I know that there are some commercial organizations working on getting
Dazuko ported to WindowsXP. But I have no idea when that will be
finished (or if it will be available at no cost). With WindowsXP Dazuko
would be implemented as a mini-filter. This involves using
Microsoft-Proprietary interfaces. To use these interfaces requires a
license and signing a non-disclosure-agreement. This means that Dazuko
for WindowsXP could never be open source.
Hold on. If I scanned (`string`) MS DLL files and found these
interfaces, and wrote code into Dazuko to use them which I'd
subsiquently use to write my software, then suddenly I'd be arrested and
sued and tons of sh*t because (OMFG) I wrote a program that makes the
user's experience better by going through hooks in the OS and deflecting
viruses without a virus definition file?
I'm looking at a preemptive-reactive solution of course. When a program
or library would be modified, it will be copied; further access to it
would access the copy. Then the user is warned about the modification
or replacement. If he wishes to allow it, a signature is generated, and
future access goes to the original; copy is deleted. If he wishes to
roll back the change (maybe libclamav detects a virus and we tell him he
SHOULD roll back the change; maybe nothing but we tell him this might be
a concern anyway and he decides to just to be safe) then the old copy is
put back.