antivirus creation

how to develop antivirus in c#

Page 1 of 1

11 Replies - 2376 Views - Last Post: 13 September 2010 - 05:53 PM Rate Topic: -----

#1 pawar.sujeet  Icon User is offline

  • New D.I.C Head

Reputation: -4
  • View blog
  • Posts: 1
  • Joined: 11-August 10

antivirus creation

Posted 11 August 2010 - 12:41 PM

Hi I am sujeet
My Question is how to develop antivirus in c#
Is This A Good Question/Topic? -4
  • +

Replies To: antivirus creation

#2 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1632
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: antivirus creation

Posted 11 August 2010 - 12:44 PM

*
POPULAR

I'd like to meet the teacher(s) who thinks its a good idea to assign a project of an anti-virus application in C#/VB.NET, and then slap the taste out of their mouths.

If you have to ask how to do it then more than likely it's way out of your experience level and you should start with something smaller to get used to the language and the overall concepts of OO programming and design. But to create one you'd need:

  • A team of professional programmers
  • A backer with very deep pockets


Those are 2 very important things you need to start with.
Was This Post Helpful? 6
  • +
  • -

#3 Momerath  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 994
  • View blog
  • Posts: 2,380
  • Joined: 04-October 09

Re: antivirus creation

Posted 11 August 2010 - 12:58 PM

Simplistic anti-virus:
1. First time running traverse the directory tree and create a hash value for every file you find.
2. Next time it is run, traverse the tree and compare the new hash you create with the old one, if there is a difference, notify the user.
3. Any new files found, ask the user if they should be added. If yes, hash them and add to your list. Otherwise report it as a 'bad' file.
4. Repeat.
Was This Post Helpful? 2
  • +
  • -

#4 X@MPP  Icon User is offline

  • 僕わ馬鹿ですね?
  • member icon

Reputation: 36
  • View blog
  • Posts: 1,014
  • Joined: 20-February 09

Re: antivirus creation

Posted 11 August 2010 - 01:22 PM

View PostMomerath, on 11 August 2010 - 06:58 PM, said:

Simplistic anti-virus:
1. First time running traverse the directory tree and create a hash value for every file you find.
2. Next time it is run, traverse the tree and compare the new hash you create with the old one, if there is a difference, notify the user.
3. Any new files found, ask the user if they should be added. If yes, hash them and add to your list. Otherwise report it as a 'bad' file.
4. Repeat.

that will not work so well due to the fact that when you edit a file the hash will be different. and due to how much windows and other programs modify files that is a big issue.
Was This Post Helpful? 4
  • +
  • -

#5 tlhIn`toq  Icon User is online

  • Please show what you have already tried when asking a question.
  • member icon

Reputation: 5316
  • View blog
  • Posts: 11,354
  • Joined: 02-June 10

Re: antivirus creation

Posted 11 August 2010 - 02:21 PM

Do a search right here on DIC. There are NUMEROUS people who ask this. This question has been answered MANY times:

It takes a large TEAM of EXPERTS in several fields to build antivirus.
Learn to code.
Learn what a virus is and how they work.
Learn what the other developers have already done to combat them.
Learn what they aren't doing well enough, in order to make your program stand out and be desirable.

Since most AV developers do nothing but AV, that means they have 50+ people working 40 hours a week on it, with a big bank roll behind them.

Best of luck
Was This Post Helpful? 4
  • +
  • -

#6 Momerath  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 994
  • View blog
  • Posts: 2,380
  • Joined: 04-October 09

Re: antivirus creation

Posted 11 August 2010 - 02:59 PM

View PostX@MPP, on 11 August 2010 - 11:22 AM, said:

View PostMomerath, on 11 August 2010 - 06:58 PM, said:

Simplistic anti-virus:
1. First time running traverse the directory tree and create a hash value for every file you find.
2. Next time it is run, traverse the tree and compare the new hash you create with the old one, if there is a difference, notify the user.
3. Any new files found, ask the user if they should be added. If yes, hash them and add to your list. Otherwise report it as a 'bad' file.
4. Repeat.

that will not work so well due to the fact that when you edit a file the hash will be different. and due to how much windows and other programs modify files that is a big issue.

