locked
make a antivirus for windows store

    Question

  • Hi
    I Can make antivirus for the Windows Store ?
    I have full access to the Windows API?
    I had never programmed for Windows 8 .... Please help me ... !!
    Friday, April 05, 2013 5:53 PM

Answers

  • Windows Store apps are sandboxed and have limited access to the file system; by default they only have access to their own local and roaming data areas but you can declare app capabilities to gain additional access: http://msdn.microsoft.com/en-us/library/windows/apps/hh464936.aspx . By design there is no way to get full access to the complete file system in a Windows Store app; it's part of the security model.

    In addition to the Windows Runtime APIs ( http://msdn.microsoft.com/en-US/library/windows/apps/br211377 ) you can also use the Win32 and COM APIs that are listed here: http://msdn.microsoft.com/en-US/library/windows/apps/br205757 .

    For more on getting started with programming Windows Store apps, see the Getting Started with Windows Store apps page: http://msdn.microsoft.com/en-us/library/windows/apps/br211386.aspx .

    You could write an app that would scan files for viruses but since it would not have access to things like the Windows directory or other restricted areas of the hard drive and since Windows Store apps only run when they are in the foreground (though you can add the ability to run in the background in limited circumstances), it would be of limited use. Note that any app you write will need to comply with the Windows 8 app certification requirements: http://msdn.microsoft.com/library/windows/apps/hh694083 .


    XNA/DirectX MVP | Website | Blog | @mikebmcl

    • Proposed as answer by MikeBMcLMVP Saturday, April 06, 2013 4:42 PM
    • Marked as answer by Jesse Jiang Wednesday, April 10, 2013 1:50 AM
    Friday, April 05, 2013 8:13 PM
  • (as a side note)

    One way I've seen some engineers going about this is to develop the virus scanning engine for Win8 Desktop believing that they could then develop a secondary (Metro) application and have this as the controller of the Desktop application.  Not a real solution, as the Metro application is restricted from communicating (e.g. Pipes/Loopback IP) with any other application on the system (Metro or Desktop).  You could do something where the Desktop application communicates to a remote server as well as the Metro application, but that sounds kinda messy.

    • Marked as answer by Jesse Jiang Wednesday, April 10, 2013 1:50 AM
    Monday, April 08, 2013 9:31 PM
  • What kind of malware are you expecting to afflict Windows Store apps that your tool would try to find?

    Much of the reason that the Windows Store model is running in AppContainer and restricts API usage is to minimize malware access through Windows Store apps. Honestly, from a security model point of view, it's very difficult to distinguish the behavior of a piece of malware and an anti-virus tool in terms of invasiveness.


    Tuesday, April 09, 2013 6:07 PM

All replies

  • Windows Store apps are sandboxed and have limited access to the file system; by default they only have access to their own local and roaming data areas but you can declare app capabilities to gain additional access: http://msdn.microsoft.com/en-us/library/windows/apps/hh464936.aspx . By design there is no way to get full access to the complete file system in a Windows Store app; it's part of the security model.

    In addition to the Windows Runtime APIs ( http://msdn.microsoft.com/en-US/library/windows/apps/br211377 ) you can also use the Win32 and COM APIs that are listed here: http://msdn.microsoft.com/en-US/library/windows/apps/br205757 .

    For more on getting started with programming Windows Store apps, see the Getting Started with Windows Store apps page: http://msdn.microsoft.com/en-us/library/windows/apps/br211386.aspx .

    You could write an app that would scan files for viruses but since it would not have access to things like the Windows directory or other restricted areas of the hard drive and since Windows Store apps only run when they are in the foreground (though you can add the ability to run in the background in limited circumstances), it would be of limited use. Note that any app you write will need to comply with the Windows 8 app certification requirements: http://msdn.microsoft.com/library/windows/apps/hh694083 .


    XNA/DirectX MVP | Website | Blog | @mikebmcl

    • Proposed as answer by MikeBMcLMVP Saturday, April 06, 2013 4:42 PM
    • Marked as answer by Jesse Jiang Wednesday, April 10, 2013 1:50 AM
    Friday, April 05, 2013 8:13 PM
  • (as a side note)

    One way I've seen some engineers going about this is to develop the virus scanning engine for Win8 Desktop believing that they could then develop a secondary (Metro) application and have this as the controller of the Desktop application.  Not a real solution, as the Metro application is restricted from communicating (e.g. Pipes/Loopback IP) with any other application on the system (Metro or Desktop).  You could do something where the Desktop application communicates to a remote server as well as the Metro application, but that sounds kinda messy.

    • Marked as answer by Jesse Jiang Wednesday, April 10, 2013 1:50 AM
    Monday, April 08, 2013 9:31 PM
  • What kind of malware are you expecting to afflict Windows Store apps that your tool would try to find?

    Much of the reason that the Windows Store model is running in AppContainer and restricts API usage is to minimize malware access through Windows Store apps. Honestly, from a security model point of view, it's very difficult to distinguish the behavior of a piece of malware and an anti-virus tool in terms of invasiveness.


    Tuesday, April 09, 2013 6:07 PM