Viruses, trojans, etc. fixing instead of deleting or stopping install

pintree3 · 18 Dec 2014

A thought occurred to me time ago which begged a question. It seems that all anti-virus, anti-trojan. malware programs etc. do is stop something malicious from installing and stuff. But why isn't there software that actually fixes such a malicious thing from happening?
I mean if you download, or try to install something potentially malicious, out pops a window from your anti-virus blocking it/deleting it. Why not just fix the thing so the malicious part is removed and all else works as it should? Is such a thing that difficult to do?
I mean someone wrote the code for software 'A" and someone wrote the code for virus "B" inside 'A'
Can't we simply do (A + its code) - (B + its extra code) = A + its code
Another thing that has bothered me in the past, is that given information on such a thing, either by your software or online sites such as VirusTotal, is limited in actually explaining what the given file will do. What I mean is, Can't it tell you beside what files will be installed and where they are going and a general description tell you something like. "This exe is going to create files A,B.C.D and place them here. Besides this they will create a registry entry written as such xxxxx and placed here. What these will do is File xyz will make a phone call every time you ..... and file abc, in writing bla, bla bla will copy files this and that and then rewrite them as such and then send them to bla, bla bla.
In other words tell me as exactly as possible what it will do, how it will do it, where and when it will do it, and why I won't want this.
To me it's like inviting strangers to your house so to speak; there may be some you won't want to come in, but there may be others you would allow in, even if your neighbors may not like them.

Gator · 18 Dec 2014

Those programs do exist, you usually have to pay for that feature though. Almost all Anti-virus protect you in real-time but Malware, spyware and adware protection typically allow the infection to be installed then you need to run the program to get rid of it.

For example, Malwarebytes and SuperAntiSpyware are two good programs that you can pay a relatively small amount of money for the pro version and get real-time protection. Now this doesn't mean you are always protected 100% of the time, even if you update daily. Definitions for viruses/malware are updated all the time and that doesn't really account for the zero day exploits you may run across. Nobody on earth is protected for zeroday attacks. You simply react.

Layback Bear · 19 Dec 2014

Many quality security programs will stop things from entering your computer.
I can remember MSE and Malwarebytes popping up a flag stating blocking something or another. That is why you run them active.
It is not the job of the security programs to repair programs on the way in your system that are infected. Just be happy they stopped them.

If you are downloading a programs or what ever that is infected and your security programs complain just don't download that program.

Are you having any problems downloading something??

pintree3 · 19 Dec 2014

I do have Malwarebytes. I think it's great. As to the rest, I stopped downloading anything illegal or even suspicious, or even legal with adware, or other stuff ages ago. I don't even go to websites that may cause trouble and seldom go to websites I don't know. There are plenty enough of web sites that I do know for me to bother looking at anything new--exceptions exist based on things read or recommended.
My question was purely for educational purposes. Basically I was not concerned on what could stop stuff; I was asking why something hasn't been made whereby it doesn't stop it, but actually 'repairs it' instead, so to speak.

mdd1963 · 20 Dec 2014

Unfortunately, not all infections/viruses/miscreant lines of code are simple little additions to ordinary programs/files, waiting to be plucked like ripe apples; once some files/programs are infected, some are virtually impossible to clean (if even possible at all), mandating format/reinstalls and loss of all data.

whs · 20 Dec 2014

Fixing a system after malware is removed is nearly impossible. My strategies are:

1. I make frequent images to 2 external disks that are normally disconnected.

2. I do most of my internet work from a virtual Linux system where chances to catch malware are quasi nil

pintree3 · 21 Dec 2014

you're right mdd1963. Obviously I'm a total ignoramus erectus when it comes to coding and all involved. I was after all looking at it from a most simplistic POV. What I thought of was: You have executable 'A' which is supposed to do a given action (start the program and all that is part of it). The virus creator takes this exe and add things to it or changes some things. My thinking was, since the original is know then it's a question of making the fake one be like the real one.
OK I understand that when you are creating a hack, for ex. to use a software illegally then making A be = to B defeats the purpose but I wasn't thinking of this. I was thinking of all being legal software. I did mind you think of the illegals stuff as well, and though not a main concern I did feel that somewhere in there there is something like, "Hey once your executed call home and give me this guy's XYZ" and therefore it would be a question of deleting this line. But as I said, I am aware that software is not that simple nevertheless I do feel something could be done along these lines to get as closer to what current anti virus, anti this/that are doing.
For ex., we do know exactly everything there is to know about viruses of 5-10-15 years ago, don't we not? And any present software to stop such a thing would easily do so now, would it not? but why can't it do more, do what I suggested, at this point in time? Not knowing the answer to this question is what I was hoping to learn. In all other sciences, architecture, engineering , chemistry etc. starting from the time of the Romans we know today what works and why and how to improve, alter or change such things to a large degree. That is how, a watch, and a TV and a phone and a flash light can now exist individually on their own in many different forms and yet also all exist within a cell phone doing the exact same function and more. Again I plead ignorance hence my reason for wanting to be educated.

pintree3 · 21 Dec 2014

whs I have a question for you. You wrote that you use a ''virtual Linux system'' to do your web surfing.
I use 'Sandboxie' instead. Do you know it? If so why not use it instead of Linux. They seem to work the same way by creating a virtual box but without the trouble of what is needed for the Linux way.

whs · 21 Dec 2014

I guess you are right for someone who has no virtual Linux systems. But I have 5 different virtual Linux systems and they are the most handy for me. Long time ago I tried Sandboxie and did not really like it. For me it was more difficult to operate than my Linux system. It is just a matter of preference.

The one Linux I use the most is Mint Mate - a really nice system. See one of my demos here (now this one is on a stick which I use to recover data from dead systems that my friends always end up with). But the stick version and the virtual version are basically the same except that you can get into all partitions on the system with the stick version.

pintree3 · 21 Dec 2014

whs said:

I guess you are right for someone who has no virtual Linux systems. But I have 5 different virtual Linux systems and they are the most handy for me. .......
The one Linux I use the most is Mint Mate - a really nice system. See one of my demos here ......

I watched your video. Thanks. I assume based on your last name, your accent and the photo on your video that you are German. I found this interesting because I being from North America imagine the person responding, with very good English as yours, to be from here as well. I speak 5 languages myself and find it most interesting how people for ex, from Germany, Holland and Scandinavia, in general have a larger percentage of people with very good English, compared to the rest of Europe. Things may have changed recently since the last country I was in Europe was Italy while the rest of Europe hasn't been seen for 7 years--and even in Italy I have seen a vast improvement.
Back to your point if I may, Why do you use 5 different distros? The one I have used in the past is Ubuntu, it being the easiest, for me at least. (BTW have you heard of the 'DuckDuckGo' search Engine?