encrypting system files to prevent malware?

S

sdowney717

New member
Power User
VIP
Local time
4:59 PM
Messages
705
I just had a thought.
Could the entire file system be encrypted with private keys?
That would mean updates and installs would need to become encrypted.

Then when files are executed, a decryption is needed for them to run.
Malware could not run as it would not have been encrypted by your private key..
So run thru the decrypter, the file is trashed.
Would this be too slow to work?
 

My Computer

OS
Windows 7 Ultimate x64
Not sure what you envision. If a decryption is required to run, how would you provide the decryption keys for all the thousands of program executions the OS would normally perform?

This doesn't sound like it would necessarily prevent a change to a key'd file, just that it was now a non-key malware file. Sorry if I don't follow.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Dell Insprion 7559 next to a Toshiba Portege
OS
Win 7 Pro 64-bit
CPU
Intel Core i5
Motherboard
Intel
Memory
16 GB Dell, 6 GB Toshiba
Graphics Card(s)
Intel crap on both but Dell also has nVidia GeForce GTX960M
Sound Card
RealTek
Monitor(s) Displays
internal and external ACER KA270H 27"
Screen Resolution
1920x1080
Hard Drives
SSD 256 GB plus numerous WD Red or Purple on USB3 docks. Used to buy a lot of Seagate but tossed them the second time I got unrecoverable disc corruption in the midst of use.
Keyboard
Garage Mouse SW and some cheap Amazon China made USB device
Mouse
Garage Mouse and some cheap Amazon China made USB device
Internet Speed
50 Mbps (allegedly, depends on server)
Antivirus
Defender, Malwarebytes Premium and Kaspersky
Browser
IE 11, and Chrome something
Everyone would have a private key unknown to anyone else, including the malware.
Means you could not share a program file like an exe or dll to another system unless it was decrypted by you first.
A non keyed malware file could not run as all files that will run must run a decryption event on them.

Malware that rides along installing other programs would have to know your private key to encrypt the addition malware it installs by itself, otherwise the malware installed could not execute as a file.

Not saying any of this would work at all.
 

My Computer

OS
Windows 7 Ultimate x64
I am sure you are not the first to have this idea. To me it sounds like a good idea on the surface but falls apart when you get into the details. I can see a number of issues but they are not easily described and I will not try.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Pro 64 bit
CPU
Xeon W3520
Memory
8 GB
Graphics Card(s)
Nvidia Geforce 210
You know Microsoft was already looking at ways to secure the boot process and the system files from such things. Use of Digital Signatures haven't really taken off like they hopped. Then when trying to secure the boot they used UEFI's SecureBoot method. We saw how that went down. Everyone was in a tizy over nothing. But encrypting the files isn't going to do anything really.

Summary of a Digital Signature:
Create a hash of the source material, use your private key to encrypt the hash.
Send the file and the newly created signature to the recipient.
The recipient creates a hash of the material, then decrypts the signature with your public key.
You use that method to determine if the material was forged or tampered with.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Alienware Aurora ALX R4
OS
Windows 10 Pro (x64)
CPU
Intel Core i7-3930K (3.2GHz - 4.5GHz)
Motherboard
Alienware Aurora-R4 x79
Memory
4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)
Graphics Card(s)
Nvidia Geforce GTX 690
Sound Card
SteelSeries Siberia Elite
Monitor(s) Displays
Dell UltraSharp U3011
Screen Resolution
2560x1600
Hard Drives
Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD
PSU
875W Some Dell PSU <.<
Case
Alienware Aurora ALX
Cooling
Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD
Keyboard
Logitech G710+ Mechanical
Mouse
Logitech G700s
Internet Speed
Verizon Fios (50 mbps average)
Other Info
Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2
You must log in or register to reply here.

Similar threads

Solved How to prevent driver from loading at boot or to service Win7 offline
Replies
3
Views
10K
SIW2
SIW2
Takes 30 Minutes To Copy Files Across LAN
Replies
3
Views
4K
samuria
samuria
Batch youtube video converter, up to 60fps and works with WMP
Replies
0
Views
13K
bfh47
B
Solved Problem transferring Win7 to new SDD - Repair CD *nearly* worked
Replies
4
Views
4K
SIW2
SIW2
Macrium Reflect V6 Clone Failed & System Volume Permissions
Replies
2
Views
4K
ZTatZAU
Z
Back
Top