Today I am unveiling my AV I programmed from scratch. It includes User-Mode Scanning, Kernel Mode Scanning and a unique feature present in no AV until this day a MBR scanning module which operates from Boot Record in order to check for Malware alerts, my AV uses heuristics to scan, it has two protection features -
Complete Hook on system from User-mode till MBR
Elevation
These completely deny access to the AV thus protecting the AV. The AV project was programmed for around 10 months, it was programmed in VS2012 Ultimate.
I present to you Epsilon Anti-Virus solution, it is free of cost and it can compete with Commercial AV solutions. In fact it can remove few Malwares even AVG cannot. Apart from that the AV has a fantastic new feature dubbed "Network" which allows a Network Administrators to change AV setting on all Computers with Network feature enabled properly. This means there is no large operation to change AV settings. It is click'n go.
The User Interface is also designed to be beautiful and encourage the user to explore it. It is designed to be used by Computer Newbies till Computer Experts.
Epsilon Anti-Virus solution can also block infamous Malwares like:
[-] ZeuS
[-] Spy Eye
[-] Citadel
[-] Andromeda
[-] And More!
Epsilon Anti-Virus solution starts up before the OS even runs therefore can prevent Malwares which operate and subvert the windows kernel.
I am not going to reveal much of the Screen-Shots but here is the main panel, it is metro theme I will release more screen shots but tell me how you feel about this project:
http://i.imgur.com/h8ML2Zg.png
Tell me about it I will be posting more screen shots through this thread life-time.
Thanks!
I am creating a MBR based persistence module for AV therefore I can prevent Malware from removing the AV from system, that way if the AV is removed the system will boot up simple persisting back to original state again.
What if the virus is a boot sector virus? Bam, AV is gone.
If, most of you don't believe it fine it is up to you right. Not my problem I am just showing what I am doing besides I am not selling it, next if you don't want it don't comment simple,
Also chrisname, you are right but as I said there are other modes of security back-up, kernel - user-mode, these can remove those type infections aside that we can easily put persistence modules on the MBR. Next there are not many Boot Sector Viruses which work on Windows 7 - till Windows XP although there are lots most of them are Old-School, and only work on MS-DOS which was created about 10+ years ago. I know the MBR remained the same for all those years but for some unknown reason not many MBR level rootkits are hitting the Malware Market except from the few famous one:
Carberp (Which is now public so expect more MBR kits in future)
Sinowal (Again being Decompiled and reversed to get source code)
Next, I am not Black-Hat check my threads, in-fact I am a White-Hat. If someone doubts, it okay it is natural to someone have doubts but my previous thread which EssGeEich posted was trying to protect a file rather than scan it. Apart from that I am not trying to "infect" people because it seems like you all think that. Next everyone seems not be huge fan of AV development, if so does none of you not even have a AV.
Look I am not, here to infect and mess around I am just showing you my creation that's all.
Beside darkestfirhgt are you incapable of research or what, all AV place hooks on the system to protect themselves and help detect Malware on system. Apart from that Mcfee has MBR level protection as well:
http://www.mcafee.com/uk/solutions/mcafee-deepsafe.aspx
So you cannot really complain saying it is crap and not possible.
Look I am not, here to infect and mess around I am just showing you my creation that's all.
Post its source code in an article, to be scrutinized and enjoyed by others. That's why you're here, posting this thread on a programmer forum, right? Otherwise you'd be on a security forum instead.
And I must say, Epsilon is a very nice name, although I've always been partial to Upsilon.
Next, I do like Epsilson and now that you introduced me to Upsilon I like it as well becuase both remind me of something futuristic , I know weird right but its me.
I don't always think like this...
But you should avoid posting source codes of such things, who used a lot of your time.
Not right now maybe. You should do it at a second time, when the AV is already running around.
But you should avoid posting source codes of such things, who used a lot of your time.
Why? All this does is slow down society - there are others who could benefit from reading your source code sooner than later. Unless this is a commercial work, what point does he have to keeping the source private?