How to detect if desktop application has been modified?
Question
How to detect if desktop application has been modified?
The application communicates with a web service, so we can maybe hash the desktop, and then check if the checksum matches or something like this? or what do you suggestion?
3 answers
solution1
6 ACCPTED 2011-11-14 08:04:30
Just don't let the application do anything you wouldn't allow the person modifying the application to do. Then it doesn't matter whether the application was modified or not.
Your proposed solution is like a bank trying to design a pen that can't be used to write bad checks and then trying to make sure customers always use that pen to write their checks. It's much more sane to stop worrying about what pen customers use to write their checks and just reject any check that's for more than the customer's balance.
Or, to put it another way:
1) If the application asks your web service to do something that you do not want it to do, what difference does it make if the application is modified or not?
2) If the application asks your web service to do something that you do want it to do, what difference does it make if the application is modified or not?
In sum, it makes no difference.
solution2
2 2011-11-14 08:18:13
While David's answer is an excellent summary of my opinion on your problem (better than I could have said it myself), I do recognize that some environments really do want to accomplish what you've asked for: some way to attest to a remote system that you're really running exactly the software that you say you are.
IBM's TrouSers is one portion of a software stack that is working to make remote attestation a reality. The entire stack relies on the TPM chips built into some commodity motherboards, a trusted BIOS that performs a cryptographic checksum of the boot loader, a trusted boot loader that performs a cryptographic checksum of the operating system kernel and important system utilities, and the operating system support (TrouSers) that can manage the TPM and verify the software in question.
It's important to note that the TPM chips are not designed for FIPS 140 -style tamper protection. Even with a fully-operational remote attestation stack, a hardware owner can more or less do as they wish. So it is vital to have good physical security controls on the hardware to prevent untrusted people from tampering with the devices.
solution3
0 2011-11-14 08:09:57
Best way is to calculate the checksum of the executable and store it in a secure place. You can recalculate the checksum and validate against the the stored checksum whenever you want. If the value does not match then the executable has been changed. This is what is done for most of the downloads available on the internet. The publisher publishes the checksum along with the download. This download can be mirrored. Users downloading from mirrored sites are expected to match the checksum of the download against the published chekcsum to ensure that the download is not tampered.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.