Jump to content




Malicious Code Protection?


16 replies to this topic

#1 Pth1515

  • Members
  • 23 posts
  • LocationIn A Computer

Posted 06 December 2016 - 12:41 AM

So, for fun, on my singleplayer world, I created a : "virus". It works really well, not sure if as well on the latest version, but i'll get to the points. 1. I think ROM files should be prioritzied over computer files.(The "virus" exploits this) 2. For some reason, when I terminate it, it reboots afterwards. 3. The computer startup is prioritized over the disk - nevermind - just realized command computers don't take disk input by default.
EDIT: So anyways, here's my code for you to examine.
http://pastebin.com/kVH61sLb

Edited by Pth1515, 06 December 2016 - 01:04 AM.


#2 Anavrins

  • Members
  • 775 posts

Posted 06 December 2016 - 01:27 AM

This kind of virus is very easy to get rid of anyway, a disk with a startup file in it is enough to recover your files, the real issue with viruses in CC is those that actually damages your file contents, whether it deletes them, obfuscate or encrypt them, in which case they are not recoverable.

#3 Pth1515

  • Members
  • 23 posts
  • LocationIn A Computer

Posted 06 December 2016 - 01:41 AM

But who knows? A CC noob could be easily dumbfounded and not know how to remove it.

#4 Bomb Bloke

    Hobbyist Coder

  • Moderators
  • 7,099 posts
  • LocationTasmania (AU)

Posted 06 December 2016 - 07:50 AM

You could do far more damage to a player's setup with a pickaxe than you could with most any sort of code. Any user who values their files has plenty of methods with which to back them up.

Anyway:

1) That'd be cutting off your nose to spite your face. The only way to make a computer "unhackable by default" would be to make it "unusable by default"... which would leave the mod pretty pointless.

2) You can only terminate a script while it's yielding, and this one never does. Once it's finished executing (which happens nearly immediately) you're returned to the regular shell - so presumably you're terminating that, which will indeed shut your system down.

3) Worst comes to worst, most any computer can be placed into a disk drive for cleaning via an external system. Not that you'd even need to do that to undo your script's actions.

At the end of the day, the problem doesn't lie in the code so much as it lies with you, the griefer.

#5 EveryOS

  • Members
  • 570 posts
  • LocationOver there ->

Posted 06 December 2016 - 12:09 PM

I'm making a Nandton antivirus. It won't stop grievers, but it will prevent you from accidently bricking your command computer or accidently removing your filesystem

Edited by EveryOS, 06 December 2016 - 12:13 PM.


#6 Sewbacca

  • Members
  • 450 posts
  • LocationStar Wars

Posted 06 December 2016 - 04:16 PM

View PostEveryOS, on 06 December 2016 - 12:09 PM, said:

I'm making a Nandton antivirus. It won't stop grievers, but it will prevent you from accidently bricking your command computer or accidently removing your filesystem

Hmmm....
Erm....
Wait what? An antivirus system?
I thought a few days ago to code one, but there are some reasons against that:
  • No one post any viruses on computercraft (and if they do they are stupid)
  • Oh, you know that i can write rom/programs/edit to not using your edit?
  • Too much effort for too less products.
  • How coding a antivirus system?
  • Do I hash all 'good programs'?
  • Or should i search for malicios software?
  • Or should i scan files.
  • If i do so, then how could i detect malicios software?
  • For example:
  • os.pullEvent = couroutine.yield
  • while coroutine.yield() do print('No!') end
  • He could program a login screen.
  • And what is with binaries?
  • Okay, you could use a custom environment, but why should i do that? Who could attack my computer?
  • Is it not much easier to build bedrock or obsidian arround my computer?
  • Okay the best argument is, it is fun. If you have fun then don't stop writing on an antivirus.

Edited by Sewbacca, 06 December 2016 - 04:17 PM.


