Tackling Obsolete Product Issues using MSIX within the CES Framework Guidelines

Tackling Obsolete Product Issues using MSIX within the CES Framework Guidelines

Introduction

Obsolete products and outdated software applications pose significant security risks for organisations. The CES (Cyber Essentials Scheme) framework is designed to help address these challenges, ensuring that businesses can protect themselves from potential cyber threats. One of the key strategies to tackle the risks associated with obsolete products is using MSIX, a modern packaging format developed by Microsoft. In this blog, we will explore the challenges associated with obsolete products in the CES framework and how using MSIX can help your organisation comply with the security guidelines.

Challenges with Obsolete Products in the CES Framework

Obsolete products, including out-of-date smartphones, tablets, laptops, desktop PCs, and software applications, contribute to two main problems:

  1. Lack of security updates: Unsupported products no longer receive security patches, increasing the likelihood of attackers exploiting known vulnerabilities.
  2. Absence of the latest security mitigations: older products may not include up-to-date security measures, making successful exploitation more likely and detection more difficult.

Both issues make high-impact security incidents more probable, potentially leading to disastrous consequences across the organisation. To comply with the CES framework, organisations must address these challenges and minimise the risks associated with obsolete products.

The MSIX packaging format

MSIX is a versatile packaging format that supports a wide range of applications, including legacy Win32, WPF, and Windows Forms applications. By using MSIX for deploying and managing obsolete applications, organisations can achieve several key benefits:

  1. Simplified deployment and updates: MSIX streamlines deploying and updating applications, making it easier to manage legacy software.
  2. Application isolation: MSIX ensures that applications run in isolated environments, reducing potential conflicts, and improving system stability.
  3. Clean uninstallation: MSIX allows for the complete removal of applications, leaving no residual files or registry entries on the system.
  4. Enhanced security: MSIX offers various security features, such as certificate signing and restricted access to system resources.
  5. Customisation: MSIX enables modifications to application settings and configurations without altering original binaries, allowing organisations to adapt legacy apps to their specific requirements.

Complying with the CES Framework Using MSIX

To utilise MSIX for managing obsolete products in compliance with the CES framework, organisations should follow these general steps:

  1. Obtain the original installation files for the legacy application.
  2. Use appCURE Capture and Packager to create an MSIX package from the original installer or application files.
  3. Test the newly created MSIX package on a target system to ensure proper functionality.
  4. Sign the MSIX package with a trusted certificate to enable secure deployment.
  5. Deploy the MSIX package to target systems using a preferred deployment method (e.g., System Center Configuration Manager, Intune, Azure Virtual Desktop (MSIX app attach) or a third-party tool).

Conclusion

MSIX provides a powerful solution for addressing the challenges associated with obsolete products in the CES framework. By adopting MSIX, organisations can better manage legacy applications, enhance security, and comply with the CES guidelines. However, it is crucial to assess the compatibility of each legacy application with MSIX packaging and make any necessary adjustments or seek alternative solutions when needed. By doing so, organisations can minimise the risks associated with using out-of-date technology and work towards a more secure and modernised application management process.

Want to learn more, Why not get In touch with our team today!

The Growing Threat of Supply Chain Attacks via Application Installers and the Importance of Post-Installation Inspection

The Growing Threat of Supply Chain Attacks via Application Installers and the Importance of Post-Installation Inspection

Introduction

In recent years, there has been a significant increase in supply chain attacks targeting software applications from reputable vendors. These attacks exploit vulnerabilities in application installers to infiltrate networks and systems, potentially causing catastrophic damage. As the risk of such attacks continues to rise, organisations should prioritise inspecting applications and their post-installation behaviours to mitigate the threats posed by phase 2 and 3 attacks. This article will delve into the importance of reviewing all application packages from vendors before releasing them to production environments. Only recently, 3CX, a popular software-based phone system company, was subject to a supply chain attack.

The Rise of Supply Chain Attacks

Supply chain attacks are malicious attempts to compromise third-party software components or services in order to gain unauthorised access to a target system. These attacks have become increasingly popular among cybercriminals as they can bypass traditional security measures by exploiting trusted relationships between software vendors and their customers. Application installers from reputable vendors are particularly attractive targets, as they can easily infiltrate a system without raising suspicion.

