Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Malware Assistance Tool Idea


  • Please log in to reply
1 reply to this topic

#1 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 02 July 2014 - 09:25 PM

For studying I am working on a program that I dub Rejectr.

 

Rejectr is a malware removal platform that can load tools or plugins to assist in the removal of malware. The platform is written in C#.

 

The platform works as follows:

 

  • There is a plugin interface that each plugin must branch from.
    • The interface contains methods to check for infection and to fix the infections.
  • In another API are native functions that can aid a plugin writer to easily perform malware removal tasks such as brute force methods to end a process or delete files etc.
  • The platform is designed to allow updates to these tools automatically all from the interface.
  • The platform contains various methods to unblock itself from running.
  • It is set to be open sourced and hosted with it and all the free plugins on donations alone. This would be a free software

My questions and thoughts are is or would anyone be interested in writing an exploit fix or malware removal tool as a plugin for this platform?

Any comments are greatly appreciated. 


"Imagine a world without malware"


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:42 PM

Posted 03 July 2014 - 06:25 PM

Anything based in C# is probably a bad idea -- too easy for malware to break the CLR if they want to break your tool. Your platform can't unblock itself from running if the CLR can't start in the first place.

What you'd have to answer in this case is: why does someone want to use and tie themselves to such a platform? Someone who wants to develop tools is tying their work to your frontend, and they're not going to accept that loss of flexibility without some serious benefit.

The "big boy" AV companies have mechanisms that allow multiple rules to run at the same time on an input -- if an AV had to call some function for each of the millions and millions of infections they look for for each file of input, they'd be unusably slow -- you'll probably need to find things in common for your bits beyond an entry point here.

Take this from someone who has failed on more than one project due to overengineering things -- start writing little tools that target specific things. When you have experience doing this you can consider looking for commonalities and developing a platform.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users