On the Security of Application Installers and Online Software Repositories

The security of application installers is often overlooked, but the security risks associated to these pieces of code are not negligible. Online public repositories have been one of the most popular ways for end users to obtain software, but there is a lack of systematic security evaluation of popul...

Full description

Saved in:
Bibliographic Details
Published inDetection of Intrusions and Malware, and Vulnerability Assessment pp. 192 - 214
Main Authors Botacin, Marcus, Bertão, Giovanni, de Geus, Paulo, Grégio, André, Kruegel, Christopher, Vigna, Giovanni
Format Book Chapter
LanguageEnglish
Published Cham Springer International Publishing 11.06.2020
SeriesLecture Notes in Computer Science
Subjects
Downloader
Installer
Trojan
Online AccessGet full text

Cover

More Information
Summary:The security of application installers is often overlooked, but the security risks associated to these pieces of code are not negligible. Online public repositories have been one of the most popular ways for end users to obtain software, but there is a lack of systematic security evaluation of popular public repositories. In this paper, we bridge this gap by analyzing five popular software repositories. We focus on their software updating dynamics, as well as the presence of traces of vulnerable and/or trojanized applications among the top-100 most downloaded Windows programs on each of the evaluated repositories. We analyzed 2,935 unique programs collected in a period of 144 consecutive days. Our results show that: (i) the repositories frequently exhibit rank changes due to applications fast climbing toward the first positions; (ii) the repositories often update their payloads, which may cause the distribution of distinct binaries for the same intended application (binaries for the same applications may also be different in each repository); (iii) the installers are composed by multiple components and often download payloads from the Internet to complete their installation steps, posing new risks for users (we demonstrate that some installers are vulnerable to content tampering through man-in-the-middle attacks); (iv) the ever-changing nature of repositories and installers makes them prone to abuse, as we observed that 30% of all applications were reported malicious by at least one AV.
ISBN:9783030526825
3030526828
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-030-52683-2_10