There has been a recent burst of blog posts about adversarial interoperability: Dodging Bullets on the Path to a Decentralized Future: 2019 in Review, Adversarial Interoperability [eff.org], Adversarial Interoperability [nickgrossman.is], and Adversarial Interoperability [avc.com]. This is THE topic at the core of the products and services we offer. Sixteen years ago, Nektra created a Microsoft Outlook Express API which allowed software security companies to access emails and defend users. This was the first of many projects which fall under the recent term “adversarial interoperability”. As we look back in January 2020, we see that much of our work in software security, reverse engineering, decentralization, blockchain, cryptocurrencies, and web scraping falls into this area:
Data loss prevention (DLP) software is deployed to ensure that end users do not accidentally or intentionally send sensitive or critical information outside the corporate network. We have helped companies like Spirion and Dell with their DLP products. Popular suites of applications like Microsoft Office only allow limited control over features which prevent and control the flow of restricted digital material. Our products Deviare and RemoteBridge enable software developers to modify the internal behavior of Windows applications and strengthen security in many ways: controlling the PrintScreen key and clipboard, classifying and monitoring sensitive files, controlling access to information by context, intercepting UI controls, and offering specific add-ons for many Windows and web applications.
Malware can target multiple devices, operating systems, the cloud infrastructure, and processes and applications. Most of these applications do not include protection against cybersecurity threats or APIs for malware protection engines. We analyze the way software, protocols, and non-standard data format engines work to alter their behavior, add or repair functionality, and detect malware. Examples include adapting existing applications to new operating systems and environments, or connecting closed applications.
Application Virtualization: Case Study
Large companies are continually faced with new technologies and shorter technology cycles which render their trusted applications obsolete. Migrating an application from one technology to another is expensive and the timeframe required to carry it out is prohibitive for most companies. In 2010, Nektra developed software which allows old technologies such as Internet Explorer 6 to run on Windows 7. Symantec uses it in their Endpoint Virtualization Suite, but it can be used to virtualize many other applications as well.
Symantec Vision 2010 conference was approaching and Symantec was eager to implement IE6 virtualization in Windows 7, a feature already offered by some competitors. Symantec workspace virtualization also has to support many other technologies that are part of the IE6’s ecosystem: Java, Adobe Flash, and Acrobat Reader, and their updates.
Desktop virtualization products work successfully with the majority of applications but some applications require above-average application packaging skills and a few require tailored solutions.
Nektra used its SpyStudio and Deviare Interception technologies to virtualize IE6. SpyStudio pinpointed the gaps left by Symantec Workspace Virtualization, while Deviare filled in these gaps enabling IE6 to run in Windows 7. Brian Madden celebrates this new functionality in his blog and includes a video demo.
Nektra also provided third level escalation support, support for updated browser plugins, and fixes for the IE6 virtualization.
More recently, Nektra successfully tackled the issues related to virtualizing Microsoft Office with volume licensing for all versions of Windows up to 8.1.
Adding a key feature to a product that leveraged Symantec’s position in the virtualization market
Delivery in time for Symantec Vision 2010 conference
The 3rd level escalation support service was able to handle all requests successfully.
Desktop Software Lockdown: Case Study
Riverbend Design Group asked us to build a secure kiosk component that could be integrated with an Adobe Flex application via a native extension. In kiosk mode, applications should run in a locked down operating system environment. Keyboard shortcuts such as control-alt-delete or print-screen must be blocked to keep users from escaping the application and taking control of operating system functions.
Standalone kiosk security products like Internet Kiosk Pro, Advanced Internet Kiosk, Secure Lockdown, and SiteKiosk must be deployed separately from the kiosk applications they protect. The secure kiosk component we designed for Riverbend Design Group is deployed as part of their kiosk application. This means that they can change the configuration dynamically from the kiosk application itself, add custom features, and save money on licensing fees.
Our Adobe native extension adapts to the environment where the application is running. When running with administrator privileges, it can install Windows device drivers to handle system shortcuts like control-alt-delete and block execution of alien applications. Without administrator privileges the extension blocks as many shortcuts as it can and alerts the kiosk application to alien applications. Additionally, the kiosk application can be configured to shut down if someone attempts to run it on a virtual machine to get around these safeguards. This option would also be practical for anti-bot detection on gaming or casino sites.
The project’s priorities included:
- Providing critical high quality drivers which do not crash
- Integrating ANE, drivers, and user mode modules
- Support for multiple Windows operating system versions
There are currently over six thousand coins listed in CoinGecko which are on a variety of blockchains. These blockchains differ from one another in features and performance, so in some cases it may be useful to temporarily port a coin to another blockchain. We modified Bitcoin Core to support connections to other blockchains via drivechains using OP_COUNT_ACKS. We also built a decentralized bridge between Ethereum and Dogecoin that can be extended to other blockchain pairs. See Dogethereum: A Decentralized Blockchain Bridge Between Dogecoin and Ethereum is Born.
Web scraping is a way to retrieve information from areas of the web with restricted access. Web applications are fast replacing desktop applications. Unlike desktop applications, web applications cannot be reverse engineered to overcome limitations on access to and handling of data. Web scraping provides a way to automate the retrieval and insertion of the information contained in web applications. We have created foundational resources in this area at Data Big Bang.