Viruses && Malware ?

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

I did not say perfect but heres a few that need work.

Post by oiaohm » Sat Apr 16, 2005 12:51 pm

http://www.hsc.fr/ressources/outils/pktfilter/
http://sourceforge.net/projects/tdifw
These are windows allready.

http://coombs.anu.edu.au/ipfilter/
This could be embed in the reactos kernel.

Other feature http://www.hh.iij4u.or.jp/~yukon/soft/pipmasq/ could be embed as well.

The front end is the problem but this is a project.
http://www.fwbuilder.org/ would be a good place to start. Not the best front end but a front end. Ie if user does not install one they get a working one off the start like. It does not have to be the best in the pack it just has to work.

If user decides it too hard they have to install another firewall. This stops users running machines without one.

Now if I was saying

Ie No program can run without approvel ie user has to approve every program they want to run at least once and also virus scan as part of approval. Also all programs that access network have to be firewall aproved for what they will be using.

I could understand the upset people.

These are all starts now let. Forget the easy to use bit for now at least we are giving a people a good start from a protection point of view. Last thing we need is developers getting virus problems from poor defence. Ie more problems is it reactos or is it a virus or something we don't need that.

Gasmann
Posts: 283
Joined: Fri Nov 26, 2004 6:53 pm
Location: Germany
Contact:

Post by Gasmann » Sat Apr 16, 2005 3:40 pm

chris319 wrote:Name them. Or, if the perfect Windows open source firewall doesn't already exist, there's nothing stopping you from writing one.
For example, a very good firewall is the Sygate Personal Firewall. It's free and does really protect your pc. It has many features ZoneAlarm hasn't, e.g. DLL Authentication. But unfortunately it's closed source. There's also a commercial pro variant, haven't tried it yet.

mf
Developer
Posts: 368
Joined: Mon Dec 27, 2004 2:37 pm
Location: Eindhoven, NL
Contact:

Post by mf » Sat Apr 16, 2005 5:16 pm

I *really* like the idea of having IPCop running in a VMWare, as I read in c't the other day. Those kinda ideas are genius imho.

dark
Posts: 275
Joined: Wed Apr 06, 2005 9:40 pm

Post by dark » Sat Apr 16, 2005 8:20 pm

First of all reactos will never be vunerable to all of the windows viruses. a lot of the ones that come through the internet just start trying to access C:\windows\etc regardless of the operating system. a lot of hackers specificaly exploit buggs in windows code, reactos will not be vunerable to those either.

most opensource projects just patch the software frequently to fix bugs
There's no need, and not enough resources here to make a windows opensource virus scan for reactos.
The only things reactos would be vunerable to are things that can install themselves on the computer, which is usualy somewhat easy to spot.

mf
Developer
Posts: 368
Joined: Mon Dec 27, 2004 2:37 pm
Location: Eindhoven, NL
Contact:

Post by mf » Sat Apr 16, 2005 8:31 pm

Hardcoding "C:\Windows" would be *really* stupid. You can just call %systemroot% instead.

dark
Posts: 275
Joined: Wed Apr 06, 2005 9:40 pm

Post by dark » Sat Apr 16, 2005 9:55 pm

that's what the hackers do, besides it's the most used operating system so it just makes it easier to do for only one OS.

mf
Developer
Posts: 368
Joined: Mon Dec 27, 2004 2:37 pm
Location: Eindhoven, NL
Contact:

Post by mf » Sat Apr 16, 2005 10:01 pm

The only place where I've ever seen C:\Windows hardcoded was in some really badly written setup programs. Systemroot is an environment variable, mind you, so you can *EVEN* use it in batch files and on the commandline.

chris319
Posts: 55
Joined: Tue Feb 08, 2005 9:43 pm

Post by chris319 » Sat Apr 16, 2005 11:38 pm

If ReactOS has true Windows compatability the user should be able to install any number of Windows firewall/antivirus programs with no problem, be they commercial products or open-source titles included with the distro.

dark
Posts: 275
Joined: Wed Apr 06, 2005 9:40 pm

Post by dark » Sun Apr 17, 2005 12:59 am

do a google search for clamwin and you should come up with a gpl (that should solve the liscensing problems) liscensed antivirus software for windows, but it seems to be pre version 1

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Did and know about clamwin.

Post by oiaohm » Sun Apr 17, 2005 5:12 am

Problems with Clamwin no great realtime filescanning. Protects from email with outlook express(no use to us) and the interface still needs a good lot of work.

It is based on Clamav and need expandion.

Patching back doors works so well. But not all viruses depend on back doors in the os some depend in back doors in programs ie word viruses some one installed Word on reactos so Word could get infected.

I have done support to will be supprised how often today I find new computers where user has not installed a antivirus or full firewall.

Most times they say it has a firewall why sould I install one. Yep give them 6 months and they are hacked threw something icq msn filesharing... not alway windows.

Firewall also can slow down mailware.

This tech can be built in by default is better. Enabled by default. Disabled by user if required.

We need to protect our users not all will be smart about security. Microsoft says we will let a third party deal with that. This means we don't really care how bad our os is we will let someone deal with the problem.

Good firewall built in by default lets network protection over faults until a fix can be built. Better for our users. Note if the standard firewall was good enought for most users network patchs can come in two forms.

1 a temp firewall patch.
2 a code patch.

A temp firewall patch would be small verry small 2kb would be a large one. Responce time to network problems should be faster.

Same with a built in virus scanner fast responce to a problem.

