Security in Windows 7

delphi package - easy access to security apis

Security in Windows 7

Postby c05t4nt1n0 » Sat Apr 23, 2011 4:17 am

hi, I'm developing a anti-malware system for protect users counter IM-WORMS, but this shit applications now are killing my app, deleting registry entries and deleting my modules (.dll) files, i need to protect it and the registry keys, the process I've managed to protect by using a function from ntdll that transforms the process into a critical process, so if it is finalized windows restarts, my problem is protect the files and the reg entryes, you guys can help me plz ? :sorry:
c05t4nt1n0
 
Posts: 1
Joined: Sat Apr 23, 2011 3:51 am

Re: Security in Windows 7

Postby madshi » Sat Apr 23, 2011 6:34 am

Hello,

unfortunately I'm not really an expert with anti-malware development, although there are many (many many) security companies who have licensed my madCodeHook product. I'm just delivering the tools, the security companies are doing the work. So my own knowledge about anti-malware techniques are quite limited.

If the malware kills your app, does it actually *know* your app? Is your app that well known? Maybe a good workaround would be to have your installer choose random directory, file and registry names? Alternatively you could try to protect your stuff by letting only admins have right/delete access to them. But then if the malware is running under admin account, too, that wouldn't help. The best solution might be to install a little filter driver, that should be able to protect your files from being deleted. But then, if the malware has hacked into kernel land, too, maybe that wouldn't help, either. Well, as I said, I'm not really an expert here...
madshi
Site Admin
 
Posts: 9543
Joined: Sun Mar 21, 2004 5:25 pm


Return to madSecurity

Who is online

Users browsing this forum: No registered users and 1 guest