputation with the Windows 10 SmartScreen, so when the software is downloaded and run, it shows this warning:
(I've been signing my software with it for over 2 weeks now. And the warning is still there.)
I know it's a slim chance, but is there a way to link this new certificate to the old one to preserve the old cert's reputation with SmartScreen?
PS. This "cert renewal business" and the loss of reputation is costing me dearly in the number of installs of my software. Also, why do developers have to pay with the reputation loss for the cert renewals.
Not an exact answer to your question, but I think this method might help you as well:
Create a small installer package that does nothing else than download and run the real, up to date installer EXE/MSI from a webserver (let's call it "secondary installer") and runs it.
You can update the "secondary installer" as often as you want, but by all means avoid any changes (rebuilds) of the "primary installer".
Why does this work?
You need to code sign the primary installer only once. As long as the EXE remains as-is, it's signature and reputation is valid even when the certificate itself expires (an expired certificate won't let you sign new code, but already signed code remains valid).
Smart Screen only checks your primary installer. It apparently does not care if that program downloads and runs other programs.
Of course, your primary installer (or, more exactly, it's certificate) still needs to gain reputation, but after that, you're set.
I used Inno Setup along with the Inno Download Plugin to create such a "primary installer" (resulting in a ~700 kb Setup).
It is by design of MS for every renewal you will have to build trust only then the smart screen filter will be removed for your certificate. If you need immediate reputation you need to purchase EV CS. I know it is too costly for EV CS but we have no other choice. Even microsoft don't answer this question. Either bare the cost or live with it wait for the reputation to build.

How to secure credentials for open source crowdsource software?

We are developing open source benchmarking software that users can download, execute on their system (which runs some benchmarks for some stuff) and then uploads the results to a central database. Those anonymous, crowdsourced benchmark results are then displayed on a website for everyone to see.
A big feature of this software is that it's open source. It will be hosted on GitHub and will include instructions for anyone to download and compile the source themselves, for peace-of-mind or whatever just incase people don't trust our program.
But we obviously cannot divulge the security credentials that allows the software to upload benchmark results to our central database. So we aren't going to include these in the public source.
So people could compile the software themselves (which is good) and use it, but it would be useless because the software wouldn't be able to upload to the database, which is the entire purpose of the crowdsourcing software. So users would be forced to use "our build" of the software that has credentials hidden away inside. Many people are smart enough to not bother with unfamiliar .exe's these days, so that doesn't help the situation. Also, since the source is open, anyone could modify it, compile it and distribute with malicious intent, saying that it's our software.
How do you get around this problem of security credentials in open source software? Obviously rule #1 is you don't include it in the distributed source. But if the credentials are required for the software to function as intended, then what do you do? We want to keep it open source so that users have a reason to trust the software.
You can ask for each project owner to register into your site, create a public/private key pair for them and use an asymmetric encryption for identify your results source

making a website local

I'm going to build a website for file manipulations. The idea is that the user will manage to upload his files to the website, and click the "manipulate" button, then he will get the resulted file. Also the user will have to pay in accordance with the amount of files he's trying to manipulate.
The code for the file manipulation is already written in JAVA.
The thing is, some of these files will probably be truly sensitive and private, so users will not be delighted to upload to my site over the internet.
I thought about making a local version of the website, and let the user download it (the local version) to his computer (and the only access the internet will be for the payment action).
But there seem to be two problems:
When i'll decide to change anything in my website, it will not affect the local users.
The local site will be very easy to "crack" in order not to pay...
This is my first website,
do you have any suggestions of how to solve one of these 2 problems?
Thanks!
Concerning question
(1) you would have to implement some update mechanism, for example your "local web site" (which might be a .jar file containing a web server) could check over the internet if a new version is available and then download and install it (however, you should generally ask for user's permission to do so, as many users are not delighted with silently auto-updating software). Concerning question
(2) you might use some code obfuscator to make your compiled java classes more difficult to decompile, and use an encrypted SSL connection for the transactions related to payment (while checking for server certificate to avoid man-in-the-middle attacks by the end user); however any software that a user can have on its computer will be eventually cracked by somebody. Therefore, the best solution is possibly to keep all on your server, while securing as much as possible the whole: use encrypted connections with SSL for everything, or even if the files are highly sensitive, provide a public key so users can encrypt their files with GPG (or similar software) before sending them to the site, and encrypt the files to be sent back to the user by using its public key (that he/she has to provide you and that is not critical at all to be transferred over the internet). Also carefully check the security of your web server and all the software running on it, to avoid bugs that might allow somebody to hack into it. Using the encryption with GPG/public keys and only storing encrypted data on your server might be already a good protection (but you have to make sure that it is impossible to get your private key in any way!).

Code Signing: When & Why? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 months ago.
Improve this question
If you search for code signing online you will get a plethora of hits regarding where to go to get your code signed with a digital cert, but no articles or documentation on when you should get your code signed or why this might be necessary. So I pose these questions:
What use cases exist where a developer or a development team want/need to have their code signed?
What types of code can/should be signed? JavaScript? Java? C++? Are there different types of codesigning for each language/platform?
Is the code signed as raw source or the compiled binary?
Thanks in advance.
I suppose theoretically any code in any language can be signed, either as the source but more commonly the compiled binary.
Main use case that comes to mind with me is with Mobile applications (Android for this instance). You have to sign the code before publishing. You also have to keep the key store file so if you make any updates to the application and want to upload it you sign it with the same key. This is because Android checks a number of things when upgrading an application the main one being that the code signing is the same for the old and new, which as long as the key store file and its password is kept secret enough, proves it came from the same source. If someone were to modify the code in some way, the signing verification would fail.
In a nutshell signing code lets the end user / machine know where the code came from. And in the case of upgrading makes it difficult/impossible to modify code and have others download it.
Apple goes nuts with code signing for iOS and I don't fully grasp all the details but you have to get the certificates (yes more than 1) from Apple and sign with them. If you want to put the app on a testing device you need yet another certificate to sign with and install it on the device, other wise you have to get it on the App Store (subject to Apple's approval) where they probably sign it with some private key for iOS devices to know its Apple approved.
every time you need to ensure that code is from trusted source and no one modifies it (signing usually comes with checksum). it's very common. programming libraries, software distribution, software upgrades. when you need to patent the code you should sign it and get a trusted timestamp. when you create a bank and give access to it through internet, you send your webpages to the users via SSL = you are encrypting and signing them. and probably many many more
What use cases exist where a developer or a development team want/need to have their code signed?
Digital signatures mean different things on different platforms. If you're writing Windows desktop software then the biggest initial benefit of signing your executables is to get rid of that nasty "Unknown Publisher" warning that Windows has been showing users since Windows XP SP2. On other platforms (Some mobile, Java, Flash, Office VBA Macros etc) signed code is required in order to elevate permissions.
You can make a Windows program self-check its own digital signature to make sure it is valid, which means the EXE hasn't changed at all since it was signed. Most use that as another layer of protection against malware and piracy.
Check out this too :
http://blog.ksoftware.net/2011/07/what-is-authenticode/
What types of code can/should be signed? JavaScript? Java? C++? Are there different types of codesigning for each language/platform?
In theory it is possible to digitally sign any document but most of the time when people are talking about code signing they're talking about MS Authenticode (attaching digital signatures to any PE format file (EXE, DLL, COM, etc) or signing executables for OSX/iOS.
There are different types of signing on different platforms but most will use the same certificate.
Is the code signed as raw source or the compiled binary?
In most contexts, a binary.

Resources