Phase 2 and 3 Attacks: The Hidden Dangers

Phase 2 and phase 3 attacks refer to the stages of a multi-stage cyberattack that follows an initial compromise in a supply chain attack. While these terms are not industry-standard terminology, they help illustrate the progressive nature of advanced cyberattacks. Here’s a breakdown of the different phases:

  • Phase 1 – Initial Compromise: The first phase typically involves the attacker compromising a third-party software or service, such as an application installer from a reputable vendor, to gain access to the target system. In supply chain attacks, this is achieved by exploiting vulnerabilities in the software or by inserting malicious code into the software package.
  • Phase 2 – Establishing Persistence: Once the attacker has gained access to the target system, the second phase involves establishing persistence within the network or system. This can include deploying additional malware, creating backdoors, or leveraging legitimate tools and services to maintain a foothold in the compromised environment. During this phase, the attacker works to avoid detection and strengthen their position within the target system.
  • Phase 3 – Lateral Movement and Execution: In the third phase, the attacker seeks to expand their access within the compromised system, moving laterally through the network and potentially compromising additional systems. This phase also involves the execution of the attacker’s primary objectives, such as exfiltrating sensitive data, deploying ransomware, or causing disruption to the target organisation’s operations.

By understanding the progression of these attacks, organisations can better defend themselves against the threats posed by supply chain attacks and other advanced cyber threats. Monitoring and inspecting applications and their behaviours, particularly post-installation, can help identify and mitigate risks associated with phase 2 and 3 attacks.

Inspecting Applications and Their Behaviours Post-Installation

  • To mitigate the risk of phase 2 and 3 attacks, it is crucial to inspect applications and their behaviours post-installation. Organisations should consider implementing the following steps:
  • Perform a thorough analysis of the application’s source code, configuration files, and dependencies to detect any potential vulnerabilities or malicious components.
  • Monitor the application’s runtime behaviour to identify any unusual or unexpected actions, such as unauthorised network connections, file manipulation, or privilege escalation.
  • Employ behaviour-based detection tools and security solutions that can automatically flag suspicious application activities.
  • Regularly update software and apply security patches to minimise the attack surface and prevent exploitation of known vulnerabilities.

Reviewing All Application Packages Before Production Release

Given the growing prevalence of supply chain attacks, organisations must review all vendor application packages before releasing them to production environments. This process should include:

Verifying the integrity of the application package by checking digital signatures, hashes, and certificates to ensure the software has not been tampered with.

Employing sandboxing techniques to test and analyse the application in an isolated environment safely. This allows organisations to observe the application’s behaviour without risking the security of their production systems.

Conduct regular security audits of vendors and their software development processes to assess the potential risks and ensure adherence to security best practices, like ISO27001. This helps maintain a high level of trust and confidence in the software being delivered.

Establishing a security-focused mindset within the organisation, emphasising the importance of constant vigilance and collaboration between IT, security, and development teams. This can help ensure that security considerations are taken into account throughout the software development lifecycle and in the deployment of applications.

Conclusion

As the risk of supply chain attacks using application installers from reputable vendors continues to rise, organisations must prioritise inspecting applications and their post-installation behaviours to reduce the likelihood of phase 2 and 3 attacks. By thoroughly reviewing all application packages before releasing them to production and maintaining a proactive security posture, organisations can significantly reduce the potential damage caused by these increasingly sophisticated attacks. Implementing a comprehensive approach to software security, including sandboxing techniques, regular vendor audits, and fostering a security-focused culture within the organisation, will help mitigate the risks associated with supply chain attacks and protect valuable assets and data.

 References:

(1) Gallagher, S. (2023, April 3). False Positive or the Real Deal? 3CX Supply Chain Attack Raises Questions. The Register. Retrieved from https://www.theregister.com/2023/04/03/3cx_false_positive_supply_chain_attack/

(2) Jackson, M. (2023, April). What Went Wrong with the 3CX Software Supply Chain Attack and How It Could Have Been Prevented. Security Boulevard. Retrieved from https://securityboulevard.com/2023/04/what-went-wrong-with-the-3cx-software-supply-chain-attack-and-how-it-could-have-been-prevented/

(3) Anderson, J. (n.d.). Kaseya Supply Chain Attack: What You Need to Know. Expel. Retrieved from https://expel.com/blog/kaseya-supply-chain-attack-what-you-need-to-know/

(4) International Organization for Standardization (ISO) & International Electrotechnical Commission (IEC). (2013). ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements. Retrieved from https://www.iso.org/standard/54534.html

Want to learn more, Why not get In touch with our team today!

