[nine_k]

I remember how back in MS DOS days polymorphic viruses first appeared, in an attempt to avoid detection by antivirus software (useful and essential back then).

Now the tables have turned, and legitimate software has to become somehow polymorphic to thwart attacks by malware.

[codesniperjoe]

Yes, the base idea is not that new. I store since years every GO based application I use as small (few kb) source code tree checkout only, no binary at all. At runtime the wrapper compiles a randomized individual one-time-temporary-uniq binary via garble [0].

[0] https://github.com/burrowers/garble

[okl]

How do you ensure that your compiler and libs are clean though?

[codesniperjoe]

The compiler (go) is part of a static read-only (compressed/in-memory) RootFS. Build on a air-gap build server, touching only signed/verified/reviewed code from git-offline mirror snaps. Go has no libs, all static. The resulting runtime only binaries are totally uniq/randomized and dependency free, straight from (signed) source code.