h a l f b a k e r yNot so much a thought experiment as a single neuron misfire.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Browsing through my computer files recently, it occured to me that i dont know what more than half of them are for.
I may know how some of them work by their names, file extensions or icons but most of them are probably weird system/data/log/library/driver/extension/backup files which have no descriptive
names or headers.
Clicking on Properties allows you to look at fields such as names/descriptions/distributor/version number etc BUT these fields are only filled in on main executable files and applications.
This may be one of the reasons that it is so hard to recognise a harmful file on a computer - because we cant tell rthjkl.exe from hjpoty32.exe
I propose that each file placed on a computer by installations should be required to have a description of its origins, a brief outline of what the file does and why it was placed on your computer.
E.g.
Name: ksenc.dll
Origin: Kangasoft.
Description: Catches messages from main KS32.exe application and encrypts.
The requirements could be built into operating systems so that they only allow files with the required fields to be placed on the storage medium (Hard disk etc).
(?) Microsoft TechNet article
http://www.microsof...eatfunc/winarch.asp "The Session Manager (SMSS.EXE ) is one of the first processes to be created when the operating system boots. It performs important initialization functions, such as creating system environment variables, defining MS-DOS devices names such as LPT1 and COM1, loading the kernel mode portion of the Win32 subsystem (discussed later in this section), and starting the logon process WinLogon." [phoenix, Oct 23 2002, last modified Oct 04 2004]
(?) Another Microsoft TechNet article
http://www.microsof...t/prmc_str_elqj.asp "An essential subsystem that is active at all times. Csrss.exe is the user-mode portion of the Windows subsystem and it maintains console windows and creates or deletes threads. Csrss stands for client/server run-time subsystem." [phoenix, Oct 23 2002, last modified Oct 04 2004]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
I don't think this would be much use for differentiating harmful files as the virus programmer would just fabricate the labels to look reaonable just as the subject line in mail worms is made up. However I like any idea that makes computers a little more understandable to the layman so (+) |
|
|
What does //Description: Catches messages from main KS32.exe application and encrypts// mean?
Is it a "good" or "bad" file? |
|
|
I don't see how this would help unless the descriptions were totally basic. |
|
|
Mac?! Only if a vendor takes the time and that's pretty rare. |
|
|
smss.exe? That's odd that you have that. |
|
|
Windows XP does a little of this. If I find smss.exe in explorer and hover my mouse over it, a popup says, "Windows NT Session Manager", as well as supplying a few further details. It would be nice if this happened for all files so that you can see what they are and where they came from. A URL of the supplier's web site wouldn't go amiss either. |
|
|
Assuming you're using Windoze 2000 or later, right-click on the offending file, select Properties from the popup menu, and then select the Summary tab. This has all sorts of things like Title, Comments, Source, etc. Whether the application developer fills them in is a different question, but the mechanism is there. |
|
|
[PeterSilly] - I'm not sure if you read the idea properly. The idea was to make the filling in of those fields a requirement before the files are allowed to be placed on the hard drive. Obviously, the fields would be set read-only. |
|
|
[UnaBubba] - Dont you ever wonder what all those things are running in the background when you look in task manager? This would solve that problem. |
|
|
I very much like Nick@Nite's annotation, i just had a problem with my computer which i could have solved easily if it was easy to link a file name in task manager to a windows service. |
|
|
smss.exe is a good example - the file properties says "Windows NT Session Manager" but no further info is given... we should be able to find out what that means in case we dont even need a Windows NT Session Manager... you could be wasting valuable memory to run pointless background service executables and not even know why! |
|
|
The information is available (links). All you have to do is look for it. |
|
|
I want answers! Why does Captain Kangaroo'''''s idea get to keep the ! in it's title? Never happens for the rest of us. Gosh we can't even do * or "" or use (good) curse words. I demand a recount!!!!!! |
|
|
[st3f] Ah. I mistakenly thought it was the remote server management process and wondering why anyone would be running that on their browsing machine. |
|
|
70,000? That's it? God that would be nice. At last count, I was pushing 180k. |
|
|
// I don't think this would be much use for differentiating harmful files as the virus programmer would just fabricate the labels to look reaonable just as the subject line in mail worms is made up. // |
|
|
Perhaps a virtual signature may be helpful here. Similar to the ones used in internet applications and device drivers. Although an online check or somthing would be required to validate the signatures - this could be a way forward in virus/worm dectection/prevention. |
|
|
kind of a let's all but I don't like that rule anyway. [+] |
|
| |