Is it possible to write an antivirus program in Java such as that it can intercept a program from being executed? Can I have such a deep control of the OS in Java?
update: what about c#? same restrictions apply or that is a better way?
+10
A:
Having such influence on the OS is possible. There is only the problem, that you will lose the platform independency or at least have to write the code for every given platform due to the reason that such actions require quite deep access of the system which could be achived with JNI, which would tie the method you use it in to the OS.
HalloDu
2010-02-23 21:05:18
Yep. JNI would be required for this, and at that point you're not writing pure Java anymore.
Mike Daniels
2010-02-23 21:20:52
it could be *hacked* together with JNI, allowing you to write C++ that masquerades as java...
CrazyJugglerDrummer
2010-02-23 21:33:57
+1
A:
As HalloDu said, this is technically possible with the use of JNI. However, IIRC, most antivirus programs use some sort of driver to intercept opened files and scan them before allowing the OS to continue using the file. This being the case, the amount of native code you would have to write (in C or possibly C++) would be substantial and is likely to outstrip your Java code in size.
When writing low-ish level apps, I'd stick to C. However, it might make sense to code things like the GUI in a higher level language, though Java wouldn't be my choice there either, because it's kind of a pain to interface with C. Personally, I'd do the whole damn thing in C just because mixing languages tends to be a pain. If I had to mix languages, my choices would by C and python, simply because ctypes makes interfacing with C really easy.
Chinmay Kanchi
2010-02-23 21:19:34
I don't think this is relevant, the OP sounds as if the goal is to write the entire solution in Java.
hmcclungiii
2010-02-23 21:21:45
Perhaps my mentioning python isn't totally relevant, but I use it largely as a comparison to JNI, which you would have to admit, is kind of a pain to work with.
Chinmay Kanchi
2010-02-23 21:23:14
JNA (Java Native Access) works great when you need to interface C code with Java.
jb
2010-02-23 21:32:21
Nice! I didn't even know this existed. It's been a long time since I needed to interface C and Java code.
Chinmay Kanchi
2010-02-23 22:17:23
+3
A:
I don't think that sort of control is possible with Java, primarily because it uses a VM and is shielded from the OS. Or rather the OS is shielded from the Java VM. This is by design.
Edited to add for clarity: I am assuming that you want to write the entire solution in Java, and not mix languages.
hmcclungiii
2010-02-23 21:20:42
A:
It is possible with the JNI. You would mostly be using Java for a GUI and C/C++ for any other sort of antivirus work though.
Kavon Farvardin
2010-02-23 21:30:34
+1
A:
I am not convinced that it would work even with JNI.
In the case of "intercepting" when the OS starts a new process (or writes to a file or whatever), you need to write some kind of driver or kernel module which hooks into the OS. That driver/module is most certainly written in native compiled code. So the OS is the one in charge here, and will eventually call your native module.
So, as I see it, Java is not even involved here.
Thats the basic approach anyway. It may be possible using something like pam in Linux which is configurable to do almost anything related to security and file/process permissions and can call other processes to do its bidding. Seems far fetched though to run a JVM instance for each new process the OS tries to start.
Martin Wickman
2010-02-23 21:56:27
A:
What is the point in making your own Antivirus? It is a lot of work, but I guess it would be cool if you made it a portable one that block and removes all the more nasty ones. If you must persist, ClamAV, it is an open source and pretty good AV (no realtime protection) but programmed in C++.
Dr Hydralisk
2010-02-23 22:05:38
I'm thinking about a new kind of antivirus so I will need to have the same access of the traditional ones
MaurizioPz
2010-02-24 10:08:12
Well as far as I know, that is the only open source one, or at least, the only one that is still activly maintained. But if you can under stand the source code to it, I am sure making a realtime scanner would not be to much of a challange?
Dr Hydralisk
2010-02-24 17:25:26
A:
Your best bet might be to write the GUI and much of the logic in Java, then have a C or C++ back-end that does the scans.
You can then re-use the front-end across platforms and keep the platform specific stuff in the lower levels.
This way you can use the strengths of both languages--Java's platform independence and ease of use and C/C++'s ability to directly access the underlying platform.
Bill K
2010-02-23 22:22:15