Mailing List Archive

Cuchuk Sergey wrote:
> I have an idea -
>
> viruses or warms often use binaries or executables - so when we're
> protecting them from changing(or asking for comfirmation of user for
> program(for example installers can overwrite them)) we're protecting data
> from viruses
>
That would also prevent you from updating them. A query "what do you
want to do" is not safe, as
a virus can answer it itself.
I think that's a completely different protecting method than the
antivirus one. Plus i don't think there're
so much virus modifying .exe instead of copying themselves.
You'd need to do it as a driver to intercept the action. Windows already
does something similar
with Windows File Protection. You could have it protect other folders, too.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

In message <418911cd0805202321u5d2eabd3n63ff94a74af62bf6@mail.gmail.com>
"Cuchuk Sergey" <cuchuk.sergey@gmail.com>
wrote:

>viruses or warms often use binaries or executables - so when we're
>protecting them from changing(or asking for comfirmation of user for
>program(for example installers can overwrite them)) we're protecting data
>from viruses

It's a great idea -- In fact, so great that every modern operating
system has a robust set of file system permissions already included
which can do exactly what you want.

In the Windows environment, simply don't use an administrator account
all the time and executables installed in correct locations cannot be
modified.
--
Dave Warren, dave@djwcomputers.com
Office: (403) 775-1700 / (888) 300-3480

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

2008/5/22 Dave Warren <dave-usenet@djwcomputers.com>:

> In message <418911cd0805202321u5d2eabd3n63ff94a74af62bf6@mail.gmail.com>
> "Cuchuk Sergey" <cuchuk.sergey@gmail.com>
> wrote:
>
> >viruses or warms often use binaries or executables - so when we're
> >protecting them from changing(or asking for comfirmation of user for
> >program(for example installers can overwrite them)) we're protecting data
> >from viruses
>
> It's a great idea -- In fact, so great that every modern operating
> system has a robust set of file system permissions already included
> which can do exactly what you want.
>
> In the Windows environment, simply don't use an administrator account
> all the time and executables installed in correct locations cannot be
> modified.
> --
> Dave Warren, dave@djwcomputers.com
> Office: (403) 775-1700 / (888) 300-3480
>
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>

> It's a great idea -- In fact, so great that every modern operating
> system has a robust set of file system permissions already included
> which can do exactly what you want.
> In the Windows environment, simply don't use an administrator account
> all the time and executables installed in correct locations cannot be
> modified.

Yes that's right. I use this feature. But i'm a developer and design some
kind of software at home(including creating of installation packets). There
were about 6 times during last 2 years when i have to search all *.exe and
*.dll in my work disk partition and delete them, because of viruses. Now i'm
doing things in the next way: when i get a software packet - i'm zipping it,
when i'm stopping developing something - i'm changing permission for myself
to provide read-only access.

Yes of course it's a decision - but is it convinient?

So i propose a thing that when something tries to modify *.exe or *.dll
software shield should create window for user with alert: to allow or not to
allow for this process to alter binaries. If Yes, shield should ask user
wheather to always allow for this software to change it or not. If yes
anitivirus should save md5 summ of process it's name and location

Also as i'm a user i don't make updates. When I wan't to update something i
run process with administrator's privileges. Not as user

For Linux i don't know but i think there's analog situation.

Also I discovered that some processes tries to load their libraries in
explorer by configuring my registry key(of couse with user privileges)
So maybe it's good to disallow altering such registry keys (or allowing this
with making notification for user)

Best regards, Siarhei Kuchuk
-----------------------------------------
ICQ: 376562952
Cuchuk.Sergey@gmail.com
toCuchukSergey@yandex.ru

CONFIDENTIALITY CAUTION AND DISCLAIMER
This message is intended only for the use of the individual(s) or
entity(ies) to which it is addressed and contains information that is
legally privileged and confidential. If you are not the intended recipient,
or the person responsible for delivering the message to the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. All unintended
recipients are obliged to delete this message and destroy any printed
copies.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32