[ros-dev] Security Suite

[David Hinz]

As recently the discussion about a firewall and a virus-scanner came up 
again, I thought of a new thing, that is a bit different than the 
already known things.

My idea is not to use a firewall and a virus-scanner, I want to create a 
new service, that may be configured by a gui, a console app or by other 
apps, that might use some of its features.
This service should do the following things:

- Having a look at the network traffic, which includes the following:
    - Controlling, which application may use the network connections
    - Controlling, how many traffic they cause, which could warn the 
user about suspicious actions
- Watching the running processes for unusual events
- Checking every file that is read or written for viruses
- Scanning the http-traffic for ads and viruses

But the most important thing for me is that if this service is shutdown 
without the user agreeing to that, which may be checked by ntoskrnl, the 
user should be informed about it and nearly all network traffic should 
be blocked.
Then the network-card should be deactivated, all userprocesses should be 
paused and all drives should be checked for viruses.

I think this is hard, but it will make it much harder for worms to 
spread, as they don't have the chance to deactivate our securitysuite 
and so they will be detected within two days and if they try to shutdown 
the securitysuite they have no chance to spread.
That would be more secure than any other existing OS.

This are just a few thoughts, feel free to change it the way you like it.

Greets,

David Hinz