Hunting for "Trojan"

I'm not a virologist, not a specialist on corporate networks protection - normal user, who prefers the computer to work or entertain, but not indefinitely improve the security policy. Like many, I once naively tried to find a universal means to achieve one hundred percent protection for your PC on a "set and forget". By the time realized that this means a possible, got acquainted with a very useful antivirus utility - AVZ , which can be used as a supplement to basic antivirus.

This is just a saying, tale - in front. But first - a few more words about this utility. Due to the large set of managers, processes, services, drivers, extensions, IE and Explorer, open ports etc. AVZ allows efficient manual search destructive files. Study of the principles of utility carried away, forced to read and help ... for months has made a virus scan one of my favorite hobbies. Have you ever found yourself uninvited "beast" somewhere in the wilds folder / system32 / or / Temp /? Believe me - it is no less exciting than the hunt for computer 3D-monsters.

And now - an idea. I am sure this excitement is able to infect many other "ordinary Members area" (in this case, apart from passion, every nick will be quite specific, practical interest: the knowledge and skills to independently ascertain the reasons for the increasing freezes, glitches, slow down your PC, etc. .).

And where there is passion - there is ground for the formation of a new massive online community. Investments can search the antivirus companies atakzhe in large corporate and banking structures, the losses are from virus writers and hackers increasing every year (and light in this tunnel until you see ). But first need to solve two problems:
create an attractive mechanism for participation in the community;
develop for its members an easy to use and intuitive client module.
With the module and begin.

Assembly-disassembly "kiberdvustvolki"

Utilities that allow search viruses, trojans, rootkits, keyloggers and other rubbish by hand - more than enough. But they are usually designed for system administrators, security experts and users with the level of training is much higher than average. Programs such an ideology can not inspire the average nick so much that he spent some efforts on the development help'a and practical skills "hunting" for viruses and Trojans. What is needed is different ideology. In my opinion, it should be at least three points:

1. Intelligent interface. He alone should serve as a hint.

For example, looking at processes, you can immediately see which of them have access to the network (the red light up all processes that use non-standard libraries located in unusual places, etc.). By studying the activity of the network, you can see all network connections with more WhoIs-information as well as using their local processes (this highlights all connections that are non-standard processes, as well as generating an unusual amount, the speed of traffic, frequency of requests and etc.).

Under the hand in one window should always be buttons that allow you to do on the selected file (process connection) all the possible operations:
remove / unload,
stop / break,
send quarantine
distribute antiviral laboratories (text of the letter is generated automatically)
send to the community site
send a file / information "friends" (hunting partners)
send a complaint to your ISP dial-up connection,
find information about a file in the Encyclopedia on the Internet.
I have something missed? Well, yes - the function of "rolling back":).

2. Filtering known safe files. You can not create a productive community, each member will have to reinvent the wheel. The more files, including the need to look for the virus "needle" - the smaller parties would join the community.

In the above-mentioned utility AVZ perfectly implemented filtering of known / unknown processes, services, drivers, libraries, extensions, etc. BHO: green light up the system files that are included in the base of Microsoft, and software files from a database of safe files created by the collective efforts User AVZ and its author, virologist Oleg Zaitsev (users send suspicious files - or simply unrecognized as safe - and developer tools to analyze with the help of multi-technology). Today in the database utilities amassed over one hundred thousand checksums "clean" files. Utility "in the person knows" the vast majority of programs that may be on the computer a user.

A similar decision was posited in the design of our "kiberdvustvolki", not only facilitate the search for viruses, but relatively quick, would minimize the Internet traffic required to send suspicious files.

3. Direct context-sensitive link to the online Encyclopedia of manual search. "However, until the size of Wikipedia allows, it should be built into the tool, constantly updated like signature-based databases, and support the technology hints. And online and offline version of Wikipedia should support the ability to quickly sort records on the grounds of virus activity, how to detect and neutralize viruses.

Encyclopedia should help you not only search for a specific virus, but also the rapid development of:
theory (eg if you suspect that you have caught a worm, you should have an opportunity to call: a short comparative description of all types of virus threats, a more detailed description of the type "network and mail worms", a list of the most dangerous worms, symptoms of their penetration computer and how to identify and a similar list of all known worms, reports on past, current and projected epidemic);
practice (without tying the initiative user program should gently suggest tried and tested by experts and most experienced "hunters" options next steps, as well as simply and clearly explain the purpose of each tool, windows, buttons that are currently manipulated by the user).

The most inexperienced user to close and clear idea to protect your computer. So give the same to him, finally, the ability to fly, without interrupting the production and entertainment, develop protection technology - and yesterday's lamer equals to missionary excitement of a football fan.

So called "vebdvanolny" resource, addressed to "hunting" for viruses, trojans and other computer "piece of code claimed. His visitors are invited to download the client module, which automatically identify your computer all the unknown files (ie not included in the list of known safe) and will forward them to the project.

In the laboratory, each project to send files automatically checked "battery" of several well-known antivirus products (for example Virustotal and other similar Internet services). Suspected hit the quarantined files are automatically sent to check the antivirus lab, whose products are used in the project. Thus, the base of safe files of the project continuously updated (every file to be entered into the database manually checked by staff virologist project). The user automatically receives notification of zavirusovannyh files. And after the next update of the list of unknown files on his computer, compiled by the client program is reduced down to zero.

And here comes the interesting part of the project, which will help make the routine procedure in gambling hunting.

For each added to the database file the user who sent him, receives one point.

For each file is sent, in which test system project has found a malicious code, the user receives, say, three points clear.

If you identify yourself on the computer a suspicious file, and it really would be malware - a user receives, say, seven points.

If a user sends to the Encyclopedia of manually searching for "a detailed description of: where and how he had found the virus, a computer behaves, operating system, applications, led to suspicion, etc. - The user receives, for example, 12 points.

If the user found the virus enters the official list of the most dangerous (according to any known anti-virus company) - the user gets 20 points and status kiberohotnik.

Well, if he first finds a completely new virus - here and hundreds of points, in my opinion, not sorry.

Every hunter opens online personal account: user-info, total number and the dynamics of points in the overall ranking, a list of individual entries in the Encyclopedia, private chat to discuss computer problems experienced the user, personal blog, the comments page visitors, comments comments , photo of your dog in an embrace with a computer, etc ...

Online community created to discuss ways to combat different types of destructive programs, technology, "manual" searching, ways to develop the project in general and anti-virus client in particular, the attribution "kiberohotnikam" status "master" (based on many factors, including the authority , a real help for beginners, etc.).

The overall rating is divided into regional (to become "the first guy in the village" - a good impetus for beginning hunters), but also has an open interface for integration in the future with ratings of other countries.

Over time, the client module can be improved for collective hunting: in a difficult situation you are free to provide remote access to the client interface "kiberohotnikam" and "master", whom you trust. In this mode, you will be easier to fix the problem and gain experience in more advanced "Members area".

You say: over, hackers will be sent to the rating their own viruses, exploding in the master and zombie computers for beginners. Well, first of all, this risk may provide developers of antivirus client. And if it still remain gaps, will speak the collective wisdom of the social network.

Feedback