EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Callback filesystem application

Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.
#10486
Posted: 06/28/2009 01:23:12
by xion_more  (Basic support level)
Joined: 05/05/2009
Posts: 19

Can we use callback filesystem as file system monitoring?
Anybody could tell technical details about the callback filesystem.
#10487
Posted: 06/28/2009 04:05:29
by Eugene Mayevski (EldoS Corp.)

Please explain your question. If you want to track changes on existing file system, then you need CallbackFilter. If you want to monitor activity on your virtual file disk, created with Callback File System, then why not?


Sincerely yours
Eugene Mayevski
#10488
Posted: 06/29/2009 00:15:08
by xion_more  (Basic support level)
Joined: 05/05/2009
Posts: 19

what is the effect on the callback filter if the system was attacked by filesystem viruses.
Is that any protection mechanism?
#10492
Posted: 06/29/2009 05:02:43
by Eugene Mayevski (EldoS Corp.)

I don't understand the question, sorry. Please describe your task rather than asking partial questions.


Sincerely yours
Eugene Mayevski
#10493
Posted: 06/29/2009 06:26:23
by xion_more  (Basic support level)
Joined: 05/05/2009
Posts: 19

Its very much simple.
For instance, I got a virus which attacks the filesystem of the windows operating system. what it does it infect the filesytem and tries to hide. Ita kind of polymorphic in nature and keep on traversing the entire filesystem , making lots of copies of virus or viral code.

Now, my question , is that callback filter can detect kind of anamolies??

Thanks
#10494
Posted: 06/29/2009 06:29:10
by xion_more  (Basic support level)
Joined: 05/05/2009
Posts: 19

One more question.
what kind of driver mode is been used while writing the callback filter.
is that
kernel-mode driver or user-mode driver??

I m asking this question coz i m thinking to use your product for filesystem monitoring sub-model in my XXX product( Cant tell my software name coz of legal issue)

Thanks
#10497
Posted: 06/29/2009 06:48:14
by Eugene Mayevski (EldoS Corp.)

All file system and FS filter drivers are kernel-mode.


Sincerely yours
Eugene Mayevski
#10498
Posted: 06/29/2009 06:49:44
by Eugene Mayevski (EldoS Corp.)

Quote
xion_more wrote:
For instance, I got a virus which attacks the filesystem of the windows operating system. what it does it infect the filesytem and tries to hide. Ita kind of polymorphic in nature and keep on traversing the entire filesystem , making lots of copies of virus or viral code.

Now, my question , is that callback filter can detect kind of anamolies??


CallbackFilter is a filter. It doesn't detect anything. It just passes information about the calls to your code and it's up to you to filter anything you want. Note, that the kernel-mode process can bypass the filter stack.


Sincerely yours
Eugene Mayevski
#10499
Posted: 06/29/2009 07:27:44
by xion_more  (Basic support level)
Joined: 05/05/2009
Posts: 19

Quote
Eugene Mayevski wrote:
All file system and FS filter drivers are kernel-mode.


So, it means that , you developed a driver for callback filter and build it at your production environment. Result a sys file , which finally copies into system directory.

If that is that case. Any virus can infect a sys file coz it a binary executable format file. I dont have any idea how you implemented that stuff.
But i believe theit should be some sort of protection mechnism to protect your sys files.

Please reply what you think or am i making some mistakes.

Thanks
#10500
Posted: 06/29/2009 07:35:47
by Eugene Mayevski (EldoS Corp.)

This is administrator's problem to prevent misuse of the computer, not ours. Under limited accounts the virus, even when started, can't modify contents of system folders. One should not work under full access account or he/she should be ready to face the consequences.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 6217 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!