Page 1 of 1

Security in Windows 7

Posted: Sat Apr 23, 2011 4:17 am
by c05t4nt1n0
hi, I'm developing a anti-malware system for protect users counter IM-WORMS, but this shit applications now are killing my app, deleting registry entries and deleting my modules (.dll) files, i need to protect it and the registry keys, the process I've managed to protect by using a function from ntdll that transforms the process into a critical process, so if it is finalized windows restarts, my problem is protect the files and the reg entryes, you guys can help me plz ? :sorry:

Re: Security in Windows 7

Posted: Sat Apr 23, 2011 6:34 am
by madshi

unfortunately I'm not really an expert with anti-malware development, although there are many (many many) security companies who have licensed my madCodeHook product. I'm just delivering the tools, the security companies are doing the work. So my own knowledge about anti-malware techniques are quite limited.

If the malware kills your app, does it actually *know* your app? Is your app that well known? Maybe a good workaround would be to have your installer choose random directory, file and registry names? Alternatively you could try to protect your stuff by letting only admins have right/delete access to them. But then if the malware is running under admin account, too, that wouldn't help. The best solution might be to install a little filter driver, that should be able to protect your files from being deleted. But then, if the malware has hacked into kernel land, too, maybe that wouldn't help, either. Well, as I said, I'm not really an expert here...