#7 H4X0RZ

  • Members
  • 1,315 posts
  • LocationGermany

Posted 06 December 2016 - 10:13 PM

<p>

View PostSewbacca, on 06 December 2016 - 04:16 PM, said:

View PostEveryOS, on 06 December 2016 - 12:09 PM, said:

I'm making a Nandton antivirus. It won't stop grievers, but it will prevent you from accidently bricking your command computer or accidently removing your filesystem

Hmmm....
Erm....
Wait what? An antivirus system?
I thought a few days ago to code one, but there are some reasons against that:
  • No one post any viruses on computercraft (and if they do they are stupid)
  • Oh, you know that i can write rom/programs/edit to not using your edit?
  • Too much effort for too less products.
  • How coding a antivirus  system?
  • Do I hash all 'good programs'?
  • Or should i search for malicios software?
  • Or should i scan files.
  • If i do so, then how could i detect malicios software?
  • For example:
  • os.pullEvent = couroutine.yield
  • while coroutine.yield() do print('No!') end
  • He could program a login screen.
  • And what is with binaries?
  • Okay, you could use a custom environment, but why should i do that? Who could attack my computer?
  • Is it not much easier to build bedrock or obsidian arround my computer?
  • Okay the best argument is, it is fun. If you have fun then don't stop writing on an antivirus.

Depends on the type of AV you want to build: there are passive and active ones. The passive ones scan files (the simplest ones just compare hashes, more advanced ones check for partial equality with known parts of viruses etc. AFAIK). Active AVs detect the stuff a program tries to do while it runs, checking for malicious intend.This actually made me think of a good use for the "new" setting which allows you to disable automatic booting from a disk: on startup a "permission" system, similar to the one Android uses, is injected into the computer. Then it will continue the boot sequence like normal (with disks). That way you could control the program without having to worry about some AV not picking up some virus. If the computer messes up it's the users fault.

Edited by H4X0RZ, 06 December 2016 - 10:15 PM.


#8 EveryOS

  • Members
  • 570 posts
  • LocationOver there ->

Posted 07 December 2016 - 12:08 PM

Mines an active antivirus
Whenever the code attempts to run a malicous code, it verifies wit the user.

#9 H4X0RZ

  • Members
  • 1,315 posts
  • LocationGermany

Posted 07 December 2016 - 07:10 PM

View PostEveryOS, on 07 December 2016 - 12:08 PM, said:

Mines an active antivirus
Whenever the code attempts to run a malicous code, it verifies wit the user.

There is no malicious code per se. You can check filesystem changes themselves, or modifications to the global environment though.

#10 EveryOS

  • Members
  • 570 posts
  • LocationOver there ->

Posted 07 December 2016 - 08:38 PM

My goal is to prevent bricking of a command os
Also to prevent unwanted formatting of cpu

#11 Pth1515

  • Members
  • 23 posts
  • LocationIn A Computer

Posted 08 December 2016 - 12:17 AM

View PostEveryOS, on 06 December 2016 - 12:09 PM, said:

I'm making a Nandton antivirus. It won't stop grievers, but it will prevent you from accidently bricking your command computer or accidently removing your filesystem
I'm not sure how this would be done, but you could sandbox a shell inside the program, and monitor its activites. Perhaps if a virus activates, it would be sandboxed too, it would scan for any bad code(such as changing name to or copying to startup) and quarantine it?

#12 Sewbacca

  • Members
  • 450 posts
  • LocationStar Wars

Posted 12 December 2016 - 09:12 PM

View PostPth1515, on 08 December 2016 - 12:17 AM, said:

View PostEveryOS, on 06 December 2016 - 12:09 PM, said:

I'm making a Nandton antivirus. It won't stop grievers, but it will prevent you from accidently bricking your command computer or accidently removing your filesystem
I'm not sure how this would be done, but you could sandbox a shell inside the program, and monitor its activites. Perhaps if a virus activates, it would be sandboxed too, it would scan for any bad code(such as changing name to or copying to startup) and quarantine it?
  • Sandboxing
  • Scanning files
  • protect unterminateable code
  • live sandboxing (using metatables)


#13 CrazedProgrammer

  • Members
  • 495 posts
  • LocationWageningen, The Netherlands

Posted 12 December 2016 - 10:40 PM

The only true way to prevent malicious programs from doing harm is to do a complete sandbox.

