In computing systems, the user and the underlying operating environment typically wish to prevent the use of unauthorized software that can be used to harm or otherwise degrade the performance of the computing system. Specifically, recent types of malicious or otherwise unwanted software (often called malware, adware, spyware, or bloatware) have often harmed computing systems to the point where the computing system either no longer operates efficiently, has been rendered inoperable, or has been co-opted for nefarious purposes, such as serving more malware, spam e-mails, corporate espionage, or other malicious attacks. As such, attempts have been made to establish trust between both an application that is executed by the computing system and the user or operating environment.
However, it is often difficult to establish trust between an application and the user or operating environment of the computing system. Typical solutions have relied on appending a digital signature to an application and having that signature verified prior to executing the application. When the user or computing system verifies the signature, it serves as an indication that the underlying application is safe to use. However, such signatures can often be faked, allowing attackers to purport that an application is not malicious or otherwise insert program code into the application that in turn is used for malicious purposes. Moreover, signatures generated from an application (e.g., from a hash of the application) often are generated from one portion of the application such that the insertion of malicious program code in another portion of the application can be performed without changing the underlying hash. Still further, there is often a performance impairment when verifying the signature of an application. The verification of the signature may require computing a hash from the application and comparing the hash to the signature of the application. However, computing the hash of an entire application can take a significant amount of time and typically prevents early execution of the application until such verification is complete. This results in a performance impairment of both the computing system upon which the application is being verified due to the intense calculation of the hash as well as a performance impairment of the operation of the application with regard to the user's experience.
Consequently, there is a need for improving the verification of applications so as to minimize both signature faking and effects of insertion of malicious code into a program.