[CyberScarecrow]

Author of scarecrow here. Sweet idea, thankyou for sharing. What i would really like to do, is have some sort of stats in the app, that shows if it has 'scared' away any malware. But im not sure how to do that, and work out what other processes on the machine have exited because it saw some cyber scarecrow indicators in the systems process listing.

[pogue]

I would assume with a minimalist program like yours, it wouldn't have the capability to detect whether anything malicious was running on the system. That kind of thing would require some more advanced trip wires that would notice when certain things were triggered when they shouldn't have been or a full blown AV detection engine.

I suppose it could work like Sysinternals Process Explorer/Autoruns/etc & submit running hashes to Virustotal.com or other databases, but there's always the likelihood of false positives with that.

If you search Github for "malware samples" There are loads of them. Vx Underground also has a large collection [1]. So, I would go through there & look for commonalities to try and find what malware often tries to trigger on startup.

I'll just end with this example of an interesting form of a trip wire I've seen in use on Windows PCs: ZoneAlarm makes an anti-ransomwear tool I can't think of the name of. It placed hidden files & folders in every directory on the hard drive. It would then monitor if anything tried to access it - as ransomwear would attempt to encrypt it - and force kill all running programs in an attempt to shut down the malware before it could encrypt the entire HDD.

[1] https://vx-underground.org/Archive/Collections