Why Encapsulating Applications in Type Two Hypervisors is Not Recommended: A Case for Native Containerization with MSIX

Why Encapsulating Applications in Type Two Hypervisors is Not Recommended: A Case for Native Containerization with MSIX

With the growing popularity of cloud computing, virtualization has become an indispensable tool for organizations looking to maximize the utilization of their IT infrastructure. However, not all virtualization technologies are created equal. When it comes to application virtualization, organizations have two main options: type two hypervisors and native containerization. While type two hypervisors have been widely used in the past, they are now facing significant challenges and limitations, making them a less attractive option compared to native containerization.

A type two hypervisor, also known as a hosted hypervisor, is installed on a host operating system, and runs virtual machines (VMs) on top of it. On the other hand, native containerization is a modern virtualization technique that runs applications in isolated containers, sharing the host operating system and resources.

One of the main problems with type two hypervisors is their performance overhead. VMs run in a virtual environment, requiring hardware virtualization to be enabled in the host operating system. This introduces additional overhead, slowing down the performance of the applications running in the VMs. This can be particularly problematic for resource-intensive applications, such as those used in scientific or engineering simulations, or data-intensive applications, such as big data analytics.

Another issue with type two hypervisors is security. VMs are isolated from the host operating system, but they still share the same underlying hardware and firmware, making them vulnerable to security exploits and malware. In addition, VMs can potentially interact with each other, creating a risk of cross-VM attacks. Furthermore, type two hypervisors have been shown to have vulnerabilities in the past, and patching them can be a time-consuming and complex process.

In contrast, native containerization provides a much more secure and efficient virtualization environment. Applications are isolated in their own containers, with no direct interaction between them. This eliminates the risk of cross-application attacks and reduces the attack surface, making it much harder for malicious actors to exploit security vulnerabilities. Additionally, native containerization has a much smaller performance overhead compared to type two hypervisors, making it a better choice for resource-intensive applications.

One of the most promising native containerization technologies is MSIX, a modern, flexible and efficient virtualization technology from Microsoft. MSIX provides a consistent application environment, regardless of the underlying hardware or operating system. This enables organizations to deploy applications faster and with more confidence, knowing that they will work seamlessly on any device. MSIX also provides a number of security and management features, such as integration with Windows Defender, which makes it easier for organizations to protect their applications and data.

In conclusion, type two hypervisors are becoming increasingly obsolete, as organizations face growing challenges in terms of performance and security. Native containerization provides a more efficient and secure virtualization environment, and MSIX is one of the most promising technologies in this space. By using MSIX, organizations can benefit from a consistent application environment, faster deployment, and enhanced security, making it the preferred choice for application virtualization.

Want to learn more, Why not get In touch with our team today!

Improving Application Compatibility with PSF and appCURE Studio

Improving Application Compatibility with PSF and appCURE Studio

The Package Support Framework (PSF) helps developers and IT admins package applications into the MSIX package format. PSF is designed to help overcome common challenges when packaging and deploying software using MSIX, such as compatibility issues, missing dependencies, incorrect registry entries and issues related to running the application inside an MSIX container.

PSF consists of three core components: the PSF Launcher, Config file and Fixups. The PSF Launcher is a small executable responsible for starting your application. The Fixups are small dynamic-link libraries (DLLs) that the PSF Launcher loads to fix any issues that might prevent your application from running and the config file that you use to configure PSF.

PSF is beneficial for developers and IT Admins who are repackaging and deploying desktop applications. In these cases, the PSF helps to ensure that your application runs on modern versions of Windows and can handle different hardware configurations. For example, suppose your application relies on a specific version of the .NET Framework. In that case, PSF can be configured to ensure that this version is installed before your application starts. However, you may want to handle the required runtime before installing apps.

Another advantage of the PSF is that it helps resolve dependencies between different application components. For example, suppose your application relies on a specific version of a DLL. In that case, the PSF can be configured to ensure that this DLL is included in the installation package and is available when the application starts. Again, this helps ensure your application runs smoothly and is free of compatibility issues.

Finally, PSF is easy to use with the help of appCURE Studio. PSF uses a simple JSON configuration file that developers and IT admins can modify to specify the fixups they want to use and the configuration options they need. This file is part of the installation package and is read by the PSF Launcher when the application starts. appCURE Studio helps simplify the manual creation and customisation of these PSF configuration files, making the process of using the PSF even more accessible for IT admins.

In conclusion, the Package Support Framework (PSF) is a powerful tool for IT admins and developers packaging and deploying desktop applications into the MSIX format. The PSF helps improve application compatibility when using MSIX as a packaging format.

 

Want to learn more, Why not get In touch with our team today!

