Tackling Obsolete Product Issues using MSIX within the CES Framework Guidelines

Tackling Obsolete Product Issues using MSIX within the CES Framework Guidelines

Apr 27, 2023 | Articles

Introduction

Obsolete products and outdated software applications pose significant security risks for organisations. The CES (Cyber Essentials Scheme) framework is designed to help address these challenges, ensuring that businesses can protect themselves from potential cyber threats. One of the key strategies to tackle the risks associated with obsolete products is using MSIX, a modern packaging format developed by Microsoft. In this blog, we will explore the challenges associated with obsolete products in the CES framework and how using MSIX can help your organisation comply with the security guidelines.

Challenges with Obsolete Products in the CES Framework

Obsolete products, including out-of-date smartphones, tablets, laptops, desktop PCs, and software applications, contribute to two main problems:

  1. Lack of security updates: Unsupported products no longer receive security patches, increasing the likelihood of attackers exploiting known vulnerabilities.
  2. Absence of the latest security mitigations: older products may not include up-to-date security measures, making successful exploitation more likely and detection more difficult.

Both issues make high-impact security incidents more probable, potentially leading to disastrous consequences across the organisation. To comply with the CES framework, organisations must address these challenges and minimise the risks associated with obsolete products.

The MSIX packaging format

MSIX is a versatile packaging format that supports a wide range of applications, including legacy Win32, WPF, and Windows Forms applications. By using MSIX for deploying and managing obsolete applications, organisations can achieve several key benefits:

  1. Simplified deployment and updates: MSIX streamlines deploying and updating applications, making it easier to manage legacy software.
  2. Application isolation: MSIX ensures that applications run in isolated environments, reducing potential conflicts, and improving system stability.
  3. Clean uninstallation: MSIX allows for the complete removal of applications, leaving no residual files or registry entries on the system.
  4. Enhanced security: MSIX offers various security features, such as certificate signing and restricted access to system resources.
  5. Customisation: MSIX enables modifications to application settings and configurations without altering original binaries, allowing organisations to adapt legacy apps to their specific requirements.

Complying with the CES Framework Using MSIX

To utilise MSIX for managing obsolete products in compliance with the CES framework, organisations should follow these general steps:

  1. Obtain the original installation files for the legacy application.
  2. Use appCURE Capture and Packager to create an MSIX package from the original installer or application files.
  3. Test the newly created MSIX package on a target system to ensure proper functionality.
  4. Sign the MSIX package with a trusted certificate to enable secure deployment.
  5. Deploy the MSIX package to target systems using a preferred deployment method (e.g., System Center Configuration Manager, Intune, Azure Virtual Desktop (MSIX app attach) or a third-party tool).

Conclusion

MSIX provides a powerful solution for addressing the challenges associated with obsolete products in the CES framework. By adopting MSIX, organisations can better manage legacy applications, enhance security, and comply with the CES guidelines. However, it is crucial to assess the compatibility of each legacy application with MSIX packaging and make any necessary adjustments or seek alternative solutions when needed. By doing so, organisations can minimise the risks associated with using out-of-date technology and work towards a more secure and modernised application management process.

Want to learn more, Why not get In touch with our team today!

Find Out More
The Growing Threat of Supply Chain Attacks via Application Installers and the Importance of Post-Installation Inspection

The Growing Threat of Supply Chain Attacks via Application Installers and the Importance of Post-Installation Inspection

Apr 11, 2023 | Articles

Introduction

In recent years, there has been a significant increase in supply chain attacks targeting software applications from reputable vendors. These attacks exploit vulnerabilities in application installers to infiltrate networks and systems, potentially causing catastrophic damage. As the risk of such attacks continues to rise, organisations should prioritise inspecting applications and their post-installation behaviours to mitigate the threats posed by phase 2 and 3 attacks. This article will delve into the importance of reviewing all application packages from vendors before releasing them to production environments. Only recently, 3CX, a popular software-based phone system company, was subject to a supply chain attack.

The Rise of Supply Chain Attacks

Supply chain attacks are malicious attempts to compromise third-party software components or services in order to gain unauthorised access to a target system. These attacks have become increasingly popular among cybercriminals as they can bypass traditional security measures by exploiting trusted relationships between software vendors and their customers. Application installers from reputable vendors are particularly attractive targets, as they can easily infiltrate a system without raising suspicion.

Phase 2 and 3 Attacks: The Hidden Dangers

Phase 2 and phase 3 attacks refer to the stages of a multi-stage cyberattack that follows an initial compromise in a supply chain attack. While these terms are not industry-standard terminology, they help illustrate the progressive nature of advanced cyberattacks. Here’s a breakdown of the different phases:

  • Phase 1 – Initial Compromise: The first phase typically involves the attacker compromising a third-party software or service, such as an application installer from a reputable vendor, to gain access to the target system. In supply chain attacks, this is achieved by exploiting vulnerabilities in the software or by inserting malicious code into the software package.
  • Phase 2 – Establishing Persistence: Once the attacker has gained access to the target system, the second phase involves establishing persistence within the network or system. This can include deploying additional malware, creating backdoors, or leveraging legitimate tools and services to maintain a foothold in the compromised environment. During this phase, the attacker works to avoid detection and strengthen their position within the target system.
  • Phase 3 – Lateral Movement and Execution: In the third phase, the attacker seeks to expand their access within the compromised system, moving laterally through the network and potentially compromising additional systems. This phase also involves the execution of the attacker’s primary objectives, such as exfiltrating sensitive data, deploying ransomware, or causing disruption to the target organisation’s operations.

By understanding the progression of these attacks, organisations can better defend themselves against the threats posed by supply chain attacks and other advanced cyber threats. Monitoring and inspecting applications and their behaviours, particularly post-installation, can help identify and mitigate risks associated with phase 2 and 3 attacks.

Inspecting Applications and Their Behaviours Post-Installation

  • To mitigate the risk of phase 2 and 3 attacks, it is crucial to inspect applications and their behaviours post-installation. Organisations should consider implementing the following steps:
  • Perform a thorough analysis of the application’s source code, configuration files, and dependencies to detect any potential vulnerabilities or malicious components.
  • Monitor the application’s runtime behaviour to identify any unusual or unexpected actions, such as unauthorised network connections, file manipulation, or privilege escalation.
  • Employ behaviour-based detection tools and security solutions that can automatically flag suspicious application activities.
  • Regularly update software and apply security patches to minimise the attack surface and prevent exploitation of known vulnerabilities.

Reviewing All Application Packages Before Production Release

Given the growing prevalence of supply chain attacks, organisations must review all vendor application packages before releasing them to production environments. This process should include:

Verifying the integrity of the application package by checking digital signatures, hashes, and certificates to ensure the software has not been tampered with.

Employing sandboxing techniques to test and analyse the application in an isolated environment safely. This allows organisations to observe the application’s behaviour without risking the security of their production systems.

Conduct regular security audits of vendors and their software development processes to assess the potential risks and ensure adherence to security best practices, like ISO27001. This helps maintain a high level of trust and confidence in the software being delivered.

Establishing a security-focused mindset within the organisation, emphasising the importance of constant vigilance and collaboration between IT, security, and development teams. This can help ensure that security considerations are taken into account throughout the software development lifecycle and in the deployment of applications.

Conclusion

As the risk of supply chain attacks using application installers from reputable vendors continues to rise, organisations must prioritise inspecting applications and their post-installation behaviours to reduce the likelihood of phase 2 and 3 attacks. By thoroughly reviewing all application packages before releasing them to production and maintaining a proactive security posture, organisations can significantly reduce the potential damage caused by these increasingly sophisticated attacks. Implementing a comprehensive approach to software security, including sandboxing techniques, regular vendor audits, and fostering a security-focused culture within the organisation, will help mitigate the risks associated with supply chain attacks and protect valuable assets and data.

 References:

(1) Gallagher, S. (2023, April 3). False Positive or the Real Deal? 3CX Supply Chain Attack Raises Questions. The Register. Retrieved from https://www.theregister.com/2023/04/03/3cx_false_positive_supply_chain_attack/

(2) Jackson, M. (2023, April). What Went Wrong with the 3CX Software Supply Chain Attack and How It Could Have Been Prevented. Security Boulevard. Retrieved from https://securityboulevard.com/2023/04/what-went-wrong-with-the-3cx-software-supply-chain-attack-and-how-it-could-have-been-prevented/

(3) Anderson, J. (n.d.). Kaseya Supply Chain Attack: What You Need to Know. Expel. Retrieved from https://expel.com/blog/kaseya-supply-chain-attack-what-you-need-to-know/

(4) International Organization for Standardization (ISO) & International Electrotechnical Commission (IEC). (2013). ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements. Retrieved from https://www.iso.org/standard/54534.html

Want to learn more, Why not get In touch with our team today!

Find Out More
appCURE Announces Integration between Nerdio Manager for Enterprise and appCURE Studio

appCURE Announces Integration between Nerdio Manager for Enterprise and appCURE Studio

Mar 13, 2023 | News

 appCURE is pleased to announce our latest partnership and Integration with Nerdio , combining the capabilities of both technologies to help customers migrate to Microsoft’s fast-growing desktop, application and virtualization offerings (Azure, Microsoft 365 and Azure Virtual Desktop). 

