Jimmyx1000
asked on
How to Distinguish Between 2 files vb6
I am scanning my hard drive for a virus or spyware file
How can i Distinguish Between 2 of the same filenames in different directories.
filename1.exe which could be a true system file
and
filename1.exe which is a virus or spyware
How can i distinguish between the real file and the virus file
ive thought about the length of the files as one distinguising feature.
How do virus companies do it , i dont have access to virus strings so i could not
use this method.
How can i Distinguish Between 2 of the same filenames in different directories.
filename1.exe which could be a true system file
and
filename1.exe which is a virus or spyware
How can i distinguish between the real file and the virus file
ive thought about the length of the files as one distinguising feature.
How do virus companies do it , i dont have access to virus strings so i could not
use this method.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>But that'd require you to know how every file is signed.
No, you have to sign every (sensible) file by your own. There is not a signing standard at all, so that is impossible.
No, you have to sign every (sensible) file by your own. There is not a signing standard at all, so that is impossible.
ASKER
I know that virus strings are hard to obtain but as for
spyware info these seem much easier.
spyware info these seem much easier.
If your machine is not infected, then signing all sensible files and comparing later is an effective tecnique.
I agree that there's not a standard. As I understand it though there are various means of signing an executable (e.g. certificates, Microsoft's Authenticode, . If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to know how they singed it in order for you to be able to verify that it's unchanged. Wouldn't that be correct?
>If that's correct, then to verify that a given executable hasn't changed since the creator released it would require you to
> know how they singed it in order for you to be able to verify that it's unchanged. Wouldn't that be correct?
No, there doesn't exists a secure method to do that, since there is no standard method for signing or verifying.
All you can do is to prevent for files to be modified since last own-signing.
> know how they singed it in order for you to be able to verify that it's unchanged. Wouldn't that be correct?
No, there doesn't exists a secure method to do that, since there is no standard method for signing or verifying.
All you can do is to prevent for files to be modified since last own-signing.
Then what is the point of signing files? If there's no method of verfying the signature and confirming that the file hasn't changed, then why bother signing them at all?
to avoid to be changed from now.
Virus detection and virus prevention are different issues.
ASKER
thanks for the info experts
Popular hash tecniques are CRC-32, MD5, SHA, etc.
But notice if you have currently some file infected this scheme will not work, anti-virus companies also search for specific binary strings inside exe's, dll's and other files to detect the presence of a known virus.