It's a neat concept, although I imagine this'll be a cat and mouse endeavor that escalates very quickly. So, a suggestion - apply to the Open Technology Fund's Rapid Response Fund. I'd probably request the following in your position:
* code signing certificate funding
* consulting/assessment to harden the application or concept itself as well as to make it more robust (they'll probably route through Cure53)
* consulting/engineering to solve for the "malware detects this executable and decides that the other indicators can be ignored" problem, or consulting more generally on how to do this in a way that's more resilient.
If you wanted to fund this in some way without necessarily doing the typical founder slog, might make sense to 501c3 in the US and then get funded by or license this to security tooling manufacturers so that it can be embedded into security tools, or to research the model with funding from across the security industry so that the allergic reaction by malware groups to security tooling can be exploited more systemically.
I imagine the final state of this effort might be that security companies could be willing to license decoy versions of their toolkits to everyone that are bitwise identical to actual running versions but then activate production functionality with the right key.
> consulting/engineering to solve for the "malware detects this executable and decides that the other indicators can be ignored" problem, or consulting more generally on how to do this in a way that's more resilient.
This would be a boon for security folk who analyze/reverse malware: they can add/simulate this tool in their VMs to ensure the malware being analyzed doesn't deactivate itself!
> decoy versions of their toolkits to everyone that are bitwise identical to actual running versions but then activate production functionality with the right key
I kinda think this functionality could be subverted into a kill switch for legit-licensed installs simply by altering the key.
* code signing certificate funding
* consulting/assessment to harden the application or concept itself as well as to make it more robust (they'll probably route through Cure53)
* consulting/engineering to solve for the "malware detects this executable and decides that the other indicators can be ignored" problem, or consulting more generally on how to do this in a way that's more resilient.
If you wanted to fund this in some way without necessarily doing the typical founder slog, might make sense to 501c3 in the US and then get funded by or license this to security tooling manufacturers so that it can be embedded into security tools, or to research the model with funding from across the security industry so that the allergic reaction by malware groups to security tooling can be exploited more systemically.
I imagine the final state of this effort might be that security companies could be willing to license decoy versions of their toolkits to everyone that are bitwise identical to actual running versions but then activate production functionality with the right key.