May 9th, 2003, 05:55 PM
making an anti-virus solution
sorry i've posted this before, but i put it in the wrong forum and have got no replys so i thought this should be more sutable.
[glowpurple]*before you give me anti-antipoints just think a lot of work has gone into this and if you cant understand it, it's probly not my fault*[/glowpurple]
Ok, I just though of a great anti-virus idea if you are interested in helping me amke it email me at 'firstname.lastname@example.org' ok it probly wont make sence untill the end an will look like im rambling on about virus' but bear with me and it will make sence in the end... here i go:
if a site could be created where people could regester where when the person was loged on the site would record vital information about the users computer (with the regesteree have of given their full consent of coarce) and of coarce it would be extreemly customisable so that people could have control over what is logger and what is not... ANYWAY the site would record things like system.ini, win.ini, config.sys,autoexec.bat, command.com and make a secure copy of all these files. then it would record system information like processor type and hardware and also record :
>ports "ie: netstat -an"
>and all the processors running and not in the windows KERNAL
~of coarce first when the user sighns up the user resedent program must run an intergerty check with the site and then scan for any logging processesors... This information is only to valuable to hackors.
ok done, this means no virus/trojans/keyloggers/whatever else is going to run next login.
the processes check and the kernal check should hopefully mean that no viruses are running now.
so next comes the scan, let me define more clearly:
ther are basically 3 types of scans you can do to find viruses these are:
1. get a copy of every thing on the hard-drive and then check if it is any bigger of if data has been changed a wee or so later - problem is this means you cant realy use you computer for anything and problem 2 is it only means helps if you've already been infected.
2. Is what most virus scanners do, namely nortons, you get a huge list of all the viruses you know and check every thing to see if you have any of these. problem is some rediculous number like 60,000 new viruses are made each day plus eventuall with all these virus's it is unfeasable because it eventually becomes so big and hard-drive consiming it gets almost pointless.
3. is what pc-cillin (my favourite) and proble a hand full of other coppy's do is check in real time all information that is going to be executed for any code that looks suspicious with give away traits "example: delete C:", it's a pretty good tequnique but of coarce there are exeptions, like hackors find new ways to make virus' do their thing.
now thats out of the way... this is looking to be pretty lengthy but anyway,
the program will scan the;system info-hardware, bios, ports, win.ini, command.com and autoexec every time it is connected with the first time and look for changes, and warn the user who can then say to ignore whatever. Also with the users approvial (required because you will probable come up with a LOT of false positives it will preform a comparison scan to the regesty)
next it will scan win.ini,command.com,autoexec and the kernal and the system proceses with a list of all regestered viruses, the list of coarce is stored on the server computer so it can be changed with out having to releace new versions and so it does not take up the users valuable space.
and lastly it scans win.ini, command.com and the kernal for any suspiciose code which the user can send to the server experts to check to see if it is anything or not.
now lastely it preformes a system scan this suld be the longest part of a system check.
You've probly heard of a boot sector virus, actually probly not... but hey! they are still harmfull here is how they work, below is a diagram of you computer when you power up:
Power | Boot-sector | Dos | start win | proces'|
----- | | most virus' now start they then lay
| | idle here.
| here virus' can delete things windows wont let you.
the first partof the hard drive, here it looks for all the things it needs to run, note this is even befor dos.
so you see the boot sector is harder to scan for because windows and even dos haven't even started yet, so the virus-scaners arn't even working, they sit in the first part of your hard drive called the boot sector and start doing their thing, making your system hang.
bacically i dont know how to scan the boot sector or how to install something in the boot sector so you will probably need another virus program untill i (and hopefully my team) learn how to.
the system scan will run both a suspicious code check and a virus list code comparison check for all of your hard drive, your cd-rom's you floppy drives and your network (if you select for it too, may take eons depending on how big you network is). basically i dont like full system scans because the can only catch a virus every time you tell it to, which if you lasy could be never and it's then no use, the use of the 'anti-virus anonomous' is that it will do it on a continous loop every time you on the net, and that it's virus list is a huge data bace that can be updated faster than anyother virus solution.
the first part of the full system virus scan starts at the 'downloaded folders' -or something like that- folder and the "recent", "my received files", "my documents" and "temp folders" as this is where most viruse start out. then it will scan the 'windows folder' more specifically 'system32' and 'system' and then the entire folder, next the 'program files' and lastly every thing else form 'my computer' excluding the pre-mentioned.
and of coarce it will probably need a live scaning on all ports wich is in effect a fire-wall as well as a virus scaner.
bacically, i'm looking for help to make this program. a secure server bace, where people once loged on to can store sencitive files, they need protected, where user defined information about the system is stored. a small indescreate program will be running (once downloaded) as a small icon in the toolbar out of your way, untill the user logs onto the inter net the program will either (if the user defines) do nothing or scan in real time for suspicious code. How ever it is when the system connects to the net the program will realy kick in and out shine a lot of other virus programs, the program will run the pre afore mentioned scans all with out the user ever having to think about it, knowing that is's protecting their computer, when the user doese want to know whats going on they will simply double click the icon and it will show all the system changes and new opened ports the user then says what to ignore and lets it get back to work. This program should be better than normal virus scans because it is built around the server, constantly checking its virus list and scaning for new virus' added to the list in real time, it will also provide a place for people to store important files securly.
if your interested in helping me make it and you know a fair bit of programming just contact me, also if you want to steal my idear could you atleast put some notifycation that i thought of it. thanx.
May 9th, 2003, 07:16 PM
Panda ActiveScan sort of does what you're talking about. It runs from a server, & is free.