1

I want to have a simple application that is in .exe (executable) format hosted on a secure domain that, on my website, a user can click to download and run. However, I'm aware that many annoying viruses are in the form of a harmless-looking executable, so I naturally would want to also put, as a small notice for that download, something like "Not a virus - trust me at your own will". But this leads me to a certain concern.

How, if possible, could that executable become infected? Is what I'm thinking of doing stupid? If so, what is a better alternative? What precautions should I take?

The last thing I want is for a file of mine to become infectiously corrupted and to have the possibility of it messing with others (though Linux users are more or less safe).

Arturo don Juan
  • 113
  • 3
  • If you're worried about the executable becoming infected, you can post the hashes of your archives/executables in a secure location for users to compare to their downloaded copies. They'll know their copy hasn't been tampered with when the hashes match the reference ones. – esqew Jul 17 '14 at 17:45
  • Yeah this is adequate, so long as that posted hash hasn't tampered with (which I personally don't know how hard it is to do on a server like the one I'm thinking of). Thanks for the advice! – Arturo don Juan Jul 19 '14 at 03:31

4 Answers4

2

You can and should sign Windows applications : see http://msdn.microsoft.com/en-us/library/ie/ms537361(v=vs.85).aspx

Bruno Rohée
  • 5,507
  • 30
  • 41
1

If your server is properly secured and you don't have an interactive content, it is unlikely that an attacker will be able to modify your file on your server, however unless you use an encrypted connection to your visitors, then it is theoretically possible for someone to get in between you and the visitor and replace your server all together.

Either way, simply saying "this is safe" is pointless. Either people will accept the risk or they won't. What you may want to consider doing is placing the file on a software sharing site like CNet's Download.com. They automatically virus scan files that are submitted and so people are more likely to trust it if a third party has said it is safe.

AJ Henderson
  • 42,081
  • 5
  • 65
  • 112
  • A point about Download.com - many users will try and avoid the Download.com listing of your software as CNet has recently begun shipping bloatware with the executable branded as a downloader. – esqew Jul 17 '14 at 17:44
  • @esqew - fair point, that was the first one that came to mind, but there are many other similar options. I'd welcome a suggestion for a better example to use. – AJ Henderson Jul 17 '14 at 17:46
0

It is without any doubt that there are many ways to infect not only exe but also the other common file types readable by computers on this Earth.

Here are some ways by which one can infect an exe.

  1. Non-Destructive
    Non-Destructive usually involves adding or binding the code at the end of the file or in the beginning. You can then also create jump points in it. Let's say you have malicious code placed at the end of the file, and you want it to execute it before the original code executes. You simply place a jump instruction to it.
  2. Destructive The destructive approach follows overwriting a segment of the code with your malicious one. A part of the file no longer exists and is overwritten by the virus code. Destruction approach, however, is not a good approach. You cannot restore the file after removing the malicious code.

Precautions

  • One good way would be to have an antivirus program installed on your server
  • Another methods would be allowing the file to check its own integrity, which can be bypassed in most of the cases.
  • Other way would be hashing the file, every time a file is changed, downloaded or is executed, it must check with the hash you stored on the server.

The second method is also used in Windows 7 (Applocker), which checks the files for any broken hashes, and disrupts the download in hash-mismatch case. It not only protects the user from downloading any altered files, but also the broken files which may cause trouble to the system.

Fennec
  • 243
  • 1
  • 12
0

If the exe is your code then there are several things you can do.

As Bruno Rohée said: Everyone give him an upvote.

You can and should sign Windows applications : see http://msdn.microsoft.com/en-us/library/ie/ms537361(v=vs.85).aspx

You can try to obfuscate your code using a tool for whatever language you created the application in. This technique will attempt to break (hard to do) decompilers and analysers from constructing readable code from your EXE.

You should mark the file on your server as read-only for all users and change the owner to an account that isn't controllable by any infection vector so that if your web-server gets infected with something it can read but not write to the file. Essentially chmod 644 the file.

You can submit it to and link to https://www.virustotal.com/ and ask your users to do the same. virustotal.com will run the file through a bunch of virus scanners and give you a report. Which is similar to the "trust me approach" but now you're backing your claim.

Additionally you should post your hashsum's on the download page.

The best way to prevent modification to your code is by signing it. If a signature is broken on your EXE you know that your Windows user will know about it.

You can also Flag your application at compile time to run Address Space Randomization. This means that for a cracker trying to exploit your application it will load itself into random parts of memory instead of 'in a straight line', similar to obfuscation.

Edit: I said the best way to prevent modification of your code, that is incorrect. I should have said that the most transparent way to alerting users of modified code.

Goldfish Sandwich
  • 212
  • 1
  • 4