> But the problem is unsolvable. Don’t you see that? Whatever your process can do, a malicious
process can do as well, and can also UNDO.
Well, this is just the question of who was the first one to get there…
If you install such a product on a clean machine there will be simply no malicious processes in sight, unless it was user’s choice to allow them to run by installing their binaries. However, if the target machine has been already infected by the time you install your process there is nothing that can be done.
To put it simply, there are 3 security problems - prevention, detection and cleaning. The first one is perfectly solvable at the target system itself as long as it is clean, the second one may be sometimes solvable at the target system as well, and the third one is simply infeasible unless you use some independent installation, rather than a target system itself - you just cannot do anything about the system that has been compromized at the level of its kernel…
Anton Bassov