在独立应用程序中防止恶意软件的良好编程实践是什么? [英] What are good programming practices to prevent malware in standalone applications?
问题描述
是否有人对如何防止对独立应用程序进行恶意软件攻击有任何想法.假设这是连接到互联网的 Windows 机器上的程序,这是最常见的情况.
Does anyone have any thoughts on how to prevent malware attacks on standalone applications. Let's say this is a program on a Windows machine connected to the internet, this is the most common scenario.
我还想知道什么类型的攻击是可能的.我相信 .NET 会在运行之前对代码进行某种类型的静态检查,使用一种校验和.这将检测静态附加的恶意代码片段.这能解决吗?
I'm also wondering what type of attacks are possible. I believe .NET will do some type of static check on the code before it runs it, using a type of checksum. This would detect a statically attached malicious code snippet. Can this be gotten around?
动态注入的代码呢?单独的程序空间在某种程度上防止了这种情况.感染数据文件怎么办?将数据存储在数据库中并且只使用服务调用而不使用文件操作是否更安全?
What about dynamically injected code. Separate program spaces prevent this to some degree. What about infecting data files? Is it safer to store data in a database and only use service calls no file operations?
如何使用内存使用技术来提高安全性?我知道这不是一个独立的案例,但是,DNS 服务器损坏的问题与 IP 地址的可预测使用有关.是否应该让内存使用更不可预测?
What about memory usage techniques to increase security? I know it's not a standalone case, but, the problem with DNS server corruption had to do with a predictable use of, I think, IP addresses. Should memory usage be made more unpredictable?
推荐答案
我还想知道可能的攻击类型是什么.
I'm also wondering what type of attacks are possible.
您可以检查的内容因您的应用而异.以下是一些可以帮助您入门的想法:
What you can check for varies depending on your application. Here are some thoughts that may help you get started:
假设您有一个图像编辑器,您会希望确保人们不会因为图像编码器/解码器库中的错误而利用缓冲区溢出.
Assuming you have a image editor you will want to be sure that people don't exploit buffer overruns due to bugs in the image encoder/decoder libraries.
如果您有浏览器或文档查看器,则需要在允许用户浏览该 URL 之前检查每个 URL -- 您应该禁用 javascript 注入.
If you have a browser or a document viewer, you need to check every URL before allowing the user to browse to that URL -- you should disable javascript injection.
如果您正在处理套接字,请注意您不允许任何任意连接.
If you are dealing with sockets, see that you don't allow any arbitrary connections.
如果您正在从系统剪贴板读取/写入,请仔细检查数据,不要留下任何东西.进行适当的清理.
If you are reading/writing from system clipboard, double check the data and don't leave anything behind. Do proper cleanup.
签署您自己的二进制文件和其他可分发文件.
Sign your own binaries and other distributables.
如果您的应用程序涉及安全:
If your application deals with security:
使用好的加密库
还有更多……
动态注入的代码呢?
这几乎总是因为您的代码中存在一些错误.通过静态分析工具运行您的代码并检查缓冲区溢出和朋友.
This is almost always because of some bugs in your code. Run your code through a static analysis tool and check for buffer overruns and friends.
如何使用内存使用技术来提高安全性?
What about memory usage techniques to increase security?
在多用户场景中,您的应用程序已经被沙箱化,可以在每个用户自己的进程空间中运行.但是,为单个用户沙箱不同的应用程序是没有意义的.
In a multiuser scenario, your application is already sandboxed to run in each user's own process space. However, it doesn't make sense to sandbox different applications for a single user.
这篇关于在独立应用程序中防止恶意软件的良好编程实践是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!