2008/5/22 Dave Warren <[EMAIL PROTECTED]>: > In message <[EMAIL PROTECTED]> > "Cuchuk Sergey" <[EMAIL PROTECTED]> > wrote: > > >viruses or warms often use binaries or executables - so when we're > >protecting them from changing(or asking for comfirmation of user for > >program(for example installers can overwrite them)) we're protecting data > >from viruses > > It's a great idea -- In fact, so great that every modern operating > system has a robust set of file system permissions already included > which can do exactly what you want. > > In the Windows environment, simply don't use an administrator account > all the time and executables installed in correct locations cannot be > modified. > -- > Dave Warren, [EMAIL PROTECTED] > Office: (403) 775-1700 / (888) 300-3480 > > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32 >
> It's a great idea -- In fact, so great that every modern operating > system has a robust set of file system permissions already included > which can do exactly what you want. > In the Windows environment, simply don't use an administrator account > all the time and executables installed in correct locations cannot be > modified. Yes that's right. I use this feature. But i'm a developer and design some kind of software at home(including creating of installation packets). There were about 6 times during last 2 years when i have to search all *.exe and *.dll in my work disk partition and delete them, because of viruses. Now i'm doing things in the next way: when i get a software packet - i'm zipping it, when i'm stopping developing something - i'm changing permission for myself to provide read-only access. Yes of course it's a decision - but is it convinient? So i propose a thing that when something tries to modify *.exe or *.dll software shield should create window for user with alert: to allow or not to allow for this process to alter binaries. If Yes, shield should ask user wheather to always allow for this software to change it or not. If yes anitivirus should save md5 summ of process it's name and location Also as i'm a user i don't make updates. When I wan't to update something i run process with administrator's privileges. Not as user For Linux i don't know but i think there's analog situation. Also I discovered that some processes tries to load their libraries in explorer by configuring my registry key(of couse with user privileges) So maybe it's good to disallow altering such registry keys (or allowing this with making notification for user) Best regards, Siarhei Kuchuk ----------------------------------------- ICQ: 376562952 [EMAIL PROTECTED] [EMAIL PROTECTED] CONFIDENTIALITY CAUTION AND DISCLAIMER This message is intended only for the use of the individual(s) or entity(ies) to which it is addressed and contains information that is legally privileged and confidential. If you are not the intended recipient, or the person responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. All unintended recipients are obliged to delete this message and destroy any printed copies. _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