Introduction

 As more and more organisations look to migrate services and applications to the cloud, one of the biggest challenges remains the migration of applications from older operating systems. This problem becomes more apparent when missing installation media and lost documentation and information are required, which can cause a significant impact to a migration project’s timeline or stall a project completely. This, combined with challenges around cost implications of the cloud, optimisation and management of scalable technology, can cause organisations to run up large unoptimized IT costs.
The Nerdio and appCURE partnership and new integration helps organisations quickly simplify application migration, management and transformation into a production environment. In addition, the integration offers enhanced application lifecycle management and the advantage of modern application formats such as MSIX and MSIX App Attach .
Combining Nerdio and appCURE provides a best-in-class enterprise workspace solution for Microsoft 365 and Azure Virtual Desktop.

 

Dynamic application delivery, also known as MSIX app attach

 Nerdio Manager for Enterprise adds value on top of Azure Virtual Desktop, Windows 365, and Microsoft Intune by delivering hundreds of features that simplify management, ensure efficient operations, and lower Azure compute and storage costs by up to 80%.
Today, Nerdio offers improved MSIX App Attach capabilities and streamlined management in the Nerdio Manager for Enterprise platform that adds great value on top of Azure Virtual Desktop’s native capabilities and provides an enhanced experience for the IT admin. In addition, Nerdio’s solution takes care of application lifecycle management, version control and code signing certificate requirements required for MSIX packages and MSIX App Attach.

 

appCURE’s application transformation portfolio

appCURE is based on Capture, Update, Remediate and Execute (CURE), the four base process principles on which the technology is built on. appCURE provides a comprehensive application packaging toolkit designed to unstick application migration projects and simplify the transition of applications to modern digital workspaces. appCURE also helps handle day two operations, including managing updates when required to keep applications in production.
Using appCURE Studio, you can package and convert applications into MSIX even if you don’t have the original installer for the application. appCURE’s running capture technology enables you to capture the application off the older operating system & package the captured app directly into MSIX, avoiding project delay and enabling the applications to be delivered to a modern digital workspace.
appCURE boasts an average time of approximately 6-8 minutes per application transformation, including smoke testing.

 

Nerdio and appCURE Integration

With appCURE studio 3.4 and future releases, you can now take full advantage of the Nerdio and appCURE Integration, which enables you to easily capture, transform and publish applications into the MSIX format for any user. There is no manual action or scripting required when using Nerdio and appCURE. appCURE and Nerdio simplify the IT administrator’s MSIX App Attach experience and reduce the number of master images needed when delivering a virtual desktop environment. appCURE transforms the applications and delivers them into Nerdio’s MSIX app attach library.
appCURE and Nerdio help customers migrate quicker to production, unstick stalled projects and continue to manage application version control and cost optimisation today and into the future as the platform changes to facilitate the business challenges.

For further information, see the links below:

Want to learn more, Why not get In touch with our team today!

Find Out More

Why Encapsulating Applications in Type Two Hypervisors is Not Recommended: A Case for Native Containerization with MSIX

Why Encapsulating Applications in Type Two Hypervisors is Not Recommended: A Case for Native Containerization with MSIX

Mar 10, 2023 | Articles

With the growing popularity of cloud computing, virtualization has become an indispensable tool for organizations looking to maximize the utilization of their IT infrastructure. However, not all virtualization technologies are created equal. When it comes to application virtualization, organizations have two main options: type two hypervisors and native containerization. While type two hypervisors have been widely used in the past, they are now facing significant challenges and limitations, making them a less attractive option compared to native containerization.

A type two hypervisor, also known as a hosted hypervisor, is installed on a host operating system, and runs virtual machines (VMs) on top of it. On the other hand, native containerization is a modern virtualization technique that runs applications in isolated containers, sharing the host operating system and resources.

One of the main problems with type two hypervisors is their performance overhead. VMs run in a virtual environment, requiring hardware virtualization to be enabled in the host operating system. This introduces additional overhead, slowing down the performance of the applications running in the VMs. This can be particularly problematic for resource-intensive applications, such as those used in scientific or engineering simulations, or data-intensive applications, such as big data analytics.

Another issue with type two hypervisors is security. VMs are isolated from the host operating system, but they still share the same underlying hardware and firmware, making them vulnerable to security exploits and malware. In addition, VMs can potentially interact with each other, creating a risk of cross-VM attacks. Furthermore, type two hypervisors have been shown to have vulnerabilities in the past, and patching them can be a time-consuming and complex process.

