Encryption Consent

>>60508007
How do you tell an encrypted file from an encoded file?

How is an OS supposed to know that a program is encrypting things?

File: 1495211749219.png (787KB, 1637x682px) Image search: [Google]

787KB, 1637x682px

>>60508007
>OSes should stop encryption we-I mean you- don't approve of
gee, I wonder who could be behind this post

>>60508026
You really don't know if you don't know what the cleartext file should look like. Binary data would be indistinguishable.
>>60508045
Like I said, there are specific operations that the CPU needs to occur in order to encrypt data.

You'd first start this by looking for well known libraries like openssl, or Windows crypto API being called, etc...
When the fraudsters start writing their own custom encryption (if possible) then you'd have to be smarter and write heuristics to try detect it.

>>60508258
I bet I could perform encryption with just the MOV instruction.

This problem is better solved in the filesystem. If your shit gets fucked then roll back to a previous version if you use a fancy filesystem like zfs

>>60508330
>I bet I could perform encryption with just the MOV instruction.
Companies would write encryption definitions (like anti-virus definitions) after that pattern and screen it out.
>This problem is better solved in the filesystem. If your shit gets fucked then roll back to a previous version if you use a fancy filesystem like zfs
Sure, there are other ways. You could do a BSD thing and jail every process, maybe with docker?

But I'm not solving your unwanted encryption attempts because you aren't likely to download and run ransomware packages. I'm more interested in stopping our parents who run Windows from running ransomware or be spied on.

>>60508451
And I could write it a different way. Good fucking luck catching it in the general case.

>>60508468
You're not providing enough information to support your assertion that it would be difficult to catch.

Given that asymmetric encryption is a very complex process, it would take you more time to try and beat the detection heuristics with constantly trying to invent new methods than me to turn around and create a definition for it.

Your cleverness will run out very quickly.

>>60508550
I think the problem of figuring out what a piece of code is doing is a much harder problem than writing said code.

>>60508007
sage b88888888

>>60508451
You're suggesting that companies can solve the halting problem by just putting in a little effort.

No.

I remember reading a paper somewhere about a method for detecting ransomware behavior with really high accuracy, but it was based on detecting filesystem operations, not encryption. You could go and search it.

>>60508550
>asymmetric encryption is a very complex process
It's not, it's just raising a number (your data) to the power of your public/private key. Generating key pairs is done by finding two large prime numbers then performing some basic arithmetic on them. Both operations are very slow however.

>>60508258
How do you tell an encryption operation from a hashing or compression operation? Many hashing algorithms use AES round functions.
Also I can statically link openssl or other encryption libraries into my executable

>>60508007
>if users had to approve encryption by program
Most users would either allow all encryption out of laziness, defeating your scheme, or disallow all encryption based on naive wariness, leaving all of their data in the clear. Neither outcome is desirable. The user should decide as little as possible in the typical case.

Better make non-rewritable HDD.
All malicious programs can't do anything except leak your data.

>>60511786
Well either this or a special OS lock on files that would limit writes possible. Some type of "smart write". Say only certified applications can have access to .doc files or something.