[ros-dev] Security Suite
post.center at gmail.com
Tue Nov 15 21:25:48 CET 2005
As recently the discussion about a firewall and a virus-scanner came up
again, I thought of a new thing, that is a bit different than the
already known things.
My idea is not to use a firewall and a virus-scanner, I want to create a
new service, that may be configured by a gui, a console app or by other
apps, that might use some of its features.
This service should do the following things:
- Having a look at the network traffic, which includes the following:
- Controlling, which application may use the network connections
- Controlling, how many traffic they cause, which could warn the
user about suspicious actions
- Watching the running processes for unusual events
- Checking every file that is read or written for viruses
- Scanning the http-traffic for ads and viruses
But the most important thing for me is that if this service is shutdown
without the user agreeing to that, which may be checked by ntoskrnl, the
user should be informed about it and nearly all network traffic should
Then the network-card should be deactivated, all userprocesses should be
paused and all drives should be checked for viruses.
I think this is hard, but it will make it much harder for worms to
spread, as they don't have the chance to deactivate our securitysuite
and so they will be detected within two days and if they try to shutdown
the securitysuite they have no chance to spread.
That would be more secure than any other existing OS.
This are just a few thoughts, feel free to change it the way you like it.
More information about the Ros-dev