Jump to content

Where to submit ideas and patents


moyo

Recommended Posts

I have a patent pending application that i would like to run by the company...where can i go? the number is ZW0317   here is a short description of it

The objective. 

To place a difference between the code of viruses and legitimate code, Then use this difference to help in the identification of viruses that have affected programs. 
The idea is to confusticate source code (or create a new programming language that traditional programming languages are then translated to) in such a way as to give it structure that can be recognized by an anti virus and cannot be analysed and duplicated by virus makers. 

Then as an antivirus software is scanning the software it searches only for code dissimilar to this structure and uses this as a basis for identifying foreign or virus code. 

That method involves using an advanced algorithm to confuscate the code. Then when the anti virus scans the software it looks for something matching the structure imposed on the software by the algorithm. When it sees this familiar code in any part of the software, it knows that the rest must conform to it to be legitimate. 

Any other code is foreign code and must be a virus. Additionally as it scans it is no longer comparing the code it sees with many different virus signatures, but only looks through the code for two types of software structure; legitimate and illegitimate, so it will be faster. 
This should defeat any type of virus except those whose purpose is to delete parts of the software. To counter those we need to encrypt the code in a fractal manner, so information about any part of the code can be found in other parts (the surviving parts). rnrnThe business model to employ would be to have different software vendors submit their original source code rnto a cloud antivirus company. 

This antivirus company would confusticate their code according to the above method and then send it back. rWhen scanning clients machines the cloud antivirus would identify supported software's through an initial scan to determine if any part of the software conforms to the confustication algorithm. if it does it changes mode and then looks for viruses using the above mentioned methods. 

The advantage to the independent software vendors is that they can use the antivirus to identify pirated software as the keys and patches used would presumably not match the structure of the confusticating algorithm. Piracy can still happen if the crackers decide to scan their files offline , 

but then they do not have the same advantages as paid users in terms of efficiency of scanning and restorability of their files from using the cloud antivirus. This advantage to the independent software vendors will make them much more willing to buy into the whole concept and improve the marketability of these ideas. 
 

Link to post
Share on other sites

  • 2 weeks later...

Since no one has any suggestions on who i can present this to...do any of you see flaws in this idea.

 

One flaw could be a virus that contains a piece of one of the already obfuscated programs and attaching itself to a legitimate file that is not obfuscated. the antivirus will detect the obfuscated code and remove both the virus and the program that it has attached itself to and that was not obfuscated with this system.

 

I have ways to mitigate against this. Do any of you see anything else i might have missed? Perhaps it is not practical. 

Link to post
Share on other sites

You might look into digital signing. Digital signing works like this:

  • you receive a file F
  • F contains a note saying that this file comes from person Y. (This note is called a signature.)
  • Person Y's note contains a second note from person X saying that person Y is telling the truth about who they say they are. (This note is called a CA signature.)

We can use cryptography to verify that, if you already have some information person X wrote and sent to you, then you can prove person X's note wasn't forged. (Specifically: you can prove that there's a secret number person X knows, that it matches a number X gave you a long time ago, the person who wrote the note knew X's number, and that you can't figure out what X's number is just by looking at the note.) Then you know that, to the best of person X's knowledge, person Y is telling the truth too. You can use person Y's information to prove that the file was not changed since it was sent, so if you trust person Y, you can open the file.

The historical problem with these systems is that person X is often fooled and person Y often mistakenly gives away secret information that lets other people forge his signature.

I don't know what "encrypt the code in a fractal manner" means but there are a lot of programs that look at their own code while running to make sure it hasn't been changed. There aren't as many programs that rely on cryptography to do this, because a person who modifies the program itself can also modify the cryptography information that the program uses to check if it has been modified. Digital signing is a pretty strong tool against people modifying the file on the hard drive, but it isn't a good defense against code that is already running, and it relies on assuming that something will actually check that the digital signature is correct. A hacker could make it so the program checks if the hacker signed it, rather than checking if the developer signed it. Some processors now have the ability to run encrypted code using a hidden region of memory not visible to the operating system or debuggers, and this might make it easier to prevent people from modifying your program. I don't know very much about this feature though.

I think your system sounds more complicated because it relies on making changes to the structure of file F. Also, knowing that a program came from a specific compiler probably isn't enough to determine that the program is safe to run. A compiler doesn't know the difference between malware and non-malware, and it's very hard to keep a software tool from getting into the hands of people who will use it for malicious things, because software is easy to copy. If your scheme was made insecure (for instance, if someone leaked the compiler) it might be hard to make people's computers stop treating "it came from moyo's compiler" as proof that the program is secure.

You might still try to throw together an implementation of your system to see if you get any interesting results along the way, though.

Edited by Bianfu
grammatical error
Link to post
Share on other sites

Hi

Thank you for your thoughts.

===

A compiler doesn't know the difference between malware and non-malware, and it's very hard to keep a software tool from getting into the hands of people who will use it for malicious things, because software is easy to copy. If your scheme was made insecure (for instance, if someone leaked the compiler) it might be hard to make people's computers stop treating "it came from moyo's compiler" as proof that the program is secure.

==

 

The compiler is able to make a difference between malware and non malware. If you are familiar with programming, one implementation would be to place an x = 5 ;"do { structure} while (x>0).

 

This do while loop will always run the code within it (here named structure.

So if we place that particular do while statement around every single unit of code , by which i mean the methods and functions of the meat of the code, then this program will essentially run exactly the same as before the apparently purposeless do while loop was added..

 

But when an antivirus is scanning this program, it will "expect" periodically to see that dummy code for the do while loop. As soon as it doesnt see this code it automatically knows that something is wrong, and prsumably a virus has attached itself to the code. It will know this because the code of the virus doesnt have a dummy do while loop every so oftebn as it scans.

 

This is a grossly simple example. And you are right that once the method of doing this is discovered, i.e. the particular implementation it then means that a virus may be made to that specification.

But there is a lot of scope in this. We could use algorythms that are extremely complicated to acheive the repetetive structure and not necessarily the method i used in the example. In fact the method i used above is too simple to be secure. Also since we can include variables in say the do while loop, that have numeric values, we can use our imagination and implement prime number based cryptography. THAT is probably impossible with todays computers to crack (in meaningful time) and the system is once more secure. So perhaps the antivirus expects to see a string of ones and zeros that represent a prime factor of another string of zeros that represent the composite number every so often, im just speculating here and there might be a way to crack this but you get the gist.

 

Edited by moyo
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.