25 replies to this topic

[FoxData]

Fox Anti-Virus 1.01

About

Spoiler

Fox Anti-Virus is my first ever computercraft program.
It removes 1 type of virus but it will soon remove more

Download

Spoiler

pastebin get 6vz3NrHZ anti-virus

How to install

Spoiler

Installing is easy. Just copy it to a floppy as "startup" and put it in a chest somewhere and forget about it

Computer compatibility

Spoiler

Basic Computer - X
Advanced Computer - C
Command Computer - X

How to use

Spoiler

Put disk in drive
reboot
fox anti-virus will do the rest for you
remove disk
reboot

Known bugs

Spoiler

1: false positives - may delete legit startup files
2: Boot-loop occurs until disk is removed

Virus List

Spoiler

Virus.CraftOS.Bootbrick

[Admicos]

Please note that this will also remove custom startup files.

You can use MD5 hashes to check if the startup is infected.

[LeDark Lua]

This is basic, I would suggest getting a virus like:

local tempOsPullEvent = os.pullEvent
local tempOsPullEventRaw = os.pullEventRaw
local fsOpen = fs.open
local fsDel = fs.delete
--Switch them
function os.pullEvent( ... )
   return tempOsPullEventRaw( ... )
end
function os.pullEventRaw( ... )
   return tempOsPullEvent( ... )
end
function fs.open( ... )
   fsDel( ... )
   return nil
end
function fs.delete( ... )
   return fsOpen( ... )
end

Then checking every file in the computer and if it finds it, remove the file, or remove the code from the file, or contaminate it.
If it found >50% of this kind of code: Contaminate
If it found >80% of this code: remove it.

Edited by LeDark Lua, 14 January 2016 - 08:59 PM.

[FoxData]

Admicos, on 14 January 2016 - 08:49 PM, said:

Please note that this will also remove custom startup files.

You can use MD5 hashes to check if the startup is infected.

Hi. I know that this will remove custom startup files. I will do some kind of md5 system when i learn how to do it.

[Ajt86]

Be careful because it is possible to write a virus that infects disks (I've done it before for demonstrational purposes).

To avoid this, you'll want to shutdown (Ctrl + S), insert the disk, and start the computer.
Otherwise, some viruses might infect the disk.

[FoxData]

Ajt86, on 14 January 2016 - 09:10 PM, said:

Be careful because it is possible to write a virus that infects disks (I've done it before for demonstrational purposes).

To avoid this, you'll want to shutdown (Ctrl + S), insert the disk, and start the computer.
Otherwise, some viruses might infect the disk.

Hi. I wrote this with the basic shutdown virus in mind. If any new types of viruses come round i will try to add them in to the anti-virus. I don't know but i think you can also get a rednet virus.

[Lemmmy]

This is pure gold. I don't even know anymore, this community just....



Lyqyd please save me.

[Kronix]

This is a nice little concept, but unfortunately it's been done a few hundred thousand times before you. I would suggest removing the fake loading screens and add something that makes your anti-virus unique.

[FoxData]

Kronix, on 15 January 2016 - 02:55 AM, said:

This is a nice little concept, but unfortunately it's been done a few hundred thousand times before you. I would suggest removing the fake loading screens and add something that makes your anti-virus unique.

The reason for the fake loading screens is because it will just stay on the screen for like 00.2 seconds. "add something that makes your anti-virus unique." I have been thinking about doing a system there it moves the virus to a folder named "viruses" and renames it to a .vir

[Lemmmy]

Why does your code have so many unnecessary newlines?

FoxData, on 15 January 2016 - 12:44 PM, said:

The reason for the fake loading screens is because it will just stay on the screen for like 00.2 seconds. "add something that makes your anti-virus unique." I have been thinking about doing a system there it moves the virus to a folder named "viruses" and renames it to a .vir

You could just make it not clear the screen and simply print to the current running term. Then there's no need for a fake loading screen. Also, your thing will just remove any startup file...those are more often than not not a virus. Your antivirus is technically incompatible with every OS ever.

Edited by Lemmmy, 15 January 2016 - 04:02 PM.

[Creator]

Writing an anti-virus is never easy since there are so many ways to write the same thing. For example:

fs.delete
fs["delete"]
del = "delete"
fs[del]
fs["del".."ete"]

Also, you should rather write a sandbox that catches theses function calls.

The source code expects the code to continue right from where it left off after rebooting. It does not, it starts over.

[Lemmmy]

The simplest virus detection is having a virus database and checking the hash/filesize/contents of all files on the computer against said database. It's extremely simple, but will never catch all. Deleting all startup files is not a good solution, as it will only inconvenience your users.

Creator, on 15 January 2016 - 04:14 PM, said:

The source code expects the code to continue right from where it left off after rebooting. It does not, it starts over.

Yeah his code is super stupid.

Edited by Lemmmy, 15 January 2016 - 04:18 PM.

[Creator]

Lemmmy, on 15 January 2016 - 04:17 PM, said:

The simplest virus detection is having a virus database and checking the hash/filesize/contents of all files on the computer against said database. It's extremely simple, but will never catch all. Deleting all startup files is not a good solution, as it will only inconvenience your users.

The hash wouls change by adding a " " in the end of the file. The virus could then generate a random number of " " 's and add them in the end.