Clamav can be made detect anything. It is not just a antivirus scanner it a scanner. It could even be used to stop users from installing dlls that are known to have a defect and be incompad with reactos.

If we get a methord that secuirty it first it will keep reactos in good steed.

Linux, freebsd, Mac OS X, Unix all have built in firewalls that work its just Windows that does not ship with one by default.

Reasons why with out faults they could not come up with good reasons to update.

Quigs
Posts: 78
Joined: Sat Dec 04, 2004 7:24 am
Location: USA
Contact:

Post by Quigs » Sun Apr 17, 2005 7:02 am

Generally I never understood the point of checking outbound traffic, it'll just tell you that your computer has already been comprimised. Great, you can block it but it doesnt solve the problem.

Best way to protect from viruses is user permissions and a rock solid OS. Could make default "run" even on Admin accounts, be Limited User run. And make people use a special "Run with full permissions". Just an idea.

I really dont like AntiVirus software or Firewalls and would prefer them not included in the core of ReactOS, make a distro with it, but don't force us all to use it.

I've used XP (SP2 fully patched) for several months without a firewall or antivirus software, directly connected to the internet. Course my setup wasnt anywhere near the default, disabled about half of the services and lots of other stuff, but it is possible. MOST to ALL viruses come from user neglect.

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Ok don't understand outbound blocking.

Post by oiaohm » Sun Apr 17, 2005 10:41 am

Its is number one that you don't infect other users.

Number two you get a non internet program and first thing it trys to do is dial home you have a problem. Now you can stop you machine and used a boot disk to fix it or remove the program before it gets to spreed.

MOST to ALL viruses come from user neglect. Not always most times from pirate software or flawed software on systems.(Windows it was the os). One person I know got infected 5 times by pure bad luck threw msn virus before it was detectable by antivirus software or fixed by updates. He was happy I had talked him into a backup and installing the virus scanner. It pick it up late but not too late to fix.

The big problem is malware. I have this nice program try this it will let you do this but it will upload your passwords and bank accounts to me so I can empty your accounts.

Firewall is not a optional its a requirement out going so you can detect malware before it gets your infomation out the door. You have a firewall somewhere but no malware detection so hope you don't keep bank records on that machine.

I guess you would like the other option. Programs must be check once and taged to the os can run it and when taged file cannot be changed without user permission. Stops most viruses dead. Being asking many times to let programs change other programs would be problem. But you still with need to run a firewall to check the program to see what it is trying to connect to.

Virus scanning and firewall enabled by default stops problems advanced users can turn it off the non advanced users are normal the ones that get tricked and there pc's nuked. Is a little better than microsofts. Microsoft networking enabled by default when setup a network when you don't need it. Yep it takes process power too.

Note Disable Virus scanning is a option I don't like but would live with that.

mjs
Posts: 47
Joined: Sat Feb 19, 2005 9:03 pm

Post by mjs » Sun Apr 17, 2005 11:38 am

Quigs wrote:Generally I never understood the point of checking outbound traffic, it'll just tell you that your computer has already been comprimised.
It's especially useful when you (must?) use protocols that rely on broadcast messages.
Quigs wrote:Great, you can block it but it doesnt solve the problem.
Yes ... you'll always have the problem when you use Windows ... the SMB (CIFS) protocol uses broadcast messages but there's no need to reduce your bandwidth with those messages because you don't want to access normal Windows "shared folders" across the internet.

Regards,
Mark

Quigs
Posts: 78
Joined: Sat Dec 04, 2004 7:24 am
Location: USA
Contact:

Post by Quigs » Sun Apr 17, 2005 7:57 pm

because you don't want to access normal Windows "shared folders" across the internet.
so disable it in windows, dont block it using a 3rd party app!

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Hmm it is not a 3rd party app if its intergated.

Post by oiaohm » Mon Apr 18, 2005 5:30 am

Disable is not always a option either.

I have a few cases where file shares exist on Internet linked networks.

The firewall clearly says I will only talk to machines in this IP range if not in this IP range will not even admit that this computer has filesharing(in the form of windows shared folders). And I will only let out going go to the same IP range.

Now you just place the router outside this range and you are fine.

Now you might say we will build this into windows. Can you see advantage to a firewall yet. This provides control over network.

Unix systems have had complete firewall for decades built in by default.

Linux has kept this up. Windows programs don't even need to know that the filewall is there to work with it.

I do aggree if a feature is not required to should be able to be disabled. Ie no network no firewall running would be find.

:?: Can we come to aggreement :?:
All apps/functions must be able to be disabled when not required.

Firewall is not required when there is no network but must be enabled in some form when there is a network. Ie if no firewall registers itself the default firewall is used ie register a firewall disables default so we don't have firewalls on firewalls. All modern firewalls used in windows have to register self. Now some can always build a firewall that does not work if they don't want one.

Clamav enabled by default used to test for incompad parts and viruses that both could cause reactos major problems. Ie someone trying to copy a system dll from windows on in a program install that is know to be a problem reduce problem reports Message Box
"XXXX file has been blocked from being copied into the system due to known problems please see the bug report xxxx. If this has been fixed and updated version produced please update."

The Install scanning of clamav be disabled if not at a user level that can install in the system core.

My pefered default is Inbuilt NAT with out bound application approvel to stop spy and malware but that will take time to devel.

Virus scanning part of clamav able to be disabled if another antivirus is installed. Or if running in account where major damage cannot be done to the system of course with a warning that clamav is being taken off line.

Note even if reactos is binary compad it might not be compad with all antivirus software or we might to want to make it due to having to build in back doors to let them work.

Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests