Anti Virus

Anti Virus

sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Ok now before you get all "Don't do that you'll break things and this and that and shit," it isn't going to be an actual anti virus program. That is, I am making it because of all the components involved in it (i.e. updating, searching for things, an advanced UI, auto scanning removable media [usb, mp3 players, etc], scanning files after download, scanning files in explorer, scan boot sector, analyse and detect patterns, email scanning, heuristic scanning, oh and how to quarantine things, add scanning capabilities to the context menus, 'activate' product, and pretty pictures that do pretty things -yes that's right my anti virus will be the only one that has a picture of a virus on it!).

So how would I go about doing those things?

Also, this.
 
 
2010 Jan 8 at 16:41 PST — Ed. 2010 Jan 8 at 17:04 PST
Down Rodeo
Cap'n Moth of the Firehouse

Find the Hole II Participation Medal
2007 Oct 19 • 5486
57,583 ₧
Well, I'd be impressed, let's say that. I'd have a separate executable or library that contains your scanning function, takes one file, scans it. Then either call this library or executable when you want to scan for viruses. But you realise, this is not small fish, right? The UI... use whatever you like. I guess the default Microsoft widgets would be best. Also, I am not sure that your post made a lot of sense. Check your parentheses.
 
 
2010 Jan 8 at 17:19 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Hey DR long time no talk.
I know most anti virus programs (henceforth av) have a lot of executables (i.e. tray, scan, ui, update, etc.). Would it be a good idea to make it all into one with a bunch of dlls to call and such, or is it better to have a bunch of sepearete exe. Also, I will have to figure out a way to check the av to make sure its (ironically) not infected.
 
 
2010 Jan 8 at 17:37 PST — Ed. 2010 Jan 8 at 17:37 PST
Down Rodeo
Cap'n Moth of the Firehouse

Find the Hole II Participation Medal
2007 Oct 19 • 5486
57,583 ₧
That one's kind of your call. The benefit of having separate executables is that the user can, for instance, specify the exact EXE as the one to use in their browser, can ... well there's a lot of stuff. But DLLs are cleaner, probably, and I'm talking out of my arse. Really at this stage of proceedings I have very little idea. I don't know how much information there is online about writing antivirus software, you could try the usual suspects I guess. There are also a couple of open-source programs out there.
 
 
2010 Jan 8 at 17:44 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Yes everyone agrees that you shouldn't make an av. Open source...ne'er thought about it, thanks.

Clamwin


Uhhhohhh, its python.
 
 
2010 Jan 8 at 18:01 PST — Ed. 2010 Jan 8 at 18:12 PST
SuperJer
Websiteman

2005 Mar 20 • 6153
I wouldn't be too concerned about exe's vs. Dll's and stuff yet. You shouuld focus on one part of the project at a time for now. Once you have some pieces ready you can figure out how to arrange them.

Figure out what the core functionality is and make that.
 
 
2010 Jan 8 at 22:44 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
By core functionality you mean the kernal like the searchy findy malware engine? Also, would it make that much of a difference if I made it in C# vs C++?
 
 
2010 Jan 8 at 22:47 PST
SuperJer
Websiteman

2005 Mar 20 • 6153
Sounds about right.

Of the two I would recommend C#. Or whatever you know better. C++ is kind of a clusterfuck.
 
 
2010 Jan 8 at 23:21 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Problem is I don't know C# or C++.
 
 
2010 Jan 8 at 23:57 PST
SuperJer
Websiteman

2005 Mar 20 • 6153
What languages do you know?
 
 
2010 Jan 9 at 00:41 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Um... a little of Visual Basic. But I was wanting to move onto
something more powerful, you know? Also, I got 5 books coming from
Amazon.com about C# and C++, thats mainly why.
 
 
2010 Jan 9 at 10:20 PST
Rockbomb
Dog fucker (but in a good way now)

2009 Nov 13 • 2045
If you want an online tutorial also, I reccomend going through this.
 
 
2010 Jan 9 at 13:11 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
I was leaning towards C#...The main problem I have is that I am not sure of the structure of C# and C++. That is where I am having problems. Also, I don't know the full extent of the .Net framework.


How can I disable or hide the Minimize, Maximize, and Close buttons without losing the title bar?
 
 
2010 Jan 9 at 18:42 PST — Ed. 2010 Jan 10 at 00:22 PST
Down Rodeo
Cap'n Moth of the Firehouse

Find the Hole II Participation Medal
2007 Oct 19 • 5486
57,583 ₧
This is where looking at the class definitions would probably help.

RE: clusterfuck - I was doing some Java last semester and something I had done reminded my tutor of a certain language. I said I saw this in a code snippet of yours (it's to do with the C++ style of passing variables to a constructor) and he said, "Of course! C++ is *the most evil language* I have ever seen!", it was fun times.
 
 
2010 Jan 10 at 07:03 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
I am going to use separate executables for the different process (as mentioned above), so that I can reuse them later without building them again (unless to improve them or update). So I was wondering how something (like an av) updates. Obviously it connects to a server or whatnot, but how does it 'know' when there is an applicable update? How does it actually append new code or renovate the existing code? How can I make sure the connection is secure and not 'hackable?'
 
 
2010 Jan 10 at 16:15 PST — Ed. 2010 Jan 10 at 16:16 PST
Down Rodeo
Cap'n Moth of the Firehouse

Find the Hole II Participation Medal
2007 Oct 19 • 5486
57,583 ₧
You could do version numbers. If the version number is different, download the new file. Then you can verify it by using md5 sums, after downloading through a secure connection, if you're paranoid.
 
 
2010 Jan 10 at 16:55 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Down Rodeo said:
Then you can verify it by using md5 sums...

What?

Down Rodeo said:
...if you're paranoid...

Cautious.
 
 
2010 Jan 10 at 17:40 PST — Ed. 2010 Jan 10 at 17:41 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Down Rodeo said:
No, paranoid is *good*.

Sure paranoia never leads to schizophrenia.

And, you could have jus' said encryption algorithm.

Also...

US-CERT of the U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"[7]

Also how do I use a cryptographic algorithm? And where do I actually find the 'source code' or whatever to use the algorithm?
 
 
2010 Jan 11 at 08:27 PST — Ed. 2010 Jan 11 at 08:41 PST
Rockbomb
Dog fucker (but in a good way now)

2009 Nov 13 • 2045
Theres a lot of online encrypters, but I think they are more based for short lengths of text, like a password. So I'd try and find a downloadable program that encrypts large amounts of text.
Also, yeah md5 has been cracked, and so has sha1, but your still better off using them than using nothing... or you can find a different hash.
 
 
2010 Jan 11 at 08:49 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Was going to use sha-2...

Ohh..I know Microsoft used the md5 algorithm in some source code to demonstrate encryption so I could get it from there...
 
 
2010 Jan 11 at 09:01 PST — Ed. 2010 Jan 11 at 09:08 PST
Down Rodeo
Cap'n Moth of the Firehouse

Find the Hole II Participation Medal
2007 Oct 19 • 5486
57,583 ₧
sprinkles said:
Sure paranoia never leads to schizophrenia.

That's what they want you to think.
sprinkles said:
And, you could have jus' said encryption algorithm.
Also...
US-CERT of the U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"[7]

Why say the simple thing? I said md5 because it's well-known and while it is not useful for high-security applications it's probably sufficiently nontrivial to be of use to check that a downloaded file is the right one. Combine that with filesize, magic numbers... it's probably ok.
 
 
2010 Jan 11 at 09:38 PST
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
I jus' though of something, ironically its how malware evade av applications. That is, they encrypt any unused exe, dll, or any other file as well as any code that is in memory that is not currently being used. They decrypt what they need when they need it then re-encrypt it when they're done. Damn good idea.

Down Rodeo said:
...while it is not useful for high-security applications...

So an av program isn't 'high-security?'


Also, would encrypting a file then encrypting the encrypted file add to security?
 
 
2010 Jan 11 at 11:45 PST — Ed. 2010 Jan 11 at 11:50 PST
Rockbomb
Dog fucker (but in a good way now)

2009 Nov 13 • 2045
I tried encrypting an already encrypted program once, and it brokeded it :(
 
 
2010 Jan 11 at 11:54 PST
Down Rodeo
Cap'n Moth of the Firehouse

Find the Hole II Participation Medal
2007 Oct 19 • 5486
57,583 ₧
Probably not. And when I say high-security, I mean, banking programs, large programs, that sort of thing. Making a one-time md5 hash of a file to check you've downloaded the right one is not exactly what I meant. The algorithm is good enough that a small change to the file produces a different md5. In fact, probably any change is enough. If an attacker knew the md5 to create he could create a file with those characteristics but it would likely have many other noticeable differences to the original.
 
 
2010 Jan 11 at 12:21 PST
Page [1] 2