#14 thecrimulo

  • Members
  • 87 posts
  • Locationhere

Posted 15 December 2016 - 06:10 PM

View PostH4X0RZ, on 06 December 2016 - 10:13 PM, said:

<p>

View PostSewbacca, on 06 December 2016 - 04:16 PM, said:

View PostEveryOS, on 06 December 2016 - 12:09 PM, said:

I'm making a Nandton antivirus. It won't stop grievers, but it will prevent you from accidently bricking your command computer or accidently removing your filesystem

Hmmm....
Erm....
Wait what? An antivirus system?
I thought a few days ago to code one, but there are some reasons against that:
  • No one post any viruses on computercraft (and if they do they are stupid)
  • Oh, you know that i can write rom/programs/edit to not using your edit?
  • Too much effort for too less products.
  • How coding a antivirus system?
  • Do I hash all 'good programs'?
  • Or should i search for malicios software?
  • Or should i scan files.
  • If i do so, then how could i detect malicios software?
  • For example:
  • os.pullEvent = couroutine.yield
  • while coroutine.yield() do print('No!') end
  • He could program a login screen.
  • And what is with binaries?
  • Okay, you could use a custom environment, but why should i do that? Who could attack my computer?
  • Is it not much easier to build bedrock or obsidian arround my computer?
  • Okay the best argument is, it is fun. If you have fun then don't stop writing on an antivirus.

Depends on the type of AV you want to build: there are passive and active ones. The passive ones scan files (the simplest ones just compare hashes, more advanced ones check for partial equality with known parts of viruses etc. AFAIK). Active AVs detect the stuff a program tries to do while it runs, checking for malicious intend.This actually made me think of a good use for the "new" setting which allows you to disable automatic booting from a disk: on startup a "permission" system, similar to the one Android uses, is injected into the computer. Then it will continue the boot sequence like normal (with disks). That way you could control the program without having to worry about some AV not picking up some virus. If the computer messes up it's the users fault.

Actually, with some self-promotion, You can put the permission system on a GBios custom pack or /vmgalaxi (it wouldn't really matter), and it would run before anything else. This is a good use for GBios as a Computer Recovery pack, because if the virus writes itself to /startup, and it disables disk startup from that script, there is no way you can fix it with a disk. Assuming no files are damaged, only that the shell is unaccessible and you cannot terminate /startup, you can put an empty GBios release without autoroot for automatically booting into a rescue shell, there you can delete the file and go back to normal.

Real efficient antivirus should be incrusted in ROM because of this, you can avoid viruses that brick your computer just by overwriting /startup and disabling disk statrtup.

#15 H4X0RZ

  • Members
  • 1,315 posts
  • LocationGermany

Posted 15 December 2016 - 11:03 PM

View Postthecrimulo, on 15 December 2016 - 06:10 PM, said:

View PostH4X0RZ, on 06 December 2016 - 10:13 PM, said:

<p>

View PostSewbacca, on 06 December 2016 - 04:16 PM, said:

View PostEveryOS, on 06 December 2016 - 12:09 PM, said:

I'm making a Nandton antivirus. It won't stop grievers, but it will prevent you from accidently bricking your command computer or accidently removing your filesystem

Hmmm....
Erm....
Wait what? An antivirus system?
I thought a few days ago to code one, but there are some reasons against that:
  • No one post any viruses on computercraft (and if they do they are stupid)
  • Oh, you know that i can write rom/programs/edit to not using your edit?
  • Too much effort for too less products.
  • How coding a antivirus  system?
  • Do I hash all 'good programs'?
  • Or should i search for malicios software?
  • Or should i scan files.
  • If i do so, then how could i detect malicios software?
  • For example:
  • os.pullEvent = couroutine.yield
  • while coroutine.yield() do print('No!') end
  • He could program a login screen.
  • And what is with binaries?
  • Okay, you could use a custom environment, but why should i do that? Who could attack my computer?
  • Is it not much easier to build bedrock or obsidian arround my computer?
  • Okay the best argument is, it is fun. If you have fun then don't stop writing on an antivirus.

Depends on the type of AV you want to build: there are passive and active ones. The passive ones scan files (the simplest ones just compare hashes, more advanced ones check for partial equality with known parts of viruses etc. AFAIK). Active AVs detect the stuff a program tries to do while it runs, checking for malicious intend.This actually made me think of a good use for the "new" setting which allows you to disable automatic booting from a disk: on startup a "permission" system, similar to the one Android uses, is injected into the computer. Then it will continue the boot sequence like normal (with disks). That way you could control the program without having to worry about some AV not picking up some virus. If the computer messes up it's the users fault.

Actually, with some self-promotion, You can put the permission system on a GBios custom pack or /vmgalaxi (it wouldn't really matter), and it would run before anything else. This is a good use for GBios as a Computer Recovery pack, because if the virus writes itself to /startup, and it disables disk startup from that script, there is no way you can fix it with a disk. Assuming no files are damaged, only that the shell is unaccessible and you cannot terminate /startup, you can put an empty GBios release without autoroot for automatically booting into a rescue shell, there you can delete the file and go back to normal.

