Solve : 'New Hope' :-) working to create the best anti malware ever?

1.	Solve : 'New Hope' :-) working to create the best anti malware ever?
Answer» Let's start by seeing if this will be the correct subforum to do so here goes my plans: I want to create the newest most badass antimalware ever! For years I have used Linux LiveCDs to clean systems with the greatest ease and success so I am pretty sure I want to use a Live environment this does not mean we need to load up Knoppix or our favorite version of Ubuntu, other options include Bart's PE, UBCD, and others. What I have no clue on is where to start. I will be doing some reading and posting links as they come. If you have something that could give me a nice kick in the @55 please let me know. P.S. I started making something in PowerShell but I don't think that will meet my needs, I also know python, AHK, and am willing to learn what ever needed.Why Re-invent the Wheel... Well we could say that is why I have made this post. I will give this a try but not without first saying that I want to make something that works as well as combofix and superantispyware and all of the others in in 1 scanning/cleanup tool. I hate the hours it takes to clean a computer these days and my family is always having me out to clean their computers. I did find some interesting reading last night. I will post links for those interested but now I have to go play with this new 'toy'. Generally, any "goal" of the sort "I want to create the best X ever" is doomed to fail, especially with regards to software. why? It's an ego-centric goal. The goal isn't to create the best X ever, it's to associate your name with the best X ever. Do you have any real programming experience? Are you really trying to create a malware tool or are you going to combine a bunch of other tools written by others to create some sort of LiveCD? and If so why? combining tools is already being done, and far more effectively, by others. In order to create a Anti-malware tool, you will, at the very least, need to be intimately familiar with: how malware INFECTS a machine. This means the exact attack vectors- what registry keys it changes, where it places and how it places files on the hard drive, how to identify those files, and so forth. The Win32 API. Especially with regards to the use of null characters in some registry keys/sections that can be used to effectively hide them, and how to workaround them. As such you would also need to be familiar with the on-disk Registry format, a write-up on which can be found here. Because the more infectious malware will install rootkits that will basically cause the win32 API to give you false information and not return any information indicating the malware, you would also need to create your own IMPLEMENTATIONS that use direct Disk access and read sectors/clusters and interpret the on-disk structures to try to find malware- (example: RootkitRevealer, which both interprets on-disk structures itself as well as reading the registry itself (to circumvent the known issues involving null characters and API hooking to hide registry entries). Then you'll need some sort of signature engine to detect those pieces of malware that otherwise hide in plain sight. Thing is, all the Anti-malware tools that are prevalent now: 1. Are written by one person, but do only one thing, and try to do it well. These are usually written by people with an extensive background on the subject. 2. Are written by a number of people, and do a number of things well. Again, paid professionals working in their field of expertise. what you are trying to do is create a third category, a anti-malware program written by one person, who, from what I can TELL, has no actual background in the intricacies of malware cleaning and has so far only been a user of tools in category 1 and 2, and that program will not only be "the best ever" (somehow PUTTING the tools written by professionals in the field to shame) but also will be what amounts to a "weekend project" of sorts. I hate to be negative but this is just unrealistic. It's the equivalent of saying "I want to create the best IMAGE editor ever" and citing your use of other image editors as "experience". That might help you know how to make things look from the users point of view, but it doesn't give you additional insight over how it works internally. What it really sounds like you want to create is not the "best anti-malware ever" but rather the best malware-cleaning Environment, that is, an environment that you run those other tools in. This is a bit more realistic but that area has already been saturated with products, including those you mention. What exactly can you add to things like Bart's PE, UBCD, etc that will make it better for your purpose? If you can answer that question, then do it. Quote I hate the hours it takes to clean a computer these days and my family is always having me out to clean their computers. An ounce of prevention is worth a pound of cure. The key to prevention is to educate, not create tools that make it easier to administer cure.

Answer»

Let's start by seeing if this will be the correct subforum to do so here goes my plans:

I want to create the newest most badass antimalware ever! For years I have used Linux LiveCDs to clean systems with the greatest ease and success so I am pretty sure I want to use a Live environment this does not mean we need to load up Knoppix or our favorite version of Ubuntu, other options include Bart's PE, UBCD, and others. What I have no clue on is where to start.

I will be doing some reading and posting links as they come. If you have something that could give me a nice kick in the @55 please let me know.

P.S. I started making something in PowerShell but I don't think that will meet my needs, I also know python, AHK, and am willing to learn what ever needed.Why Re-invent the Wheel... Well we could say that is why I have made this post. I will give this a try but not without first saying that I want to make something that works as well as combofix and superantispyware and all of the others in in 1 scanning/cleanup tool. I hate the hours it takes to clean a computer these days and my family is always having me out to clean their computers. I did find some interesting reading last night. I will post links for those interested but now I have to go play with this new 'toy'. Generally, any "goal" of the sort "I want to create the best X ever" is doomed to fail, especially with regards to software.

why?

It's an ego-centric goal. The goal isn't to create the best X ever, it's to associate your name with the best X ever.

Do you have any real programming experience? Are you really trying to create a malware tool or are you going to combine a bunch of other tools written by others to create some sort of LiveCD? and If so why? combining tools is already being done, and far more effectively, by others.

In order to create a Anti-malware tool, you will, at the very least, need to be intimately familiar with:

how malware INFECTS a machine. This means the exact attack vectors- what registry keys it changes, where it places and how it places files on the hard drive, how to identify those files, and so forth.

The Win32 API. Especially with regards to the use of null characters in some registry keys/sections that can be used to effectively hide them, and how to workaround them. As such you would also need to be familiar with the on-disk Registry format, a write-up on which can be found here. Because the more infectious malware will install rootkits that will basically cause the win32 API to give you false information and not return any information indicating the malware, you would also need to create your own IMPLEMENTATIONS that use direct Disk access and read sectors/clusters and interpret the on-disk structures to try to find malware- (example: RootkitRevealer, which both interprets on-disk structures itself as well as reading the registry itself (to circumvent the known issues involving null characters and API hooking to hide registry entries). Then you'll need some sort of signature engine to detect those pieces of malware that otherwise hide in plain sight.

Thing is, all the Anti-malware tools that are prevalent now:

1. Are written by one person, but do only one thing, and try to do it well. These are usually written by people with an extensive background on the subject.

2. Are written by a number of people, and do a number of things well. Again, paid professionals working in their field of expertise.

what you are trying to do is create a third category, a anti-malware program written by one person, who, from what I can TELL, has no actual background in the intricacies of malware cleaning and has so far only been a user of tools in category 1 and 2, and that program will not only be "the best ever" (somehow PUTTING the tools written by professionals in the field to shame) but also will be what amounts to a "weekend project" of sorts.

I hate to be negative but this is just unrealistic. It's the equivalent of saying "I want to create the best IMAGE editor ever" and citing your use of other image editors as "experience". That might help you know how to make things look from the users point of view, but it doesn't give you additional insight over how it works internally.

What it really sounds like you want to create is not the "best anti-malware ever" but rather the best malware-cleaning Environment, that is, an environment that you run those other tools in. This is a bit more realistic but that area has already been saturated with products, including those you mention. What exactly can you add to things like Bart's PE, UBCD, etc that will make it better for your purpose? If you can answer that question, then do it.

Quote

I hate the hours it takes to clean a computer these days and my family is always having me out to clean their computers.

An ounce of prevention is worth a pound of cure. The key to prevention is to educate, not create tools that make it easier to administer cure.

Solve : 'New Hope' :-) working to create the best anti malware ever?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment