This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: BLODA detection code in latest snapshot

Greetings, Corinna Vinschen!

>> > Yup, confirmed.  This occurs on W7/32 as well.
>> > I add shlwapi to the list of filtered DLLs for which no such message is printed.
>> Could you please consider making such list configurable, if it's not much of
>> an issue?
>> This feature seems to be the reasonable way for rough detection of potentially
>> malicious presence, but I would like to avoid certain handlers to be reported,
>> such as antivirus' LSP or keyboard hotkey handler.

> Hmm.  Well, this option isn't meant to be used all the time.  It's not
> overly intrusive, but it costs time and Cygwin already isn't exactly
> fast.  For a pure diagnosing tool, does it makes sense to add lots
> of configuration options?

No, it doesn't. I've asked "just in cause" :)

> If you want to make the DLL list configurable, what's your idea?  Another

Registry key (REG_MULTI_SZ) would be better.
Speaking of which (a list of potentially intrusive DLL's) - do you filter by
DLL name or it's full path?
Because, %SystemRoot%\system32\shlwapi.dll is likely to be harmless.
But same name DLL inserted from any other place...

Andrey Repin ( 29.02.2012, <16:09>

Sorry for my terrible english...

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]