Does the word 'simplistic' confuse you?
Was This Post Helpful? 1
  • +
  • -

#7 Imdsm  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 103
  • View blog
  • Posts: 362
  • Joined: 21-March 09

Re: antivirus creation

Posted 12 August 2010 - 04:34 AM

View PostMomerath, on 11 August 2010 - 01:59 PM, said:

View PostX@MPP, on 11 August 2010 - 11:22 AM, said:

View PostMomerath, on 11 August 2010 - 06:58 PM, said:

Simplistic anti-virus:
1. First time running traverse the directory tree and create a hash value for every file you find.
2. Next time it is run, traverse the tree and compare the new hash you create with the old one, if there is a difference, notify the user.
3. Any new files found, ask the user if they should be added. If yes, hash them and add to your list. Otherwise report it as a 'bad' file.
4. Repeat.

that will not work so well due to the fact that when you edit a file the hash will be different. and due to how much windows and other programs modify files that is a big issue.

Does the word 'simplistic' confuse you?


Not simplistic on it's own, but simplistic put with anti-virus and then those instructions it does.

What you're talking about is a file change watcher, which is great for maybe monitoring a directory. But from what you put it means you have to open up the application again and again to do a scan, and doesn't actually do anything to combat or detect bad apps.

And then, as has been said, it'd probably crash from the number of files that change during a simple computing session.

An anti-virus requires a serious team, serious money and constant updates which means setting up honey traps and then reverse engineering the newest malware.

In other words, this is one of those things that doesn't really have a simple version.
Was This Post Helpful? 0
  • +
  • -

#8 Momerath  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 994
  • View blog
  • Posts: 2,380
  • Joined: 04-October 09

Re: antivirus creation

Posted 12 August 2010 - 05:45 AM

View PostImdsm, on 12 August 2010 - 02:34 AM, said:

What you're talking about is a file change watcher, which is great for maybe monitoring a directory. But from what you put it means you have to open up the application again and again to do a scan, and doesn't actually do anything to combat or detect bad apps.

And what do you think modern virus scanners are doing during their weekly (monthly, whatever time period) scan? They are opening up again and again, looking for bad apps.

Quote

And then, as has been said, it'd probably crash from the number of files that change during a simple computing session.

Again, it was a simplistic version. No one said 'make the ultimate virus scanner on earth that will fix every problem known to mankind'.

Quote

An anti-virus requires a serious team, serious money and constant updates which means setting up honey traps and then reverse engineering the newest malware.

The current method of anti-virus does so, there are other methods that don't require this. Look into white-listing for example.

Quote

In other words, this is one of those things that doesn't really have a simple version.

Everything has a simple version, you just seem to feel that it must be the greatest thing ever and simple at the same time. It doesn't have to be.

Why did you vote down my post? Just because I disagreed with you about letting a child negotiate a contract (that *is* what lawyers are for)?
Maybe you need a new hobby.
Was This Post Helpful? 2
  • +
  • -

#9 Crunch  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 139
  • View blog
  • Posts: 1,222
  • Joined: 28-July 09

Re: antivirus creation

Posted 12 August 2010 - 06:50 AM

I dont think #3 Momerath deserves a -1 reputation. Momerath posted his opinion here. So iam gonna give him a +1.

Just to balance things out. :)
Was This Post Helpful? 2
  • +
  • -

#10 Imdsm  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 103
  • View blog
  • Posts: 362
  • Joined: 21-March 09

Re: antivirus creation

Posted 12 August 2010 - 10:25 AM

View PostCrunch, on 12 August 2010 - 05:50 AM, said:

I dont think #3 Momerath deserves a -1 reputation. Momerath posted his opinion here. So iam gonna give him a +1.

Just to balance things out. :)


Fair enough ;) balance is good!

View PostMomerath, on 12 August 2010 - 04:45 AM, said:

View PostImdsm, on 12 August 2010 - 02:34 AM, said:

What you're talking about is a file change watcher, which is great for maybe monitoring a directory. But from what you put it means you have to open up the application again and again to do a scan, and doesn't actually do anything to combat or detect bad apps.

And what do you think modern virus scanners are doing during their weekly (monthly, whatever time period) scan? They are opening up again and again, looking for bad apps.