Real efficient antivirus should be incrusted in ROM because of this, you can avoid viruses that brick your computer just by overwriting /startup and disabling disk statrtup.

I still don't see how using that /vmgalaxi file has any advantages over a TLCO (other than the simpler use after installing it). You can recover the files just fine. Just put the computer into a disk drive and you can edit the files.

#16 thecrimulo

  • Members
  • 87 posts
  • Locationhere

Posted 16 December 2016 - 07:10 PM

View PostH4X0RZ, on 15 December 2016 - 11:03 PM, said:

View Postthecrimulo, on 15 December 2016 - 06:10 PM, said:

View PostH4X0RZ, on 06 December 2016 - 10:13 PM, said:

<p>

View PostSewbacca, on 06 December 2016 - 04:16 PM, said:

View PostEveryOS, on 06 December 2016 - 12:09 PM, said:

I'm making a Nandton antivirus. It won't stop grievers, but it will prevent you from accidently bricking your command computer or accidently removing your filesystem

Hmmm....
Erm....
Wait what? An antivirus system?
I thought a few days ago to code one, but there are some reasons against that:
  • No one post any viruses on computercraft (and if they do they are stupid)
  • Oh, you know that i can write rom/programs/edit to not using your edit?
  • Too much effort for too less products.
  • How coding a antivirus system?
  • Do I hash all 'good programs'?
  • Or should i search for malicios software?
  • Or should i scan files.
  • If i do so, then how could i detect malicios software?
  • For example:
  • os.pullEvent = couroutine.yield
  • while coroutine.yield() do print('No!') end
  • He could program a login screen.
  • And what is with binaries?
  • Okay, you could use a custom environment, but why should i do that? Who could attack my computer?
  • Is it not much easier to build bedrock or obsidian arround my computer?
  • Okay the best argument is, it is fun. If you have fun then don't stop writing on an antivirus.

Depends on the type of AV you want to build: there are passive and active ones. The passive ones scan files (the simplest ones just compare hashes, more advanced ones check for partial equality with known parts of viruses etc. AFAIK). Active AVs detect the stuff a program tries to do while it runs, checking for malicious intend.This actually made me think of a good use for the "new" setting which allows you to disable automatic booting from a disk: on startup a "permission" system, similar to the one Android uses, is injected into the computer. Then it will continue the boot sequence like normal (with disks). That way you could control the program without having to worry about some AV not picking up some virus. If the computer messes up it's the users fault.

Actually, with some self-promotion, You can put the permission system on a GBios custom pack or /vmgalaxi (it wouldn't really matter), and it would run before anything else. This is a good use for GBios as a Computer Recovery pack, because if the virus writes itself to /startup, and it disables disk startup from that script, there is no way you can fix it with a disk. Assuming no files are damaged, only that the shell is unaccessible and you cannot terminate /startup, you can put an empty GBios release without autoroot for automatically booting into a rescue shell, there you can delete the file and go back to normal.

Real efficient antivirus should be incrusted in ROM because of this, you can avoid viruses that brick your computer just by overwriting /startup and disabling disk statrtup.

I still don't see how using that /vmgalaxi file has any advantages over a TLCO (other than the simpler use after installing it). You can recover the files just fine. Just put the computer into a disk drive and you can edit the files.

A TLCO overrides the parallel processes that bios.lua and allows you to run your own on a global scope and not under multishell, but I suppose you know that. Imagine /vmgalaxi as just another element of the boot sequence. Also, you are comparing a file to an "action", a TLCO might be consised of a library for doing it, a standalone file that does it, or it embedded in another file of the bootsequence. And about the disk drive solution, you'd need another computer and a disk drive for that, and also have named the computer, else it wont save anything. I am planning of adding a force-recovery option to GBios' compile.sh so it only boots to the recovery shell, for this kind of cases.

#17 Sewbacca

  • Members
  • 450 posts
  • LocationStar Wars

Posted 27 December 2016 - 12:44 AM

View Postthecrimulo, on 16 December 2016 - 07:10 PM, said:

-- snip

Or turn off the allow multishell setting with the settings API.
You can use FSector for full controll of an custom fs (Or create just a custom CC resourcepack).

Edited by Sewbacca, 27 December 2016 - 12:44 AM.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users