Hi Rick:
Well I don't believe that would be a protection at all against viruses. Why?
If I where to write a virus and knowing that reactos has such protection that would not stop me at all. I could simply write a function to calculate the hash in the virus (or simply tell the OS to do it for me) and update such database. Look at windows file protection, virus laugh at it. I think the verification of the PE checksum is enough to tell if a file is corrupt and would be faster wich means a faster load. If you want to know some more about viruses look for the e-zines of 29A on the internet to find out more about the subject. Their articles are as advanced as those in phrack (the latest). I think there is not solution for viruses, users will always do insecure things and viruses will be there waiting for them to do it.
Regards Waldo
________________________________
De: ros-dev-bounces@reactos.com en nombre de Rick Langschultz Enviado el: Lun 11/22/2004 11:25 p.m. Para: ReactOS Development List Asunto: [ros-dev] ReactOS and Viruses
Sun will be releasing Solaris 10 shortly as a commercial product available for purchase. There is a new file system that is 128-bit, and is protected by md5 checksums, I think this is a great idea for reactos. I think before a program executes there should be a binary verifier that checks this checksum and then allows the program to run. This would help in deterring Windows viruses from attaching themselves to reactos binaries. Since ReactOS is open source it will be harder to protect a binary if there is an attack and a malicious user replaces a dll or an exe. Perhaps this can be done using a small xml file or a txt file called md5sums or something. Please let me know what you think.
Hi why would it be a could a idea simply becures we eliminate a lot of old viruses but we could allso make a function theire hold all exe files from execute when they contain some strange command f.eks the delete or format funtion or some other stuff or some kind of database and the send a signal out
Maybe Reactos->MaybeVirusFile(Filename,Path); VirusApps<-TestingFile(Filename,Path);
Ekstra Idea: And a funtion to Stop new apps from run (REGEDIT RUNAPPS etc.) Some New viruses use that way to start all the time and the user could be asked
NEW APP STARTING UP
RUN THE APP [X] DISMISS THE APP [ ] VIRUS TEST APP [ ]
Information about file
NEWER SHOW AGAIN [X]
And then make a group of apps that run i secure mode FOLDER SECURERUN and then make a group of apps that run i unsecure mode FOLDER UNSECURERUN So those in SECURE can�t change the reg and delete file e.g. don�t know just and idea
but think people should care more about getting reactos to work...
Thomas
Hi Rick:
Well I don't believe that would be a protection at all against viruses. Why?
If I where to write a virus and knowing that reactos has such protection that would not stop me
at
all. I could simply write a function to calculate the hash in the virus (or simply tell the OS to
do it for me) and update such database. Look at windows file protection, virus laugh at it. I think the verification of the PE checksum is enough to tell if a file is corrupt and would be faster wich means a faster load. If you want to know some more about viruses look for the e-zines of 29A
on the internet to find out more about the subject. Their articles are as advanced as those in
Waldo
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-
Thomas Larsen -
Waldo Alvarez Cañizares