VB.net隔离技术

发布于 2024-10-19 10:42:55 字数 185 浏览 7 评论 0原文

我正在考虑一种向我的防病毒应用程序添加隔离功能的有效方法:

  • 将文件复制到指定目录并将其扩展名更改为无(*.)。
  • 将文件的二进制代码保存在 XML 数据库中。

哪种方式更好?

但是,我不知道一旦用户想要恢复文件,我将如何重新编译二进制代码。

I was thinking of an efficient way to add quarantining abilities to my antivirus application:

  • copy the file into a specified directory and change its extension to none (*.).
  • save the file's binary code in an XML database.

Which way is better?

However, I have no idea how I will recompile the binary code once the user wants to restore the file.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

冷弦 2024-10-26 10:42:55

一种方法是使用加密引擎加密二进制文件并将其移动到隔离文件夹中,您可以创建一个随机密码并使用该密码加密该文件并将其存储在某处(该密码也可以使用主密码进行加密)钥匙)。这可能是最简单的隔离方法。要取消隔离,只需编写与隔离代码完全相反的代码即可。将文件枚举到列表中并将其过滤掉,然后当用户单击某个项目并按取消隔离时,它会以文件路径作为变量调用取消隔离函数。

A way to do this is to encrypt the binary file using an encryption engine and moving it into a quarantine folder, you could create a random password and encrypt the file with that password and store it somewhere (that password could also be encrypted with a master key). That is probably the easiest way of quarantining. To unquaranine, just write the complete opposite of the quarantining code. Enumerate the files into a list and filter it out, then when the user clicks on an item and presses unquarantine, it calls the unquarantine function with the filepath as the variable.

夏末染殇 2024-10-26 10:42:55

如果我必须这样做(再一次,根据我的评论,我一开始就不想处于这种情况),我将使用一个进程内数据库引擎,该引擎对加密和大格式二进制数据具有本机支持。我认为 sql Compact 或 sqlite 都适合这个。

我不会使用 xml,因为它是纯文本,可以轻松提取二进制数据,而且我不会只更改扩展名,因为该文件仍然可以轻松执行。两者都不是隔离区。

请注意,重命名选项可能是迄今为止我所讨论的最“有效”的选项,但是在处理安全软件时,正确性始终是您首先关心的问题。有时,您可能会为了性能而牺牲正确性(3D 游戏渲染软件一直这样做,效果很好),但安全软件不属于此类。

你能做的就是稍后优化。例如,反病毒引擎使用启发式(仅在大多数情况下有效的经验法则)来提高软件速度,它们这样做的方式有利于误报,然后必须更仔细地检查误报,而不是可能丢失威胁。这之所以有效,是因为更仔细地检查每个项目的代码是首先编写并经过实战测试的。

If I had to do this (and again, I wouldn't want to be in this situation in the first place, per my comment), I would use an in-process database engine with native support for encryption and large-format binary data. I think sql compact or sqlite both fit this.

I would not use xml, because it's plain-text and the binary data could be easily extracted, and I would not just change the extension, because the file could still easily be executed. Neither are much of a quarantine.

Note that the renaming option is probably the most "efficient" of what I've seen discussed so far, but when dealing with security software correctness should always be your first concern over efficiency. There are times when you can compromise correctness for performance (3D game rendering software does this all the time, to great effect), but security software is not in this category.

What you can do is optimize later. For example, anti-virus engines use heuristics (rules of thumb that will only hold most of the time) to make their software faster, they do this in a way that favors false positives that must then be more-closely checked rather than potentially missing a threat. This only works because the code that more-closely checks each item was written and battle-tested first.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文