[ros-dev] ReactOS and Viruses
Waldo Alvarez Cañizares
wac at lab.matcom.uh.cu
Thu Nov 25 17:15:21 CET 2004
Hi Thomas:
There are some parts of your e-mail that I can't understand but I believe you try to give some kind of solution. And yes I think is correct at some point, I was wondering once about that, to do the same with native applications as for example what is done with java applets running in the browser. Containing them to some set of files. I think that yes it would be good to prevent applications corrupting other files and such things. And in fact could be great for advanced users But ...
1 - That is not a solution for viruses, there are kernel mode virus and trojans I wonder how that can get there. At the end human intelligence can't be stopped that easy and of course the opposite also happens, ignorance could be huge. I wonder how a virus like the I love you that can be written in a couple of minutes could spread that far. Believe me that won't work.
2 - That should not be enabled by default, sometimes if you present a password to users they will get lost. That happened to some users that switched from win98 to an NT based one. That was news, and was true. With the solution you propose there will be a lot that will press the Yes. Eh I even know ppl that click whatever they please when a message box appears.
Regards
Waldo
________________________________
De: ros-dev-bounces at reactos.com en nombre de Thomas Larsen
Enviado el: jue 11/25/2004 12:42
Para: ReactOS Development List
Asunto: RE: [ros-dev] ReactOS and Viruses
Hi why would it be a could a idea simply becures we eliminate a lot of old viruses but we could
allso make a function theire hold all exe files from execute when they contain some strange
command f.eks the delete or format funtion or some other stuff or some kind of database and the
send a signal out
Maybe
Reactos->MaybeVirusFile(Filename,Path);
VirusApps<-TestingFile(Filename,Path);
Ekstra Idea:
And a funtion to Stop new apps from run (REGEDIT RUNAPPS etc.)
Some New viruses use that way to start all the time and the user could be asked
NEW APP STARTING UP
RUN THE APP [X] DISMISS THE APP [ ] VIRUS TEST APP [ ]
Information about file
NEWER SHOW AGAIN [X]
And then make a group of apps that run i secure mode FOLDER SECURERUN
and then make a group of apps that run i unsecure mode FOLDER UNSECURERUN
So those in SECURE can´t change the reg and delete file e.g.
don´t know just and idea
but think people should care more about getting reactos to work...
Thomas
>>Hi Rick:
>Well I don't believe that would be a protection at all against viruses. Why?
>If I where to write a virus and knowing that reactos has such protection that would not stop me
at
>all. I could simply write a function to calculate the hash in the virus (or simply tell the OS to
>do it for me) and update such database. Look at windows file protection, virus laugh at it. I
>think the verification of the PE checksum is enough to tell if a file is corrupt and would be
>faster
>wich means a faster load. If you want to know some more about viruses look for the e-zines of 29A
>on the internet to find out more about the subject. Their articles are as advanced as those in
Waldo
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Ros-dev mailing list
Ros-dev at reactos.com
http://reactos.com:8080/mailman/listinfo/ros-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 6358 bytes
Desc: not available
Url : http://reactos.com:8080/pipermail/ros-dev/attachments/20041125/9a8c834e/attachment.bin
More information about the Ros-dev
mailing list