Malware Resolution Protocol - No More Malware
By Miroslav Bonchev Bonchev Botev
The following protocol can eradicate or make almost non existent any malware. The protocol is simple and can be implemented within days and eradicate all malware
within a week. Some users may suffer slight inconveniences until their software providers comply with the first instruction of the protocol.
Malware Resolution Protocol - No More Malware - Core
-
Software manufacturers identification: software manufacturers must be registered (have authenticated accounts) with the operating system manufacturer.
-
Machine software identification: software must be digitally signed by the operating system manufacturer and its digital signature(s) must be registered with them.
Software can be signed additionally by other Certificate Authorities for added security.
-
The operating system must never start or load an executable file (binary or script) which is not digitally signed by the operating system manufacturer or its signature verification fails.
-
If a software is identified as a malware, then the operating system manufacturer can terminate it worldwide by advising all internet connected machines that particular software (identified by its signature) is a malware.
This can be done by revoking the developer’s code signing certificate and/or by operating system update.
-
The authorities can bring the developer of a malware to justice, because the latter was identified by the Certificate Authority (in 1.) in order to issue their code signing certificate (in 2.), including their bank details for payment, address, etc.
-
Non-signed software can be run or loaded only after triple WARNING screen – this allows legacy software to still be used.
-
Software compiled (and locally signed) on a machine can run on it without warning screens – this would allow developers to still work efficiently.
The first four rules guarantee that malware software does not run and propagate. However, if such software does appear, then it can be terminated
immediately and its authors swiftly brought to justice. An important side effect of the protocol is that it also terminates the use of cracked software,
as the digital signatures of such software are invalid. The fifth rule provides means for old software to still be used. The sixth rule allows software
developers to work efficiently without warning screens.
The Malware Resolution Protocol (core) requires placing a few “if” conditions at the beginning of the process and DLL loader, and a simple “Warning” window.
The protocol does not require complex development, nor does it slowdown computers, in difference from anti-virus software. The protocol makes anti-virus
software mostly obsolete saving time, money and energy. It can help businesses and people restore trust in unknown software, save billions from losses due
to malware, and bring criminals to justice. Further, the protocol disables all cracked software thus helping software manufacturers. Additional non-vital
but strongly recommended rules can be added to the protocol, including:
Malware Resolution Protocol - Addendum - Optional Rules
-
Hierarchic software identification: operating system manufacturers must enforce an unified schema for software identification e.g. manufacturer.application.version.
The hierarchic software identification must be also stored by the operating system manufacturers, when registering the software in 2.
-
The operating system must provide functionality to allow the user to easily audit all executable files and all manufacturers of software found on their computer.
-
The operating system must provide functionality to allow logging of application activities, such as loaded modules, and used APIs and functions.
For example, the user/OS manufacturer can request logging of part or all of the activities of specific or all copies of an application on a computer.
-
The operating system must clearly displayed information about the manufacturer of software and the status of its digital signatures next to its name or in a balloon.
-
The operating system must display triple WARNING screen when a non-installed software is started, regardless that it may have a valid signature - this will stop executable code passed with malicious emails.
-
The operating system must allow processes to specify the manufacturer of the library they attempt to load, or process they attempt to start, or script they attempt to execute.
-
Similar requirements must be enforced for browser or other software extensions, as well as for internet controls.
-
Software manufacturers must be able to audit and review their accounts and issued signatures at the Certificate Authority which signs their code.
The protocol does not prevent all possible cyber-attacks, but limits malware attacks to nearly zero. It also fully precludes use of cracked software.
In its entirety the protocol is doable in a few weeks. The core of the solution can be put in place in less than a week, and the additional rules can
be added gradually. In its most basic form the protocols consists of two points:
-
All software must be identified.
-
Non-identified software is never run.
As I demonstrate in the video below, Windows ignores checking the integrity of software and executes corrupted (possibly infected with malware) or unknown origin (possibly malware) software:
There is one question which this protocol cannot answer - namely why Microsoft has not implemented such protocol 25 or more years ago?!
Miroslav Bonchev Bonchev Botev
19-th May 2017
England
We would love to know your thoughts and opinions on this article. Please leave any comments or questions you may have about it in the box below, and create a
free account or
subscribe to our newsletter if you wish to be notified when we publish new articles.
Machine translation:
