Vorträge und Posterpräsentationen (mit Tagungsband-Eintrag):
C. Kadluba, M. Mulazzani, L. Zechner, S. Neuner, E. Weippl:
"Windows Installer Security";
Vortrag: ASE International Conference on Privacy, Security, Risk and Trust (PASSAT),
Cambridge, MA, USA;
14.12.2014
- 16.12.2014; in: "International Conference on Privacy, Security, Risk and Trust",
(2014).
Kurzfassung deutsch:
Windows Installer has been an integral part of Microsoft
Windows for a long time and is the standard method of soft-
ware management and deployment on this operating sys-
tem. Since this technology exists for quite a while and is
heavily used, it is worth to take a look at it from the secu-
rity perspective, in particular regarding the risks users face.
This paper shines light on the risks that can arise from the
content in untrusted installer packages. For one, we analyze
the variable importance of di erent data regions within an
msi le and the consequences of flipping a single bit, possi-
bly resulting in corrupted content and/or installation logic.
A specially developed analysis script shows that malware
detection in MSI les can be signi cantly improved com-
pared to normal scans with conventional anti-virus prod-
ucts. The method is tested with MSI packages prepared
with malware samples and the results are compared to nor-
mal AV scanning. Lastly, we created a metric to allow the
advanced users to evaluate the possible risks of a given msi
installer le prior to installation. Installer packages of freely
available, and very popular products are analyzed with this
scripts to get a picture of the current practice of authoring
security during setup throughout the software industry.
Kurzfassung englisch:
Windows Installer has been an integral part of Microsoft
Windows for a long time and is the standard method of soft-
ware management and deployment on this operating sys-
tem. Since this technology exists for quite a while and is
heavily used, it is worth to take a look at it from the secu-
rity perspective, in particular regarding the risks users face.
This paper shines light on the risks that can arise from the
content in untrusted installer packages. For one, we analyze
the variable importance of di erent data regions within an
msi le and the consequences of flipping a single bit, possi-
bly resulting in corrupted content and/or installation logic.
A specially developed analysis script shows that malware
detection in MSI les can be signi cantly improved com-
pared to normal scans with conventional anti-virus prod-
ucts. The method is tested with MSI packages prepared
with malware samples and the results are compared to nor-
mal AV scanning. Lastly, we created a metric to allow the
advanced users to evaluate the possible risks of a given msi
installer le prior to installation. Installer packages of freely
available, and very popular products are analyzed with this
scripts to get a picture of the current practice of authoring
security during setup throughout the software industry.