Results 1 to 3 of 3

Thread: Anti-Virus Anonomous

  1. May 9th, 2003, 03:42 PM #1
    stink
    stink is offline
    Banned
    Join Date
    Apr 2003
    Posts
    31

    Lightbulb Anti-Virus Anonomous

    Ok, I just though of a great anti-virus idea if you are interested in helping me amke it email me

    at 'stinkysheep@hotmail.com' ok it probly wont make sence untill the end an will look like im
    rambling on about virus' but bear with me and it will make sence in the end... here i go:
    if a site could be created where people could regester where when the person was loged on the

    site would record vital information about the users computer (with the regesteree have of given

    their full consent of coarce) and of coarce it would be extreemly customisable so that people

    could have control over what is logger and what is not... ANYWAY the site would record things

    like system.ini, win.ini, config.sys,autoexec.bat, command.com and make a secure copy of all

    these files. then it would record system information like processor type and hardware and also

    record :
    >bios version
    >ports "ie: netstat -an"
    >taskmaneger's proccessors
    >and all the processors running and not in the windows KERNAL

    ~of coarce first when the user sighns up the user resedent program must run an intergerty check

    with the site and then scan for any logging processesors... This information is only to valuable

    to hackors.

    ok done, this means no virus/trojans/keyloggers/whatever else is going to run next login.
    the processes check and the kernal check should hopefully mean that no viruses are running now.

    so next comes the scan, let me define more clearly:
    ther are basically 3 types of scans you can do to find viruses these are:
    1. get a copy of every thing on the hard-drive and then check if it is any bigger of if data has

    been changed a wee or so later - problem is this means you cant realy use you computer for

    anything and problem 2 is it only means helps if you've already been infected.

    2. Is what most virus scanners do, namely nortons, you get a huge list of all the viruses you

    know and check every thing to see if you have any of these. problem is some rediculous number

    like 60,000 new viruses are made each day plus eventuall with all these virus's it is unfeasable

    because it eventually becomes so big and hard-drive consiming it gets almost pointless.

    3. is what pc-cillin (my favourite) and proble a hand full of other coppy's do is check in real

    time all information that is going to be executed for any code that looks suspicious with give

    away traits "example: delete C:", it's a pretty good tequnique but of coarce there are exeptions,

    like hackors find new ways to make virus' do their thing.

    now thats out of the way... this is looking to be pretty lengthy but anyway,
    the program will scan the;system info-hardware, bios, ports, win.ini, command.com and autoexec

    every time it is connected with the first time and look for changes, and warn the user who can

    then say to ignore whatever. Also with the users approvial (required because you will probable

    come up with a LOT of false positives it will preform a comparison scan to the regesty)

    next it will scan win.ini,command.com,autoexec and the kernal and the system proceses with a list

    of all regestered viruses, the list of coarce is stored on the server computer so it can be

    changed with out having to releace new versions and so it does not take up the users valuable

    space.

    and lastly it scans win.ini, command.com and the kernal for any suspiciose code which the user

    can send to the server experts to check to see if it is anything or not.

    now lastely it preformes a system scan this suld be the longest part of a system check.
    You've probly heard of a boot sector virus, actually probly not... but hey! they are still

    harmfull here is how they work, below is a diagram of you computer when you power up:
    Power | Boot-sector | Dos | start win | proces'|
    ----- | | most virus' now start they then lay
    | | idle here.
    | here virus' can delete things windows wont let you.
    |
    the first partof the hard drive, here it looks for all the things it

    needs to run, note this is even befor dos.

    so you see the boot sector is harder to scan for because windows and even dos haven't even

    started yet, so the virus-scaners arn't even working, they sit in the first part of your hard

    drive called the boot sector and start doing their thing, making your system hang.
    bacically i dont know how to scan the boot sector or how to install something in the boot sector

    so you will probably need another virus program untill i (and hopefully my team) learn how to.


    the system scan will run both a suspicious code check and a virus list code comparison check for

    all of your hard drive, your cd-rom's you floppy drives and your network (if you select for it

    too, may take eons depending on how big you network is). basically i dont like full system scans

    because the can only catch a virus every time you tell it to, which if you lasy could be never

    and it's then no use, the use of the 'anti-virus anonomous' is that it will do it on a continous

    loop every time you on the net, and that it's virus list is a huge data bace that can be updated

    faster than anyother virus solution.

    the first part of the full system virus scan starts at the 'downloaded folders' -or something

    like that- folder and the "recent", "my received files", "my documents" and "temp folders" as

    this is where most viruse start out. then it will scan the 'windows folder' more specifically

    'system32' and 'system' and then the entire folder, next the 'program files' and lastly every

    thing else form 'my computer' excluding the pre-mentioned.

    and of coarce it will probably need a live scaning on all ports wich is in effect a fire-wall as

    well as a virus scaner.

    bacically, i'm looking for help to make this program. a secure server bace, where people once

    loged on to can store sencitive files, they need protected, where user defined information about

    the system is stored. a small indescreate program will be running (once downloaded) as a small

    icon in the toolbar out of your way, untill the user logs onto the inter net the program will

    either (if the user defines) do nothing or scan in real time for suspicious code. How ever it is

    when the system connects to the net the program will realy kick in and out shine a lot of other

    virus programs, the program will run the pre afore mentioned scans all with out the user ever

    having to think about it, knowing that is's protecting their computer, when the user doese want

    to know whats going on they will simply double click the icon and it will show all the system

    changes and new opened ports the user then says what to ignore and lets it get back to work. This

    program should be better than normal virus scans because it is built around the server,

    constantly checking its virus list and scaning for new virus' added to the list in real time, it

    will also provide a place for people to store important files securly.

    if your interested in helping me make it and you know a fair bit of programming just contact me,

    also if you want to steal my idear could you atleast put some notifycation that i thought of it.

    thanx.
    Reply With Quote Reply With Quote
  2. May 9th, 2003, 05:47 PM #2
    ZomBieMann77
    ZomBieMann77 is offline
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    Just a quick thought here bud. I ask my self would i subscribe to a service like this and the answer is a very definate no. Simply because of the fact that it would be an added vulnerability to my system. Okay a hacker gets into the server gets the list of ip's ect ect ect. then he doesnt even have to scan for vulnerabilities. all he has to do is look at the logs and knows the vulnerabilites. Just my opinion
    Reply With Quote Reply With Quote
  3. May 10th, 2003, 06:17 AM #3
    stink
    stink is offline
    Banned
    Join Date
    Apr 2003
    Posts
    31
    personally I dont think it would be too easy to just casually hack into a the server bace i'm talking about... It a little bit like trying to hack into microsoft, and beleive me there is a LOT of people trying to do that. plus hacking into an anti-virus/trojan site... you would have to be pretty stupid, if the site owners found out they would know your IP, the port your using, and be able to de-complie the trojan/virus your using.

    no the type of server security i was thinking was:
    a linux server set as a dedicated router, probly using squid and maybe pc-cillin's virus wall insatlled, wich is then connected to a switch and then the server computers, these would all have to have some type of fire wall of-coarce something like Nortons, that what i use and it's pretty good... The site it's self would be a VPN of computers connected to the server the network computers will just act as storage, the user has no privledges out of their folder, it is a simple file that contains information that can be read and writen to. none of the stored files will be allwoed to run when the user is offline (which stops ppl leaving logic-bomb virus and sighninging of) no stored files are allowed to be executed while in storege either.

    --- Now THAT is security
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules