|
Title: Antibodies Post by: yogi on March 15, 2012, 02:14:49 PM I am floating an idea here to asses its merit. Its unrelated to bitcoin but is p2p.
The idea is called Antibodies (p2p antivirus). An antibody in this context is a package of data containing information, name/author/... , and most importantly a script. The antibody client connects to a p2p network that share's its antibodies with other nodes. Antibodies are prioritized and run in the background. They have only got read access to the memory/filesystem of local system. They can also send a message to the user such as "Warning, this system is infected with a virus!". And if you have the skills you can publish your own antibody. Obviously there would be the potential for spammy antibodies but the network would have a degree of resiliency to this as you can choose to mark an antibody as 'BAD' and this information is shared across the network. Title: Re: Antibodies Post by: moocow1452 on March 15, 2012, 02:22:00 PM Seems like it works on paper, but you'd probably create a bigger monster if someone found a way to spike the network.
Title: Re: Antibodies Post by: Remember remember the 5th of November on March 15, 2012, 02:39:40 PM I like the sound of this. Anti-virus companies take time to update virus definitions, but a p2p one, we could potentially mark a file as a virus, that could be new, though we need some proof-of-virus algorithm.
Title: Re: Antibodies Post by: RodeoX on March 15, 2012, 02:44:22 PM I like the sound of this. Anti-virus companies take time to update virus definitions, but a p2p one, we could potentially mark a file as a virus, that could be new, though we need some proof-of-virus algorithm. Yeah, that's a good point about "proof-of-virus". Legitimate programs are flagged as viri all the time, even bitcoin. But the overall idea is kinda cool, and just the sort of task that could work in a crowd sourcing environment. Title: Re: Antibodies Post by: benjamindees on March 15, 2012, 05:05:51 PM Maybe you could track the antibodies in a block-chain. Design it so that only those who have access to the virus in question can hash it and vote on whether the antibody is valid or a false positive. Mining the block chain and voting on antibodies then replaces your anti-virus subscription.
Title: Re: Antibodies Post by: yogi on March 15, 2012, 05:44:46 PM Finding a good way to determine good from bad antibodies is definitely the crux of the problem here.
Title: Re: Antibodies Post by: CA Coins on March 15, 2012, 06:27:46 PM Nice idea, but I see several issues. Like you mentioned, differentiating between good/bad is tough. Even our own immune system has issues with it, hence the multitude of auto-immune diseases. Also, I doubt many people are going to let a p2p software scan their system even if it is just read-only.
Title: Re: Antibodies Post by: RodeoX on March 15, 2012, 06:32:43 PM Nice idea, but I see several issues. Like you mentioned, differentiating between good/bad is tough. Even our own immune system has issues with it, hence the multitude of auto-immune diseases. Also, I doubt many people are going to let a p2p software scan their system even if it is just read-only. Hmmm. true. Perhaps the scan can be preformed with only the results viewable on the network? Title: Re: Antibodies Post by: CA Coins on March 15, 2012, 06:47:18 PM Not sure what you mean, the scan results are only viewable on the network and not by the end-user?
Title: Re: Antibodies Post by: moocow1452 on March 15, 2012, 06:48:10 PM Could it be an issue if you have a list of open ports and ip addresses that the Antibodies would be hooked up to, and one buffer overflow later, you got yourself a premade botnet ready to roll?
Title: Re: Antibodies Post by: yogi on March 15, 2012, 06:58:08 PM Could it be an issue if you have a list of open ports and ip addresses that the Antibodies would be hooked up to, and one buffer overflow later, you got yourself a premade botnet ready to roll? No, antibodies run inside a script engine that only has safe read bindings. It can only look and tell user what it see's. Title: Re: Antibodies Post by: RodeoX on March 15, 2012, 07:04:50 PM Not sure what you mean, the scan results are only viewable on the network and not by the end-user? I may be in over my head here, but I was trying to think of a way to limit what info is broadcast to other peers on the network. For example, I would not want my directory structure to be viewable to other peers. Title: Re: Antibodies Post by: yogi on March 15, 2012, 07:28:57 PM Not sure what you mean, the scan results are only viewable on the network and not by the end-user? I may be in over my head here, but I was trying to think of a way to limit what info is broadcast to other peers on the network. For example, I would not want my directory structure to be viewable to other peers. Peers only exchange antibodies not system info. Title: Re: Antibodies Post by: naypalm on March 15, 2012, 10:42:31 PM That would be one big ass block file for all the viruses out there. Really good idea though.
Title: Re: Antibodies Post by: Phinnaeus Gage on March 16, 2012, 12:18:00 AM Not sure what you mean, the scan results are only viewable on the network and not by the end-user? I may be in over my head here, but I was trying to think of a way to limit what info is broadcast to other peers on the network. For example, I would not want my directory structure to be viewable to other peers. Same here (see bold above), but allow me to suggest branding this idea with something better than antibodies. ~Bruno~ Title: Re: Antibodies Post by: moocow1452 on March 16, 2012, 12:49:19 AM p2pwn?
|