Valhalla Legends Forums Archive | General Programming | Spyware/Virus Protection System

AuthorMessageTime
FrostWraith
Would it seem like a good idea to write a program that calculates an md5 or other hash algorithm of the core system files? I just happened to have a bad mishap and had to blow my HDD (not my important one  ;)) but the one that my computer boots to. Do the size/contents of files (Windows) periodically change? If this seemed like a go, how would I be able to go about finding the files people like to inject code into? My ultimate goal is to write a program that compares hash values and see which files are corrupt.

Any help appreciated.
September 18, 2006, 2:34 AM
Skywing
If you apply hotfixes or otherwise patch your operating system against security issues regularly, then yes, they change.
September 18, 2006, 4:38 AM
FrostWraith
I figured as much. Does anyone really know how anit-virus programs really work? Are there preset names they are set to scan for?
September 18, 2006, 4:54 AM
Skywing
As far as real-time scanning goes, the well-designed AV softwares out there (few and far between as far as the AV world goes, unfortunately) use something called a filesystem filter driver that sits in between programs and the underlying filesystem in kernel mode and allows the AV software to inspect all file-level I/O before it is allowed to happen (or return to a program).

Detection of viruses themselves is typically done by some sort of pattern matching based on file data - although this is a fairly large oversimplification.
September 18, 2006, 5:02 AM
RealityRipple
The MD5 Idea might be a good one. Just prompt when it changes to ask if the change was expected or not. Then Update the hash of the file (and maybe make file backups in a compressed file?) if it's expected, and revert to the old version if it isn't. I think Windows XP does something similar to this already, though.
September 18, 2006, 5:14 AM

Search