X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=2.6 required=5.0	tests=AWL,BAYES_40,FREEMAIL_FROM,KAM_THEBAT,TW_YG
X-Spam-Check-By: sourceware.org
Date: Fri, 2 Mar 2012 02:54:29 +0400
From: Andrey Repin <anrdaemon@freemail.ru>
Reply-To: Andrey Repin <cygwin@cygwin.com>
Message-ID: <65073443.20120302025429@mtu-net.ru>
To: Corinna Vinschen <cygwin@cygwin.com>
Subject: Re: BLODA detection code in latest snapshot
In-Reply-To: <20120229085527.GO23440@calimero.vinschen.de>
References: <20120227122614.GB31025@calimero.vinschen.de> <4F4C41B5.7040804@acm.org> <4F4C51D0.70307@acm.org> <20120228094024.GD23052@calimero.vinschen.de> <16210489654.20120229024137@mtu-net.ru> <20120229085527.GO23440@calimero.vinschen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Greetings, Corinna Vinschen!

>> > Yup, confirmed.  This occurs on W7/32 as well.
>> > I add shlwapi to the list of filtered DLLs for which no such message is printed.
>> 
>> Could you please consider making such list configurable, if it's not much of
>> an issue?
>> This feature seems to be the reasonable way for rough detection of potentially
>> malicious presence, but I would like to avoid certain handlers to be reported,
>> such as antivirus' LSP or keyboard hotkey handler.

> Hmm.  Well, this option isn't meant to be used all the time.  It's not
> overly intrusive, but it costs time and Cygwin already isn't exactly
> fast.  For a pure diagnosing tool, does it makes sense to add lots
> of configuration options?

> If you want to make the DLL list configurable, what's your idea?  Another
> env var like, say CYGWIN_DETECT_BLODA_DLL_IGNORE_LIST?

After a good day of pondering the question, I would suggest to not filter out
anything at all.
And i'm leaning to the suggestion of extending cygcheck functionality in the
way of reporting inserted dll's. Probably this should be done by default.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 02.03.2012, <02:51>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple