h a l f b a k e r y[marked-for-tagline]
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
I am not a computer software engineer. I'm a handyman. There are a great many things happening inside this ugly putty-colored box that I don't fully understand, and many of them are frustrating. That said, I think antivirus software is entirely too complacent. It sits on your harddrive, waiting for
something malevolent to come along, then goes after it. Then it kills it on your computer, and that's the end of that.
WhiteCell.exe is an active program that is constantly watching the ports of your computer in conjunction with your other security systems, and as soon as it detects malware coming in, as defined by preexisting antivirus software, it leaps into action:
1) WhiteCell determines which port was used for entry, i.e. LAN or internet or phone synch or what-have-you. That port is blocked from further incoming traffic.
2) WhiteCell determines the originating address of the malware. This address is also blocked from further incoming traffic: it can't send anything to you, even through another port that may still be considered 'safe.' If the source address cannot be determined but a timestamp attached to the virus detection can narrow the range of addresses, WhiteCell clamps them all.
3) WhiteCell alerts the foreign host to the presence of the virus. If the host has no antivirus software with which to attack the virus, WhiteCell exports the necessary detection and eradication tools from its own host and loans them to the new host. If the host's existing antivirus definitions do not include WhiteCell's target, then only the definition is exported and WhiteCell monitors the detection and eradication process. WhiteCell will backtrack a virus through 'x' number of foreign hosts to chase a virus as far up its origination tree as licensing will allow, 'x' to be determined by endless debate and court battles.
4) WhiteCell determines the source of the original attack has now been disinfected and deflags the relevant addresses and ports. If WhiteCell cannot receive confirmation of disinfection, it can raise the security levels surrounding the foreign host by flagging it for extra scrutiny from the antivirus whenever that foreign host is in contact, recommending to the web browser that it ask for confirmation of intent when the foreign host's address is in the contact queue, or blocking it altogether. This is in effect forcing the foreign computer to wear a big sign that reads "UNCLEAN."
5) The WhiteCell 'spawn' that was sent to the infected foreign host purges itself from that host's memory.
It's free and easy
http://www.hitmanpro.nl/hitmanpro/ The ultimate weapon [zeno, Oct 24 2007]
[link]
|
|
Interesting idea, but the "whitecell" program you suggest would need to be given extremely wide powers - it would effectively have admin rights over your PC and would be allowed to install software on any other computer. Because of this, if it was widely used, it would be the target of malware itself and these attacks would most likely be succesful (no software is immune from attack). This would give these wide powers to the malware itself. This, I would argue, is worse than the current situation in which these powers are not used proactively or even very effectively by users who don't always know what they're doing, but at least they are less likely to be used without human intervention. |
|
|
baked...its called a firewall. |
|
|
Say I receive a notification from an arbitrary machine on the Internet that my machine is infected with a new virus. I'm not going to run any code that host provides - that would be a very easy way to get new malicious code onto my system. |
|
|
Crap, I didn't think of those - though I do disagree with the "firewall" statement. |
|
|
Hell, I guess this is a WIBNI. |
|
|
This is leading towards the evolution of
"antiviruses" - programs which would
propagate much like a regular virus, but
would hunt and kill malicious viruses.
The ideal "antivirus" would, I guess,
have some ability to evolve in response
to new viruses. On the other hand, it
would itself easily become a malevolent
virus (for example, if it mistakenly
started identifying some bona fide file
as a virus, and eradicated it). But I
think the idea of letting viruses chase
and kill other viruses would be
interesting. |
|
|
Hmm, well I understand the sentiment, malware is bad nk. |
|
|
Suggest you check out hitmanpro, see link, your troubles are over. |
|
|
I've never seen an idea I wanted to fishbun before. |
|
|
There exist firewalls with this sort of behavior (attempting to DDOS attackers, etc), but it is very much frowned upon. |
|
|
There have been many viruses that were supposed to fix other viruses but didn't do well or did too well and couldn't and then there were the clogged ports and the virus definitions and the FBI and the prosecution and the shouting and the bleeding and the pain....... |
|
|
Actually some forms of malware will, upon installing, patch as many bugs or security holes as they can find, including the one they used to gain entry. They also attempt to disable any other malware found on the same machine. |
|
|
This is probably done to prevent other botnet owners from taking control of the same victim, rather than for any altruistic motive. |
|
|
(Unfortunately, since this idea would be such a large security hole I'm going to have to give it a fishbone.) |
|
| |