123
-=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- (c) WidthPadding Industries 1987 0|725|0 -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=-
Socoder -> On Topic -> Virus Proof OS

Mon, 08 Nov 2010, 14:56
Stealth
I was sitting here at work and this idea came to me.

Currently, the filesystem keeps track of the owner and group of any given file. What if a third option to keep track of the creator program was added? This way, if a virus modified files, the system would know exactly which files were tampered with by that program.

On top of that, it would be handy if the OS used spare drive space to store file revisions. If a virus crashes your system, the OS can simply lookup all the files tampered with by that program and restore them with recent file revision history. As you consume more disk space, it will simply start removing older file revision entries.

What do you guys think? Too crazy or would this be a cool idea?

-=-=-
Quit posting and try Google.
Mon, 08 Nov 2010, 15:40
Spare
Idea is cool, just like subversion. But would it be doable to create? I mean, it will take a lot of space to save all those changes. Plus I think the main thing to target as a virus will be that system to restore your files.
Mon, 08 Nov 2010, 15:47
JL235
Virus scanners already do this. They certainly do track which apps are touching which files, I don't know if any keep a history of that data (but it's available if they wanted to). But I do think this would be a good feature to be built into an OS (even if just to help get more information for the user about file usage).

But even with this your OS will still be far from virus proof.
Mon, 08 Nov 2010, 15:49
Stealth
But even with this your OS will still be far from virus proof.


The title is just to get you to click in here and read it ;] Virus proof is a pretty impossible task.

-=-=-
Quit posting and try Google.
Tue, 09 Nov 2010, 02:22
waroffice
not a bad plan but it would be rather slow unless you had SSD drives but they are not the largest of drives and space is of a premium, i would guess the size would spiral out of control even small changes to a file would duplicate it and even if it did only store the change a virus could attack the file revisions.

easiest thing is to avoid downloading things from sites full of adverts and use a bit of common sense. Still always good to have a free AV application running just in case.
Tue, 09 Nov 2010, 07:11
steve_ancell
It's a shame that operating systems aren't designed to just run programs in some kind of a sandbox. Even better, bring back the days of the On/Off switch, that was the driving force behind a nice fresh system every time.
Tue, 09 Nov 2010, 12:36
Stealth
not a bad plan but it would be rather slow unless you had SSD drives but they are not the largest of drives and space is of a premium, i would guess the size would spiral out of control even small changes to a file would duplicate it


I don't think so. It would only be writing the modified parts of the file (one character change would add one character to the disk + file labeling overhead). There would be very little change in disk write since the disk already has to preform these actions when saving. Also, it would simply use spare disk space to store revisions. Once space becomes cramped, it would start purging older content to make room.

and even if it did only store the change a virus could attack the file revisions.


Assuming the OS manufacturer didn't screw this up, it would be implemented at a very deep layer that can't be overridden or messed with. Maybe it could even be a hard drive format that automatically handles this.

-=-=-
Quit posting and try Google.
Tue, 09 Nov 2010, 15:27
JL235
OS's have to write large blocks to disk anyway (due to the minimum block size on a disk) so I agree with Stealth that the overhead would be trivial as it needs to touch the file already to alter the last modified timestamp.

Operating Systems already protect sections of the disk. On Windows you can't permanently alter the kernel, hal, explorer and other critical files whilst it's running (it reverts the files back to their originals). So the OS could trivially prevent apps from altering certain sections of the disk, but only from within the running OS.

No alternate hard disk formats are needed; although having one that supports this and has it in mind will probably be more efficient.
Tue, 09 Nov 2010, 18:03
steve_ancell
I think that if anyone was successful enough to develop a virus-proof OS, one of the major anti-virus organizations would do their best to crush it anyway.
Tue, 09 Nov 2010, 18:16
JL235
As long as there are users there will always be ways to get infected.