236 posts
Posted 27 December 2012 - 02:48 AM
Hello,
You might have heard of MOS-a CC os that i am working on. If you havent, check it out from under the programs forum.
The thing is that like any good OS, it needs an antivirus. And thats where YOU come in. I am asking you to post as many CC virus names in the comments below as you know of. This way a good online virus DB can be created by me and, when my OS releases, the DB will be licenced to anyone who wishes to use it in his/her antivirus.
Happy virus name posting from Makerimages!
1214 posts
Location
The Sammich Kingdom
Posted 27 December 2012 - 03:23 AM
The only reason real life anti-viruses use a database is because the code is compiled so it needs a sample of the viruses compiled code to detect it. In CC you really do not need a anti-virus. Sandbox the whole "OS" during startup and patch every know exploit in CC at startup as well. For instance you could do some code like this to prevent term.write use:
os.run({term = {write = function() print("Not allowed!") end}}, "pathToFile")
419 posts
Location
your hardrive
Posted 27 December 2012 - 06:18 AM
antivirus is almost unecessary because most viruses are like this
while true do
sleep (1)
print ("your computer has been hacked...")
end
475 posts
Posted 27 December 2012 - 08:42 AM
antivirus is almost unecessary because most viruses are like this
while true do
sleep (1)
print ("your computer has been hacked...")
end
Very true :P/>
797 posts
Posted 27 December 2012 - 01:23 PM
antivirus is almost unecessary because most viruses are like this
while true do
sleep (1)
print ("your computer has been hacked...")
end
Very true :P/>
I really want to make a virus that is unstoppable or an antivirus that will use an AI to detect malicious code not just something like this that does the same job as a 100 line code
404 posts
Location
St. Petersburg
Posted 27 December 2012 - 10:26 PM
antivirus is almost unecessary because most viruses are like this
while true do
sleep (1)
print ("your computer has been hacked...")
end
Very true :P/>
I really want to make a virus that is unstoppable or an antivirus that will use an AI to detect malicious code not just something like this that does the same job as a 100 line code
good luck doing that in-game. unless you have an impressive amount of ram just floating around and a ridiculous processor, getting a full-blown antivirus to work within cc is impossible. the code will be too complicated, and the java threads will run out of memory
423 posts
Location
AfterLifeLochie's "Dungeon", Australia
Posted 27 December 2012 - 10:50 PM
I can understand the urge to create an anti-virus - but I feel some people have the wrong idea here with regards to how you'd implement it.
For starters, a good offence is defence. If you can prevent a virus from spreading, or an exploit being run, isn't it better to stop propagation, rather than trying to clean it up afterwards? Isn't it a better idea to say "Okay, I know this will cause damage - so what can we do to prevent it?". It's somewhat easier to prevent over cleaning - considering there are viruses (or malware, really) that make cleaning up an absolute pain, and they rely on specific exploits that we can prevent from being used. I've written myself a BIOS which closes some pretty obscure holes - but holes nonetheless - for use on servers that are "prone" to viruses.
Secondly - you rely on ComputerCraft to be your antivirus "environment", or should I say, runtime. I wrote a few very simple VBScripts to look in ComputerCraft folders for viruses that were known to have specific keywords, patterns, signatures, bytecode, etc. So long as one or more keywords was matched, it could be removed - and sure, it's VBScript, it's awkward and somewhat iccky at times - but it works. There's no need to write a "pure ComputerCraft-Lua" solution either - you can bust out your favourite languages and do a bit of thinking about how you can do "scanning" or matching. Mathematical patterns, like Bayesian Filtering (which doesn't really work as a "scanner" - you're very prone to cop misfires, due to the limited syntax and "words" used in Lua) is an example of a method of filtering text. Bayesian Filtering has been used in things like email-spam catching and has a real world practical application.
At very best, you could create an entirely custom environment (like I have) to analyse scripts in a way that is safe, external to ComputerCraft, shows in-line traces and provides an interesting "toolkit" to Lua. I've only used this and a few other tools to decompile and deobfuscate some really nasty bytecode scripts - which I can always CRC and then compare back in my VBScript.
Think outside of the box - don't think CC as a limitation. If you can program in a language, use it. If you can write something, write it.
278 posts
Posted 28 December 2012 - 09:06 AM
I made an antivirus program that used a "scoring" system. (I got the idea from a BIOS replacement that automatically killed the system if it started spamming with
rednet.send/rednet.broadcast). In a nutshell, it would run the program in a sandbox that kept track of the "potentially dangerous" calls that the program made. If it made too many "dangerous" calls, then it would automatically kill the program and quarantine it for further examination. The only problem with my program was that it kept crashing to shell with the sandbox still active, so it would end up crashing the entire system the moment you tried to run something.
Anyways, my point is, instead of using signature-based scanning, maybe you should try to utilize heuristics of some sort.
423 posts
Location
AfterLifeLochie's "Dungeon", Australia
Posted 28 December 2012 - 11:43 AM
I made an antivirus program that used a "scoring" system. (I got the idea from a BIOS replacement that automatically killed the system if it started spamming with
rednet.send/rednet.broadcast). In a nutshell, it would run the program in a sandbox that kept track of the "potentially dangerous" calls that the program made. If it made too many "dangerous" calls, then it would automatically kill the program and quarantine it for further examination. The only problem with my program was that it kept crashing to shell with the sandbox still active, so it would end up crashing the entire system the moment you tried to run something.
Anyways, my point is, instead of using signature-based scanning, maybe you should try to utilize heuristics of some sort.
(I'm assuming your idea came from
this - you replied to the thread - but this is what I mean by prevention over cleanup.)
And as far as herustics go - distinguishing between "this is going to be nasty" vs "this might be suspicious" is difficult - and this is personally why I wrote an entirely separate execution environment to inspect and debug Lua scripts in that could cause potential damage, however, it's not automated - it requires manual interaction and inspection from someone, and can take time to break down an application nested inside bytecode, inside bytecode (byteception!), per say - but it's still possible. You're essentially suggesting that you do something like I did - you want to be able to break down and assess an application's threat level to a given system automatically, and I still feel doing this outside of ComputerCraft and Lua would be faster - simply because you can do faster parsing, and if you want to execute the Lua, you can go ahead and grab the debug() stack and get some really really useful tools to break apart Lua's execution and memory - not just grabbing upvalues in functions. The debug library is your ultimate friend.
As to how effective such detection is - it will still not be 100%. Some things will slip through the cracks and will be missed by detection, and that happens with most newly-birthed viruses. The solution to this is to still close security issues in the BIOS as a preventative - namely, to prevent the potential ability to cause even more damage, rather than localised damage to one computer. There are a number of obscure (and dumb, might I add) quirks in LuaJ that probably should have been addressed when it was coded - and I'm not going to go into discussion on that topic (as some still work). Regardless, if we can prevent the publicly-known ones from causing damage, then +1, you may have just saved yourself several hours of cleaning over five minutes.
8543 posts
Posted 13 August 2013 - 04:31 PM
Locked.