Re: The Big List of Dodgy Apps

[Christopher Faylor <cgf-use-the-mailinglist-please at cygwin dot com>]

On Tue, Mar 20, 2007 at 05:23:54PM -0000, Dave Korn wrote:
>On 20 March 2007 17:03, Christopher Faylor wrote:
>
>> On Tue, Mar 20, 2007 at 02:43:45PM -0000, Dave Korn wrote:
>
>>> Windows Defender
>> 
>> Funny but I didn't notice any problems when I was running Windows
>> Defender.
>
>  I got that from this post:
>http://www.cygwin.com/ml/cygwin/2007-01/msg00742.html
>
>  It's not fully explained in the event log but it looks like it checks the
>executables that implement services and warns/blocks if it looks like the file
>has been altered.

Hmm.  Maybe that was it.  I only ran it for a week or so and possibly I
wouldn't have noticed.
 
>>It sure would be nice (tm pending) if we had some way of detecting
>>these problematic applications automatically.  It would be even nicer
>>if we had someone who was dedicated to making cygcheck be all that it
>>could be wrt detecting potential sources of problems and, even,
>>suggesting solutions.
>
><nods sagely> I'll try and find some tuits.  If nothing else it might
>save a lot of time just to have the information listed in cygcheck.  We
>probably want to give it the ability to detect that a badware exists or
>is installed by looking for 1) registry keys that would indicate it has
>been installed 2) presence of named executables in known (i.e.  default
>install) locations and 3) presence of named executables in list of
>current running tasks.
>
>Anyone can suggest any other useful detection mechanisms?

It sounds like you have everything covered.

If this is implemented, maybe it should also be turned off with a
command line option.

cgf