Prevent application from being closed

Question

I have an application which locks a file containing personal user's data, using FileShare.None. The problem is that if another process or the user closes the application, the file become unlocked and everyone can access to stored passwords. The file is encrypted, but it's terribly easy to find out the password unfortunately.

So, my question is: is there a way to prevent an application from being closed, either by the user or by the Task Manager. Like an antivirus, for example: if you try to close ESET NOD32, you won't be able to stop it.

I've tried to insert this code into the Form Loading event of my application:

Dim Stream As New Stream = FileOpen("MyApplicationPath", FileAccess.ReadWrite, FileShare.None)

But, it gives me an error: "The file is already in use". I could imagine it would give me this error, because the machine needs to access to the executable.

Is there any other way?

Thanks!

EDIT:

To Andrew Morton: In your article, is said: "[...] To check if a password is correct, we need the salt, so it is usually stored in the user account database along with the hash, or as part of the hash string itself.". This means that I have to store the salt somewhere. Where can I store it? And how?

If I have a password: "hello", with a salt "gfogkdfn", I need to store "gfogkdfn" somewhere. Everywhere I will store it, it will be easy to find and my system will be cracked... If I want to encrypt the salt too, I need a "static" encryption key, that is easy crackable too (just do a reverse engineering of my program or any other ways I don't know).

I think that is the problem of this method. Do you have any possible solutions? Thanks

Answer 1

The Long Answer: It is totally possible to make sure an application rarely closes. There are a number of possible methods and tricks to doing this:

• Write a small "watcher" service that stays in the background and restarts your application if the process disappears from the process list. Of course, someone could shut that down as well. Maybe both the application and the watcher service could both keep each other alive.
• Use the Windows task scheduler to repeatedly run a task (batch file, small bootstrapping program) that checks to see if your application is running and starts it if it isn't.
• Hook into some low-level OS routine, such as the shell handler for *.exe files, so that when ANY program is executed on the machine, your application is guaranteed to be running.

As you mentioned, antivirus programs use techniques like this all the time. On the flip side of the coin, malware and spyware frequently use these tricks (especially things like the last one - hard to detect at first!) to make sure they are always running.

As I said, techniques like this can help guarantee your application rarely closes. I say "rarely" because there's always a scenario where your watcher service crashes, or the user is able to kill both at once, or boots into Safe Mode... and so on. This is infinitely more true if you're trying to protect against malicious cracking attempts. A moderately smart cracker will not be phased by any of these techniques.

The biggest problem here if your intent is to safeguard sensitive user data is that even if you file is locked 100% of the time, a motivated attacker could simply unplug the computer, put the storage device into a different machine, and read as much as they want.

The Short Answer: This is the wrong approach to the problem. You should assume that everyone can see the data, and work on strongly encrypting it with good, secure methods so that it doesn't matter.