EXCLUSIVE: Inventor Ric Richardson Plans To Crush Malware, Ransomware
Ric Richardson enticed us with ‘Demoware’ CD’s in the 90s. Microsoft paid him around A$530 million in an out-of-court settlement in 2012 after it was caught pinching his patented technology. Now the prolific Australian inventor is back with an operating system modification that he says will stop malware and ransomware in its tracks.
He spoke exclusively to ChannelNews about the completion of this latest project just days after Russian hackers claimed responsibility for cyberattacks in Victoria and the stealing of 4.95 terabytes of data.
He says a change in how computers operate at kernel level will dramatically reduce the impact of phishing and ransomware attacks, saving organisations and individuals billions. The solution will work on computers, servers and mobile devices.
Mr Richardson’s 1990s Uniloc patent and his invention of ‘Demoware’ led to thousands of try and buy software programs being made available on demonstration CDs stuck onto computer magazine covers. Readers could trial an application free-of-charge until a time-bomb disabled it, or pay to buy it. Some 2.5 billion machines used his software activation.
UniLoc Corporation’s Demoware was so successful that Microsoft started using his activation in FrontPage, Excel, Office and then Windows, but without permission. It took Mr Richardson eight years of seesawing US court battles before Microsoft paid an equivalent of about $530 million in a confidential settlement.
Mr Richardson says he is being advised by Nick Sears, one of four founders of the Android operating system in 2003, before its acquisition by Google. His new operating system modification has already been tested by OS experts and he is offering a $5000 bounty for “all comers” to crack it.
He describes current antivirus as “whack a mole”. “Everyone knows where you have a bunch of holes and the thing sticks up, you’ve got to hit it. The thing is, antivirus is whack a mole.”
His alternative eliminates traditional antivirus and traditional whitelisting and blacklisting, and moves security monitoring to within the operating system kernel. He says this technique can be adapted to Windows, MacOS, Linux, Android and Apple iOS systems. “The first version we did was actually a modified MacOS,” he says.
HOW IT WORKS
Mr Richardson’s alternative is based on a protected runtime environment. Legitimate programs are installed in a locked area of memory that can’t be altered while the system is running. He says this “deadbolt” feature locks the operating system folder after the initial boot.
Protected runtime environments and lockdown modes are not new. Apple’s lockdown mode for iOS and MacOS limits the usable apps, features and websites so that devices withstand “highly sophisticated cyber attacks”.
Android’s lockdown mode disables the use of biometric authentication during login. Windows lockdown mode enables a network administration to strictly control the use of applications on networked devices.
Mr Richardson’s patented system goes further by requiring the loader within the kernel to do security checks before letting an application run.
It checks that an application is coming from a space that’s not writable, ie. a locked folder. “It then does a short hash check to ensure the application that’s been loaded has not been changed,” he says. “It will then try and write to the (application) folder. If it can’t write to the folder, then it knows it’s read only, and it allows the application to run.”
He says the loader was built to minimise any reduction in operating system performance. Achieving that was a major part of his patented system. He says his engineer spent six months rewriting the bootloader and reconfiguring the operating system. “The engineer who worked on this for me is really a high quality coder.”
He says the application vetting process is different from traditional antivirus that detects malware after it begins running when the damage has been done.
“The majority of malware and ransomware are not abusing stuff that’s already there. It’s tricking people into loading stuff onto the machine that they didn’t intend to,” Mr Richardson says. “They (traditional antivirus packages) are always playing catch up. They’re watching what’s happening and saying ‘do I recognise the application that’s currently running? Yes or no?’.”
He says Microsoft uses whitelisting where it has a database of programs that are authorised to run on a machine. “A lot of corporates have it. But the problem is the way the whitelisting software works is that the kernel runs and then it runs the Defender code, which then checks the whitelist every time something gets run.”
He says sophisticated hacks can get to the operating system kernel and interrupt it, or divert it, so that illicit code can run before it’s detected. “My thinking was … I’m going to make it so that the thing that actually does the loading does the check itself, so it’s impossible for you to separate it from the loading process.”
TESTING THE SYSTEM
“To prove this, I set up an Amazon server. It’s been running for three months now. The username and password for the admin are public, and no one’s been able to put any executables on this.
“Since that time, we’ve had three months of inviting OS experts to try and hack it. There’s been half a dozen so far. It’s been to the Linux community, but it hasn’t been public yet. Now we’re opening it to all comers.”
He is offering a $5000 bounty to “get the young studs to have a go” at loading malware. The bounty would escalate over time.
I asked Mr Richardson whether there were ways around this. Could you modify the loader? But he says you can’t modify the operating system when it’s running. You have to take the drive out and connect it to another machine. You can only achieve that by having physical access to the computer, not remotely.
“To actually defeat what we’re talking about, you need to bring another computer in, treat the existing hard drive as if it’s a slave, modify it and then allow it to run again. The point is if the system is running, it can’t be interfered with.
“It’s like the old joke. A heart surgeon is talking to a Mercedes mechanic and the mechanic says: ‘Look, my Mercedes is so complicated now. Working on a Mercedes is like being a heart surgeon just like you.’ And he’s looked at all the diagnostics and all the gear and the computer skills he has to have. ‘Yeah, that’s incredible’, the cardiologist says, ‘but there is one difference. Can you work on your motor while it’s running?’”
So why hasn’t this been done before? Mr Richardson said: “Everyone’s been scared of touching the loader. That’s the reason why. Every engineer I spoke to said: ‘Surely there must be a way of not doing that’.”
THE BUSINESS PLAN
If the system remains uncracked, Mr Richardson plans to find a company to roll it out publicly. “If I don’t get a bite from the big operating system companies myself, then my next job is to find a business co-founder that will actually get it sold to Microsoft or to Apple or to Google. I try to stay out of the business side of it.”
He says existing hospital equipment would benefit from the system. “The great majority of ransomware attacks on hospitals impact devices with Windows 97 or old versions of Windows, where no one wants to touch anything, no one wants to fix anything and they’re using the same applications that they did five or six years ago. If they’re out of licence you can give them a protected operating system and run this.”
He says he began working on his operating system modification after he heard Elon Musk talking at a US governor’s conference and someone asked him what keeps him up at nights? “And he said a fleetwide attack on Tesla cars. ‘It’s the idea of being able to send malicious software out to all of our cars and everything is running through stop signs’.”.
“I thought surely that’s not a big problem to solve,” Mr Richardson says. He started work in 2017 and took out his “malware patent” in 2020.
Mr Richardson and his wife Kas settled in Byron Bay in 2008 after a long stint in the US. The pair own a farm, and have one daughter and five grandchildren. The Richardsons have bought a property at Broken Head, about 7 km south of Byron Bay, where they plan to relocate.
He typically works on 50 inventions simultaneously from his van parked at his favourite locations around Byron Bay. He works with a blank sheet of paper and a sketchbook, and only becomes computer-bound when doing research.
Other current projects include using LIDAR for shark detection, a patent for a decentralised digital identity system that lets carers and children look after their elderly parents, for example doing their banking and shopping, and a cryptocurrency wallet based around sharing.
He is the founder of five companies and says he has helped more than 600 “problem solvers” with their innovation ventures since beginning to hold weekly Friday sessions in 2012.