possible solution against spreading worms/virii - 13/12/03 09:26 PM
Hi there,
I have an idea how to stop all .ini based worms/virii/backdoors:
It's able to block all DCC operations. It is also already able to block /run and /dll operations.
How about adding an option for blocking socket operations (most scripts doesn't use them) and file operations by default? The User would just have to activate them if he needs 'em. And I say, who activates such functions, that person (at least should) knows what (s)he does.
"Okay, man ... most virii just overwrite the .ini file. That wouldn work for a protection of getting infected. The virii will make new settings and same as before..."
Not quite. A possible, but very effective way to prevent worms/virii to activate locked functions would be this: Grab the serial number of the hard disk/partition (see checkdisk) and encrypt it with a good key. Maybe also with a second registry key. Worm/Virii programmers will search a very long time for a solution.
"With this, you would lock out 'normal' scripts from being loaded." - That's not quite true. The user could activate those functions in the options with one single mouse click and all would work like before.
What if mirc finds an ini file what isn't conform? Well, mirc would enable the lock for such options. The user would have an option in the options menu to import (maybe backuped) files or ready-made scripts.
Is that an idea?
I have an idea how to stop all .ini based worms/virii/backdoors:
It's able to block all DCC operations. It is also already able to block /run and /dll operations.
How about adding an option for blocking socket operations (most scripts doesn't use them) and file operations by default? The User would just have to activate them if he needs 'em. And I say, who activates such functions, that person (at least should) knows what (s)he does.
"Okay, man ... most virii just overwrite the .ini file. That wouldn work for a protection of getting infected. The virii will make new settings and same as before..."
Not quite. A possible, but very effective way to prevent worms/virii to activate locked functions would be this: Grab the serial number of the hard disk/partition (see checkdisk) and encrypt it with a good key. Maybe also with a second registry key. Worm/Virii programmers will search a very long time for a solution.
"With this, you would lock out 'normal' scripts from being loaded." - That's not quite true. The user could activate those functions in the options with one single mouse click and all would work like before.
What if mirc finds an ini file what isn't conform? Well, mirc would enable the lock for such options. The user would have an option in the options menu to import (maybe backuped) files or ready-made scripts.
Is that an idea?