Author Topic: CalcShield 2010 (Blast AntiVirus Version 5.0) - Beta Testers Needed  (Read 17394 times)

0 Members and 2 Guests are viewing this topic.

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Version 5 of my antivirus software for the TI-83+ or compatible is underway. Features will include this:
( Anything in red means that I am asking an assembly programmer to please help.)

1. A single installer program uses Celtic3 to create the actual antivirus software. No more keeping track of multiple program files or groups (except Celtic3). Upon installation, the installer script will be automatically archived in the event of a crash.

2. Virus definitions stored as a program, not a string, stored in archive, and accessed through Celtic3, line by line.

3. Addition of new program names to the virus definitions manually will be supported.

4. Option to delete will be given, as opposed to Version 4, where a matching program is deleted without you being told.

5. Firewall (asm subroutine) that intercepts incoming silent-linked programs and stores their names to some variable. Then, it will compare the name to the contents of the virus definitions file and give you the reject option if a matching entry is found.
« Last Edit: March 24, 2010, 06:21:16 pm by ACagliano »

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: Blast Antivirus Version 5.0
« Reply #1 on: March 24, 2010, 08:03:14 pm »
For anyone who is interested, by the way, my previous version of the Antivirus (Version 4.0) is provided below. When I made it, I was amazed by its ability, but now, it seems horrible, thus my intent to release Version 5.0


Version 4.0:  http://www.mediafire.com/?kohymtqdwew

You can email any comments or suggestions to me. (or put them here).

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: Blast Antivirus Version 5.0
« Reply #2 on: March 24, 2010, 11:20:06 pm »
One thing I wonder, will the program actually check for the virus code to detect them or just the program name? I am asking since if someone was to send you a virus or if you downloaded a fake program somewhere, your program could potentially miss it if the author changed the name. With Celtic you can copy parts of code to a string and then in your program you could check if parts of that code matches antivirus code.

Also the user should be allowed to setup antivirus sensitivity  so for example it checks for program names and/or parts of their code. If the antivirus reports a bad program, then the user can decide what to do with it (in case it might be false positive)

Personally I don't think I would use it much, though, since there aren't a lot of viruses for calc (ticalc.org deletes them if reported, anyway) and I never send anything to my calc when programming except maybe Mirage, Axe, Celtic III, etc, but maybe some people who have trouble at school with people sending viruses could like this.

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: Blast Antivirus Version 5.0
« Reply #3 on: March 25, 2010, 02:08:24 am »
I would like to write that in, but I would also like it to be able to decompile asm programs and check the hex for malcodes. Of course, I would need to be annoying and bug you assembly people for a subroutine, then. Maybe Basic interpretation atm.

Offline Eeems

  • Mr. Dictator
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 6266
  • Rating: +318/-36
  • little oof
    • View Profile
    • Eeems
Re: Blast Antivirus Version 5.0
« Reply #4 on: March 25, 2010, 11:40:45 am »
Well if you knew the hex codes you could use some of Celtic III's bin->hex to figure it out.
/e

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: Blast Antivirus Version 5.0
« Reply #5 on: March 25, 2010, 12:23:11 pm »
Yep. So I humbly ask any asm programmers who are familiar with destructive hex routines to please post them here or to email them to me at [email protected].

SirCmpwn

  • Guest
Re: Blast Antivirus Version 5.0
« Reply #6 on: March 25, 2010, 12:24:18 pm »
Code: [Select]
pop hl
ret

Offline mapar007

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 550
  • Rating: +28/-5
  • The Great Mata Mata
    • View Profile
Re: Blast Antivirus Version 5.0
« Reply #7 on: March 25, 2010, 12:28:50 pm »
Code: [Select]

ld a,1
ld (appInfo+2),a
bcall(50CBh)

ld a,$7E
bcall(_eraseFlash)

Or something similar... (it should erase the certificate, but I'm not sure if this will work without extra Weird Stuff)

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: Blast Antivirus Version 5.0
« Reply #8 on: March 25, 2010, 12:29:38 pm »
hex????

SirCmpwn

  • Guest
Re: Blast Antivirus Version 5.0
« Reply #9 on: March 25, 2010, 12:46:43 pm »
pop bc ; A1
ret      ; C9

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: Blast Antivirus Version 5.0
« Reply #10 on: March 25, 2010, 12:50:17 pm »
Ok. I'll add these to the definitions file as they come in.

Offline mapar007

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 550
  • Rating: +28/-5
  • The Great Mata Mata
    • View Profile
Re: Blast Antivirus Version 5.0
« Reply #11 on: March 25, 2010, 02:52:32 pm »
This will give LOADS of false alarms. The scanner will say a program is evil every time it pop's BC before a RET, while this sometimes is required. The code will only crash your calculator when the stack level at RET is different from the stack level at the routine's entry point.

SirCmpwn

  • Guest
Re: Blast Antivirus Version 5.0
« Reply #12 on: March 25, 2010, 02:54:54 pm »
BB6DA1C9 wouldn't.

Offline ACagliano

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 919
  • Rating: +32/-2
    • View Profile
    • ClrHome Productions
Re: Blast Antivirus Version 5.0
« Reply #13 on: March 25, 2010, 06:49:51 pm »
This will give LOADS of false alarms. The scanner will say a program is evil every time it pop's BC before a RET, while this sometimes is required. The code will only crash your calculator when the stack level at RET is different from the stack level at the routine's entry point.

Don't worry. I will configure response to that as maximum security. Under lower security, it won't respond to it. Anything else?

Offline Iambian

  • Coder Of Tomorrow
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 739
  • Rating: +216/-3
  • Cherry Flavoured Nommer of Fishies
    • View Profile
Re: Blast Antivirus Version 5.0
« Reply #14 on: March 25, 2010, 07:10:32 pm »
I'm just gonna drop this attachment here, while you're working on some sort of antivirus. The IRC'ers will know what this is for.
A Cherry-Flavored Iambian draws near... what do you do? ...