-2

What a developer can do to prevent embedding of malicious code to their executable.

Like how msfvenom, metasploit can embed payloads to any executable.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Mashhoor Gulati
  • 127
  • 3
  • 13

1 Answers1

2

Not much.

  1. Purchase a certificate and sign your executable. Any change in the exe will break the digital signature so at least the change will be visible to end user.

  2. Follow security best practices. For example, only install your executables into C:\Program Files, if you’ll do, trying to modify anything in your installation directory will require elevation. Don’t install any binaries in user’s profile folder (google chrome does, and it’s very bad).

  3. Best of all, convert your app to UWP platform and publish it through Windows store. The security model there is much better than for Windows desktop apps.

Soonts
  • 20,079
  • 9
  • 57
  • 130
  • 1
    Unfortuntately, Windows doesn't even check the signature of an application by default. You have to check the validity of the signature of your app yourself. Additionally, this doesn't prevent malicious code to be injected into an in-memory-copy of the application. – PMF Aug 26 '18 at 12:03
  • 1
    @PMF Yeah, I know (unless it’s a device driver). But at least the change will be visible to end user, right click, properties, “Digital Signatures” tab, “Details” will say “This digital signature is not valid”. As for RAM-only injects, if you have malicious code running on your PC under the account that has SeDebugPrivilege, it’s too late to worry about embedding code in executables, the complete PC is already screwed up. – Soonts Aug 26 '18 at 12:09