Why can't malware alter File-Checker?

Discussion in 'FileChecker & ID-Blaster Forum' started by briflan, Sep 29, 2005.

Thread Status:
Not open for further replies.
  1. briflan

    briflan Registered Member

    Sep 29, 2005
    Is File-Checker just another un-necessary layer of anti-spyware? I'm playing Devil's Advocate here, but it's a real question that I'd like to see in a FAQ about File-Checker, or on the File-Checker download page. As File-Checker gains popularity, won't it be targeted by malware along with the other major free anti-spyware programs? Does File-Checker have any safeguard against this?
    Last edited: Sep 29, 2005
  2. herbalist

    herbalist Guest

    While it would be theoritically possible for some malware to be specifically designed to compromise Filechecker, it's quite unlikely for several reasons.
    1, When compared to the more well known and big name security apps, Filechecker has a much smaller group of users. Usually, attacks directed at security software will be aimed at the big boys. Norton's been compromised. Vulnerabilities have been found in others.
    2, Direct attacks on security software usually target the apps the connect to the internet, firewalls being the more commonly attacked security software. Since Filechecker doesn't connect to the net, it would be much harder to attack in this fashion.
    3, Other than shutting it down, about the only thing that could really be done to Filechecker is to alter the checksums and file data it stores to match what a compromised file would display. Something like this could only happen on a system that's already compromised or one with nonexistant security in place. Either way, it definitely would mean that the user has much bigger problems to address.
    As for malware shutting it down, if your security package also includes good process control/monitoring, some of these like SSM can be configured to restart it if it gets shut down. Good process control would intercept a malware program like that from ever starting up in the first place.
    Filechecker isn't an antispyware per se. It's a file integrity checker. Protecting critical system files is a necessary part of a good security package. Different viruses and malware can attach themselves to existing files or replace them with their own, using the same names. At times, these replaced files do the same jobs as the originals, plus a few they shouldn't. Filechecker alerts to changes in any files you set it to monitor. While it's mostly used to monitor critical system components, program executables, and configuration files, it can be used to check a lot more. Such a list can include business records or receipts, databases, code for a program you're developing, personal files, a collection of scripts, etc. It can actually watch any file or filelist as long as you save the list when you're done working with them.
  3. cantroler

    cantroler Guest

    I wounder how it works booting with BartPE and running the firechecker from there?
Thread Status:
Not open for further replies.