In contrast, native containerization provides a much more secure and efficient virtualization environment. Applications are isolated in their own containers, with no direct interaction between them. This eliminates the risk of cross-application attacks and reduces the attack surface, making it much harder for malicious actors to exploit security vulnerabilities. Additionally, native containerization has a much smaller performance overhead compared to type two hypervisors, making it a better choice for resource-intensive applications.

One of the most promising native containerization technologies is MSIX, a modern, flexible and efficient virtualization technology from Microsoft. MSIX provides a consistent application environment, regardless of the underlying hardware or operating system. This enables organizations to deploy applications faster and with more confidence, knowing that they will work seamlessly on any device. MSIX also provides a number of security and management features, such as integration with Windows Defender, which makes it easier for organizations to protect their applications and data.

In conclusion, type two hypervisors are becoming increasingly obsolete, as organizations face growing challenges in terms of performance and security. Native containerization provides a more efficient and secure virtualization environment, and MSIX is one of the most promising technologies in this space. By using MSIX, organizations can benefit from a consistent application environment, faster deployment, and enhanced security, making it the preferred choice for application virtualization.

Want to learn more, Why not get In touch with our team today!

Find Out More
appCURE Studio 3.4: New Features and Enhancements for Secure Application Transformation

appCURE Studio 3.4: New Features and Enhancements for Secure Application Transformation

Mar 9, 2023 | News

We are thrilled to announce the release of AppCURE Studio 3.4, our latest version of the transformation studio product. This new release introduces several new features and enhancements that offer our customers greater flexibility and security, enabling them to easily transform their applications.

One of the most significant features of appCURE Studio 3.4 is the full Azure Key Vault support for batch MSIX package signing, including certificate creation. Azure Key Vault for certificates provides organisations a secure, centralised, and scalable solution for managing digital certificates. It simplifies certificate management, reduces the risk of security breaches, and enables Packagers/IT Pros/Developers to code-sign MSIX packages with confidence. With this feature, our customers can now securely store and manage their code signing certificates in Azure Key Vault, offering an extra layer of protection for their applications. Additionally, our customers can create and manage signing certificates directly from within the appCURE Studio interface.

Another significant enhancement is the ability to modify MSIX capabilities, giving our customers greater control over their MSIX packages and modification capabilities. MSIX capabilities are a set of permissions that define how an application can access resources and interact with the operating system. These capabilities are used to ensure that an application has access only to the resources it needs and that it cannot perform any unauthorized actions. This feature enables our customers to add or remove capabilities from their MSIX packages, ensuring that their applications have the necessary permissions to function correctly and securely. It is particularly useful for complex applications that require specific capabilities to be enabled.

In addition, appCURE Studio 3.4 introduces Enforce Package Integrity, a critical security feature that enables our customers to enable and disable package integrity for MSIX. This feature ensures that the contents of an MSIX package have not been tampered with or modified in any way, making it ideal for enterprise environments where security is a top priority. With Enforce Package Integrity enabled, enterprise IT teams can ensure that the software they deploy is secure and has not been tampered with, which can help to prevent data breaches and other security incidents.

Furthermore, we have introduced Blob Storage Upload, a new feature that allows our customers to upload folders of files directly to Azure Blob Storage from within appCURE Studio. This feature is designed to streamline operations and make it easier for our customers to store large amounts of application packages in the cloud. Blob Storage Upload is a simple, streamlined way to upload files, making it a valuable addition to the appCURE Studio toolset.

We have also added an Azure Deploy Template, which enables our customers to quickly deploy appCURE Studio and all the required features by simply filling in a simple Azure template form. Additionally, we have introduced ISO creation, which allows our customers to store transformed packages in an ISO. This feature is ideal for companies that require the offline deployment of their applications or the portability of multiple packages.

In addition to these features, we are pleased to announce that the following integrations are now generally available:

  • Parallels RAS Integration
  • Nerdio Integration
  • Workspace One Integration
  • Application Readiness
  • AppVentix

These integrations offer our customers greater flexibility and ease of use, allowing them to integrate appCURE Studio with other tools and platforms.

In conclusion, appCURE Studio 3.4 is an exciting release that introduces several new features and enhancements, including Azure Key Vault support for certificates and MSIX package signing, MSIX capabilities modification, Enforce Package Integrity, Blob Storage Upload, Azure Deploy Template, and ISO creation. These features offer our customers greater flexibility and security, enabling them to confidently manage their applications and data in the cloud.

For a full list of features and improvements, please see the release notes.

 

Want to learn more, Why not get In touch with our team today!

Find Out More