This is the mail archive of the
cygwin-talk
mailing list for the cygwin project.
Re: The Big List of Dodgy Apps
On Tue, Mar 20, 2007 at 05:23:54PM -0000, Dave Korn wrote:
>On 20 March 2007 17:03, Christopher Faylor wrote:
>
>> On Tue, Mar 20, 2007 at 02:43:45PM -0000, Dave Korn wrote:
>
>>> Windows Defender
>>
>> Funny but I didn't notice any problems when I was running Windows
>> Defender.
>
> I got that from this post:
>http://www.cygwin.com/ml/cygwin/2007-01/msg00742.html
>
> It's not fully explained in the event log but it looks like it checks the
>executables that implement services and warns/blocks if it looks like the file
>has been altered.
Hmm. Maybe that was it. I only ran it for a week or so and possibly I
wouldn't have noticed.
>>It sure would be nice (tm pending) if we had some way of detecting
>>these problematic applications automatically. It would be even nicer
>>if we had someone who was dedicated to making cygcheck be all that it
>>could be wrt detecting potential sources of problems and, even,
>>suggesting solutions.
>
><nods sagely> I'll try and find some tuits. If nothing else it might
>save a lot of time just to have the information listed in cygcheck. We
>probably want to give it the ability to detect that a badware exists or
>is installed by looking for 1) registry keys that would indicate it has
>been installed 2) presence of named executables in known (i.e. default
>install) locations and 3) presence of named executables in list of
>current running tasks.
>
>Anyone can suggest any other useful detection mechanisms?
It sounds like you have everything covered.
If this is implemented, maybe it should also be turned off with a
command line option.
cgf