Suggestion/Question: Engine CRC Check

[RickJ]

While playing Kairus' new Garfield game I discovered my PC was infected with a virus.  I got a weird message saying something about needing to "run the AGS editor and save a file or something" whenI tried running the game.exe.   It had worked previously so I tried reinstalling the game (unzipping it basically).  When I did so, I noticed that several of the files were now a bit bigger than they were in initial installation.  Viloa!! No! I mean #$#@$@, I have  virus...

Ok, so my idea is to include a purposeful test in the runtime engine to see if the exe has been modified and then displaying a relevant message.   In this way games created with AGS and distributed on the net would remain virus free.   The test could be some kind of a CRC check or even something as simple as a "file size" check, or other alternatives, I suppose.  

Well, I just wonder what everyone else thinks.  

[Pumaman]

Interesting idea. A full CRC check of the file would probably be too slow; a file size check would be easier, but then because compiled AGS games have variable EXE file sizes it wouldn't really work.

I'm sure it'd be possible to implement somehow though, if there's enough interest.

[RickJ]

I don't know the details of how windows starts programs but maybe check to see if the file's entry point contains the AGS engine's startup code and not some foriegn program.   If this were possible you wouldn't need to check the entire file maybe just the first 1 or 2k of it.

I realize this isn't a huge priority; actually it's one of those things if you do it, and do it well, nobody will ever realize you have doine it.     Well just keep it in mind, maybe you'll see am easy to implement such a thing sometimes.

[Alynn]

Quick thought, if someone before their final compile of the game checked a box that said Final Compile, the exe would have that information of its last change in it, if it is modified further after that final compile date, It throws an error...

AGS has detected that this file was edited after it's last compile. It is possible that this was done because of a virus.

something to that effect...

[RickJ]

Thats the general idea but I don't understand how the check box helps.  Anything written to the file by the AGS editor/compiler would theoretically remain intact. The only difference would be that a virus program has attached itself to the file and is now the entry point of the program.

[a-v-o]

When a virus is attached to the entry point then the virus will be started first and the "ags virus check" will start too late. The virus is already active in the system.

A change of the file size is an indicator for a virus, but not every virus changes the file size.

I think I heard about a virus which hooks into the file functions and shows the correct uninfected file information of infected files, so the AGS engine would get the correct file size though the real file is larger.

[RickJ]

When a virus is attached to the entry point then the virus will be started first and the "ags virus check" will start too late. The virus is already active in the system.

This is true but  the goal is to avoid or minimize the possibility of publishing a game that is infected with a virus and  and to alert end users of the possibility of such an infection.      

Use of an anti-virus programs is generally required to cleanse one's computer as you correctly observe.  I was prompted to do this by the unexpected behavior of the AGS version Kairus used to create his game, that resulted from the virus infection.   It's not neccessarily guaranteed that this  will continue to be the case for future versions of AGS and/or virii.   My idea is to find a simple and clever way making this a permanent feature with a descriptive message.

[Paper Carnival]

Well, just a quick thought: When you compile to the exe, the filesize number is stored in the exe somehow, so when the exe runs it checks if its size is equal to that number. If it isn't, then the file has changed