[Lemmmy]

term.setCursorPos(1,1)
--# unnecessary newline
term.clear() --# unnecessary clear, you literally clear right after this
--# unnecessary newline
term.setBackgroundColor(  colors.lightBlue  ) --# why the double spaces in parentheses? keep your code style consistent please
--# unnecessary newline
term.clear()

local var1 = "Welcome to Fox Anti-Virus V1.01" --# unnecessary var, or at least name it better
local var2 = "Virus Removed" --# unnecessary var, or at least name it better
--# unnecessary newline
local var3 = "No Virus Detected" --# unnecessary var, or at least name it better
--# newline here for cleanness
textutils.slowPrint(var1)

sleep(3) --# why wait here? you're giving the virus precious time to execute ;)/>)))))))))

if fs.exists("startup")
--# unnecessary newline
then --# why is this on a new line?????????????????????????????????????????????????????
fs.delete("startup") --# ...why? also please indent this
--# unnecessary newline
textutils.slowPrint(var2) --# please indent this

sleep(3) --# also don't use sleep it's stupid
os.reboot() --# NOTHING AFTER THIS LINE EXECUTES.
fs.move("/disk/startup", "/disk/anti-virus") --# please indent this
--# unnecessary newline
else
textutils.slowPrint(var3) --# please indent this also stop using stupidly named vars

sleep(3) --# stop sleeping
os.reboot() --# why do you even reboot twice this code doesn't get executed

fs.move("/disk/startup", "/disk/anti-virus")
--# undncselky nkl.rgei omg

end --# thank god

Anyway, the main problem here is that you are calling `os.reboot()`. When you call this, no code after it will be executed. Of course, you should still place `end` to prevent a syntax error. It is up to you to restructure your program to fix this, we're not here to write your code for you.

Creator, on 15 January 2016 - 04:19 PM, said:

The hash wouls change by adding a " " in the end of the file. The virus could then generate a random number of " " 's and add them in the end.

Trim/minify the file.

Edited by Lemmmy, 15 January 2016 - 04:33 PM.

[FoxData]

Lemmmy, on 15 January 2016 - 04:31 PM, said:

term.setCursorPos(1,1)
--# unnecessary newline
term.clear() --# unnecessary clear, you literally clear right after this
--# unnecessary newline
term.setBackgroundColor(  colors.lightBlue  ) --# why the double spaces in parentheses? keep your code style consistent please
--# unnecessary newline
term.clear()

local var1 = "Welcome to Fox Anti-Virus V1.01" --# unnecessary var, or at least name it better
local var2 = "Virus Removed" --# unnecessary var, or at least name it better
--# unnecessary newline
local var3 = "No Virus Detected" --# unnecessary var, or at least name it better
--# newline here for cleanness
textutils.slowPrint(var1)

sleep(3) --# why wait here? you're giving the virus precious time to execute ;)/>/>/>)))))))))

if fs.exists("startup")
--# unnecessary newline
then --# why is this on a new line?????????????????????????????????????????????????????
fs.delete("startup") --# ...why? also please indent this
--# unnecessary newline
textutils.slowPrint(var2) --# please indent this

sleep(3) --# also don't use sleep it's stupid
os.reboot() --# NOTHING AFTER THIS LINE EXECUTES.
fs.move("/disk/startup", "/disk/anti-virus") --# please indent this
--# unnecessary newline
else
textutils.slowPrint(var3) --# please indent this also stop using stupidly named vars

sleep(3) --# stop sleeping
os.reboot() --# why do you even reboot twice this code doesn't get executed

fs.move("/disk/startup", "/disk/anti-virus")
--# undncselky nkl.rgei omg

end --# thank god

Anyway, the main problem here is that you are calling `os.reboot()`. When you call this, no code after it will be executed. Of course, you should still place `end` to prevent a syntax error. It is up to you to restructure your program to fix this, we're not here to write your code for you.

Creator, on 15 January 2016 - 04:19 PM, said:

The hash wouls change by adding a " " in the end of the file. The virus could then generate a random number of " " 's and add them in the end.

Trim/minify the file.

Hi. Thanks for telling me all the mistakes i did (after all i am new to lua).
As for this part of the program

Quote

fs.move("/disk/startup", "/disk/anti-virus")
--# undncselky nkl.rgei omg

Its an attempt to stop a boot loop.

And as for version 2 i will be starting development tonight at 9:01pm...

Edited by FoxData, 15 January 2016 - 04:50 PM.

[Lemmmy]

No, you see, that line of code won't prevent a boot loop. This is because it never gets called. You know why? Because os.reboot() ends the code. Because it reboots the computer.

[3d6]

I think it was a good idea for you to make this program. It's explicitly good-willed (being an antivirus program intended to help people) and has potential to become something nice if you choose to keep working on it. If not, then you've probably gotten better at CC by making what you did so far anyways.

I'd suggest searching all files on the computer for certain strings that are known to be in malware. Like a chunk of Lua code. That way you can try to eliminate specific disruptive programs.

[LeDark Lua]

3d6, on 16 January 2016 - 12:56 AM, said:

I think it was a good idea for you to make this program. It's explicitly good-willed (being an antivirus program intended to help people) and has potential to become something nice if you choose to keep working on it. If not, then you've probably gotten better at CC by making what you did so far anyways.

I'd suggest searching all files on the computer for certain strings that are known to be in malware. Like a chunk of Lua code. That way you can try to eliminate specific disruptive programs.

Yup, hes right!

[Ajt86]

I would instead suggest running the program in a sandboxed environment to see what it does, and if it appears to be malicious, (re)move it.

Anti-viruses are also a lot less useful since 1.76 simply because you can protect yourself against them now if you have a secure system.

[Kronix]

Ajt86, on 17 January 2016 - 01:01 PM, said:

I would instead suggest running the program in a sandboxed environment to see what it does, and if it appears to be malicious, (re)move it.

Anti-viruses are also a lot less useful since 1.76 simply because you can protect yourself against them now if you have a secure system.

As far as I'm aware, there has been no change to make systems "secure". Unless something has been changed with disk drives there is no way to secure a system.