There has been a recent burst of blog posts about adversarial interoperability: Dodging Bullets on the Path to a Decentralized Future: 2019 in Review, Adversarial Interoperability [eff.org], Adversarial Interoperability [nickgrossman.is], and Adversarial Interoperability [avc.com]. This is THE topic at the core of the products and services we offer. Sixteen years ago, Nektra created an API for Microsoft Outlook Express allowing software security companies to access and defend users. This was the first of many projects which fall under the recent term “adversarial interoperability”. As we look back, now in January 2020, we see that much of our work in software security, reverse engineering, decentralization, blockchain, cryptocurrencies, and web scraping falls into this area:
Data loss prevention software is deployed to ensure that end users do not accidentally or intentionally send sensitive or critical information outside the corporate network. We have helped companies like Spirion and Dell achieve this. Popular suites of applications like Microsoft Office only allow limited control over features which prevent and control the flow of restricted digital material within an organization. Our products Deviare and RemoteBridge enable software developers to modify the internal behavior of Windows applications and strengthen security in many ways: controlling the PrintScreen key and clipboard, classifying and monitoring sensitive files, controlling access to information by context, intercepting UI controls, and offering specific add-ons for Windows, Google Chrome, Mozilla Firefox, Microsoft Edge, Internet Explorer, Microsoft Office, Microsoft Office 365, Open Office, and Google Docs.
The malware attack vectors include targeting multiple devices, operating systems, the cloud infrastructure, and processes and applications used by users and organizations. Most of these applications were not built assuming cybersecurity threats or don’t incorporate APIs to integrate them with malware protection engines. We analyze the way software, protocols, and non-standard data format engines work to alter their behaviour, add or repair functionality, and detect malware. Examples include adapting existing applications to new operating systems and environments, or connecting closed applications. We created APIs and integrations on top of inextensible applications. The current products in this line are Deviare and RemoteBridge and in the past we created specific APIs for closed email clients.
Below is a case study from the year 2010 that solved a technical challenge for one of the top cybersecurity companies in the world adding support for critical legacy applications in the Symantec Workspace Virtualization suite:
Large companies are continually faced with new technologies and shorter technology cycles which render their trusted applications obsolete. Migrating an application from one technology to another is expensive and the timeframe required to carry it out is prohibitive for most companies. In 2010, Nektra developed software which allows old technologies such as Internet Explorer 6 to run on Windows 7. Symantec uses it in their Endpoint Virtualization Suite, but it can be used to virtualize many other applications as well.
Symantec Vision 2010 conference was approaching and Symantec was eager to implement IE6 virtualization in Windows 7, a feature already offered by some competitors. Symantec workspace virtualization also has to support many other technologies that are part of the IE6’s ecosystem: Java, Adobe Flash, and Acrobat Reader, and their updates.
Desktop virtualization products work successfully with the majority of applications but some applications require above-average application packaging skills and a few require tailored solutions.
Nektra used its SpyStudio and Deviare Interception technologies to virtualize IE6. SpyStudio pinpointed the gaps left by Symantec Workspace Virtualization, while Deviare filled in these gaps enabling IE6 to run in Windows 7. Brian Madden celebrates this new functionality in his blog and includes a video demo.
Nektra also provided third level escalation support, support for updated browser plugins, and fixes for the IE6 virtualization.
More recently, Nektra successfully tackled the issues related to virtualizing Microsoft Office with volume licensing for all versions of Windows up to 8.1.
- Adding a key feature to a product that leveraged Symantec’s position in the virtualization market
- Delivery in time for Symantec Vision 2010 conference
- The 3rd level escalation support service was able to handle all requests successfully.
Desktop Software Lockdown
Below is one of our case studies for a secure kiosk solution for Riverbend Design Group. We developed an adaptive native extension for Adobe AIR which locks down the operating system environment.
Riverbend Design Group asked us to build a secure kiosk component that could be integrated with an Adobe Flex application via a native extension. In kiosk mode, applications should run in a locked down operating system environment. Keyboard shortcuts such as control-alt-delete or print-screen must be blocked to keep users from escaping the application and taking control of operating system functions.
Standalone kiosk security products like Internet Kiosk Pro, Advanced Internet Kiosk, Secure Lockdown, and SiteKiosk must be deployed separately from the kiosk applications they protect. The secure kiosk component we designed for Riverbend Design Group is deployed as part of their kiosk application. This means that they can change the configuration dynamically from the kiosk application itself, add custom features, and save money on licensing fees.
Our Adobe native extension adapts to the environment where the application is running. When running with administrator privileges, it can install Windows device drivers to handle system shortcuts like control-alt-delete and block execution of alien applications. Without administrator privileges the extension blocks as many shortcuts as it can and alerts the kiosk application to alien applications. Additionally, the kiosk application can be configured to shut down if someone attempts to run it on a virtual machine to get around these safeguards. This option would also be practical for anti-bot detection on gaming or casino sites.
The project’s priorities included:
- Providing critical high quality drivers which do not crash
- Integrating ANE, drivers, and user mode modules
- Support for multiple Windows operating system versions
There are currently 6543 coins listed in CoinGecko, yet there is a lot of friction moving from one to the other, especially if you want to convert any of this to the Bitcoin, the king cryptocurrency. The main way to move from one blockchain to another one is via a cryptocurrency exchange but this is not a seamless move and it moves the price and liquidity. Blockchain interoperability should not affect the price but make it easy to extend the limitations of one blockchain via other blockchain features. If Bitcoin doesn’t support smart contracts you could built a sidechain on top of it adding these features in the way that RSK did. We modified Bitcoin Core to support Drivechains using OP_COUNT_ACKS. In the area of cross blockchain technology we built a decentralized bridge between Ethereum and Dogecoin that can be extended to other blockchain pairs in Dogethereum: A Decentralized Blockchain Bridge Between Dogecoin and Ethereum is Born.
You can reverse engineer binary applications but you cannot reverse engineer and modify the SaaS and web application offerings. Say you built a strong business network in LinkedIn and want to export your contacts. You will realize that while you can see the emails if you click on your contact profiles, you cannot see them once you export them. Even when you have done business with these people. Adversarial interoperability tactics come to the rescue in the shape of web scraping, headless Google Chrome, VPNs, and rotating proxies. We have created foundational resources in this area at Data Big Bang.