147 posts
Location
My Computer
Posted 05 March 2014 - 12:16 AM
EDIT: Thread closed because I found some major bugs. Update soon!Hello Computercrafters!
I have been working on this project on and off for about a month now, so I decided it is time to release:
ViProc 1.0!This program is an antivirus that can handle pretty much any virus. I have tested it against many, and it has prevailed.
It is my first program, so constructive criticism is welcome!
Known bugs:None so far. Tell me if you find one!
Pastebin id:
QpM38FtNHave fun!
Edited on 05 March 2014 - 12:37 AM
7508 posts
Location
Australia
Posted 05 March 2014 - 12:24 AM
easily bypassable, actually easier than easy; not sure why people keep insisting on making keyword search "anti-virus" programs.
147 posts
Location
My Computer
Posted 05 March 2014 - 12:41 AM
Again, v1.0, juts released this as a framework. I will add probably thousands of keywords, an AI for finding out if a file is infected or not.
And, it is not like you original, but you forgot something.
Not many pro coders make viruses! If you made a virus, I am sure it could bypass the strongest antivirus. But,
at least on most servers, we are dealing with noob - intermediate coders, which this program handles spectacularly.
It is more made for noobware than anything….
7508 posts
Location
Australia
Posted 05 March 2014 - 01:01 AM
but the problem that is present with keyword searches are programs that have perfectly harmless intensions can be flagged and removed.
For example take this snippet that could be at the top of a program
Assume file name is `startup`
local version = 1.0
function getVersion()
return version
end
local function updateCheck()
shell.run("paste bin get gd564er .temp")
local file = dofile(".temp")
if file.getVersion() > version then
fs.delete("startup")
fs.move(".temp", "startup")
end
end
the above code with a keyword search would flag the file for the use of
fs.delete thinking it has malicious intent, when in actual fact it definitely does not. This is the problem present with using keyword searches.
Edited on 05 March 2014 - 12:01 AM
147 posts
Location
My Computer
Posted 05 March 2014 - 01:04 AM
Yes, that is why I let the user choose to delete the files or not. Later I will have it so that they can pick specific programs to delete out of the ones that the program says are infected.
And if there is any other way besides keywords searches that would be effective please tell me.
7508 posts
Location
Australia
Posted 05 March 2014 - 01:11 AM
It'd be better to take a page from real software.
Wikipedia article.
Make a virus definitions database that you compare against.
EDIT: and if you plan on having internet updating then that introduces a bunch of extra problems 'cause someone could easily override
http.get to return an empty definitions file to you. I'd probably say the best way of avoiding this would be to do a
string.dump comparison of
http.get to make sure that you're using the 'vanilla'
http.get.
Edited on 05 March 2014 - 12:17 AM
147 posts
Location
My Computer
Posted 05 March 2014 - 01:37 AM
Thanks for the tip! Closing the thread for now… found some major bugs.
EDIT: I probably wouldn't actually need to use string.dump because the only way they could ovveride that function is rewriting it in the startup file or using os.loadApi, but my program would be disk/startup, so the startup would never load, and obviously I would not load a malicious api in the code.
Edited on 05 March 2014 - 12:46 AM
882 posts
Location
Behind you.
Posted 05 March 2014 - 02:21 AM
Thanks for the tip! Closing the thread for now… found some major bugs.
EDIT: I probably wouldn't actually need to use string.dump because the only way they could ovveride that function is rewriting it in the startup file or using os.loadApi, but my program would be disk/startup, so the startup would never load, and obviously I would not load a malicious api in the code.
Custom rom/autorun. Autorun runs before startup.
301 posts
Location
Whenever, Wherever!
Posted 06 March 2014 - 02:42 AM
Custom rom/autorun. Autorun runs before startup.
If you have something in rom that does that then you've got bigger problems.
7508 posts
Location
Australia
Posted 06 March 2014 - 02:48 AM
I probably wouldn't actually need to use string.dump because the only way they could ovveride that function is rewriting it in the startup file or using os.loadApi, but my program would be disk/startup, so the startup would never load, and obviously I would not load a malicious api in the code.
Not completely true. not all `virus'` take control away from the user or lock down the computer, they could for example run another shell instance and send everything you type to another computer over Rednet. The user could then run program but 'cause it's running in an environment that is controlled by the `virus` it can effect how your program works.