Quote

And then, as has been said, it'd probably crash from the number of files that change during a simple computing session.

Again, it was a simplistic version. No one said 'make the ultimate virus scanner on earth that will fix every problem known to mankind'.

Quote

An anti-virus requires a serious team, serious money and constant updates which means setting up honey traps and then reverse engineering the newest malware.

The current method of anti-virus does so, there are other methods that don't require this. Look into white-listing for example.

Quote

In other words, this is one of those things that doesn't really have a simple version.

Everything has a simple version, you just seem to feel that it must be the greatest thing ever and simple at the same time. It doesn't have to be.

Why did you vote down my post? Just because I disagreed with you about letting a child negotiate a contract (that *is* what lawyers are for)?
Maybe you need a new hobby.


First of all, I have to recommend you calm down a little. I'm simply pointing out the flaws which is what I'd expect from people if I posted something flawed. Without criticism, how can anyone ever hope to improve?

Moving on, modern anti-viruses consist of many different components (just like any modern suite does), and what you posted was only a single component. Which is fair enough, but if you're showing someone a simple website, you would show them a tag or two, a bit of syntax, and then put some text in, maybe a picture. You would mix a few things up and take a bit from each. If you're making a simple web server, you would make a simple one socket loop, parse only a get request, and simply send back a response. If you're going to make a simple anti-virus, then it has to work like an anti-virus, and have every component, even if they are only small simple bits jury rigged into something functional.

You have the grasp of one part of it, but on it's own it's like a guard dog that stands there just gawping at the intruder..

And as for the reference to the previous reputation, it's nothing personal, so keep your slippers on.

View PostMomerath, on 12 August 2010 - 04:45 AM, said:

And what do you think modern virus scanners are doing during their weekly (monthly, whatever time period) scan? They are opening up again and again, looking for bad apps.


This != what you suggested, you suggested changed files, this suggests actually identifying malevolent files. :)
Was This Post Helpful? 0
  • +
  • -

#11 tlhIn`toq  Icon User is online

  • Please show what you have already tried when asking a question.
  • member icon

Reputation: 5316
  • View blog
  • Posts: 11,354
  • Joined: 02-June 10

Re: antivirus creation

Posted 12 August 2010 - 10:50 AM

I am now unsubscribing from this childish nonsense.
Was This Post Helpful? 3
  • +
  • -

#12 Guest_JoeyMagz*


Reputation:

Re: antivirus creation

Posted 13 September 2010 - 05:53 PM

It's not as hard as they're all making it out to be and you will not need "TEAMS AND TEAMS OF SUPER AMAZING PROGRAMMERS" to help you out with this, although it will take one person with novice programming knowledge and the ability to learn on the fly a good amount of time; maybe three or four months if they're dedicated. Make the program in steps to make it easier on yourself. Keep in mind the steps below will only guide you to produce a very basic virus scanner that will most likely be very slow/inefficient, but a virus scanner nonetheless.

Step 1: Create a program that finds every file on specific folders, one hard drive, or the entire computer.
Step 2: Add a database or cache file to store the file locations and if they have a virus or not and what the virus signature is.
Step 3: Add a file to hex converter to the current program. This must convert the entire contents of the files to hexadecimal.
Step 4: Get virus signatures. You can find virus signatures free on the web already converted to be usable in a program.
Step 5: Add comparison between file hex and virus signature hex to your program. This must take a file and then compare it's hex to all of the virus signatures.
Step 6: If a file contains any virus signature mark it as such in the database or cache file.
Step 7: Display infected files to the user.
Step 8: Create and/or optimize your GUI.

Like I said earlier, this will guide you through the creation process of a virus scanner and it will not be very efficient. The main reason it will be slow is because it is comparing the entire contents of files to virus signatures rather than set places within files to the virus signatures. That is a little more in depth and the place in which a virus signature can be found within a file really depends on the virus; some leave their signature before the file, some after, some even leave the signature somewhere in the middle. Also, keep in mind this is a virus scanner, not a virus removal tool. That is much harder to program, but can be added to your virus scanner once you gain that knowledge.
Was This Post Helpful? 0

Page 1 of 1