Introduction to Citrix App Streaming

Introduction to Citrix App Streaming

Citrix App Streaming was a technology designed to help businesses deliver applications to end-users without the need for installations on individual devices. Instead, the applications were installed on a central server and streamed to users when needed. This helped businesses save time and resources while ensuring that all users had access to the same version of the software. Citrix App Streaming used a file streaming technology to deliver the application content on-demand to the end-users.

End-of-Life Status

Citrix App Streaming has reached its end-of-life, and it is no longer receiving updates, bug fixes, or technical support from Citrix. Citrix has recommended that customers migrate to alternative solutions like Citrix Virtual Apps and Desktops, or Citrix Endpoint Management.

Migrating with appCURE

If you are a business currently using Citrix App Streaming, it is essential to find an alternative solution that meets your needs. One such solution is appCURE, a comprehensive application transformation platform that offers a range of features, including application streaming migration to MSIX and MSI.

AppCURE is designed to help businesses deliver applications seamlessly to their end-users, regardless of their location or device. With appCURE, users can access their applications from a central portal, making it easy to manage and monitor access to applications across your organization.

Get in Touch with appCURE

If you are currently using Citrix App Streaming or looking for an application delivery solution, appCURE can help. Our team of experts can work with you to understand your unique business needs and provide a customized solution that fits your requirements.

To learn more about appCURE and how we can help your business, please visit our website or contact us directly to schedule a consultation. We offer a comprehensive solution that can help streamline your application delivery and management, saving you time, resources, and money.

Want to learn more, Why not get In touch with our team today!

Why You Should Use Azure Key Vault and appCURE Studio for Code Signing MSIX Packages

Why You Should Use Azure Key Vault and appCURE Studio for Code Signing MSIX Packages

Azure Key Vault is a cloud-based solution for securely storing and managing secrets, such as encryption keys, certificates, and connection strings. When it comes to code signing MSIX packages, Azure Key Vault can be a valuable tool for ensuring the security and integrity of your applications.

Code signing is the process of digitally signing an application to prove its authenticity and integrity. This helps to prevent tampering and ensure that the code has not been modified since it was signed. Code signing also helps to establish trust in the application and its publisher, which is especially important for applications distributed outside of an organization’s network.

MSIX is a new package format for Windows applications that was introduced with Windows 10. MSIX packages are intended to replace the older .appx and .msi formats, and provide a more secure and flexible way to distribute and install applications.

Using Azure Key Vault for code signing MSIX packages offers several benefits, including:

Security: Azure Key Vault provides a secure and highly available environment for storing and managing secrets. This means that your code signing certificates and private keys are protected from theft or unauthorized access.

Centralization: By storing your code signing certificates and keys in Azure Key Vault, you can centralize the management of your code signing infrastructure. This makes it easier to enforce security policies and ensure compliance with industry regulations.

Automation: Azure Key Vault provides an API that you can use to automate the code signing process. This can help to streamline the packaging and deployment of your applications, and reduce the risk of human error.

Compliance: Azure Key Vault is a fully managed service that is audited and compliant with various industry regulations, such as SOC 1, SOC 2, and ISO 27001. This can help you to meet your compliance requirements and demonstrate your commitment to security.

In order to use Azure Key Vault for code signing MSIX packages, you’ll need to have a code signing certificate and a private key that are stored in Azure Key Vault. You can use an existing code signing certificate, or you can generate a new one using the Azure Key Vault Certificates service.

However, managing Azure Key Vault secrets and automating the code signing process can be complex and time-consuming, especially if you’re not familiar with the Key Vault API. That’s where appCURE Studio comes in.

appCURE Studio is an application transformation toolkit that simplifies the use of Azure Key Vault for code signing MSIX packages. With appCURE Studio, you can manage your code signing certificates and private keys in Azure Key Vault, and use the platform to automate the code signing process. This can help to simplify the management of your code signing infrastructure and reduce the risk of human error. By using appCURE Studio, you can take advantage of the security and reliability of Azure Key Vault, while simplifying the process of code signing MSIX packages.

In conclusion, if you’re packaging or deploying MSIX packages, you should consider using Azure Key Vault for code signing. With its secure and highly available environment, centralized management, automation capabilities, and compliance with industry regulations, Azure Key Vault provides a valuable solution for ensuring the security and integrity of your applications. And with appCURE Studio, you can simplify the process of managing Azure Key Vault secrets and automating the code signing process.

 

Want to learn more, Why not get In touch with our team today!