An IDEA for anti--virus to use a hash function.

A use for a hash function in an anti-virus software. The anti-virus software usually checks various registry entries. As such, a viral s/w that edits registry entries is motivated to overwrite the comparison entries on the anti-virus s/w. A solution to this occurs to me as follows. The anti-virus s/w at time of install uses the system clock as a pseudo-random password to encrypt a cabinet file of registry entries. Meanwhile, the registry entires for comparison are saved in a hash database of registry entries. The procedure for checking the registry would then become as follows: Hash the end-user regsitry entry and compare to hash database. If not equal, the restore process would be to use the saved pseudo random key to decrypt an uncorrupted registry entry, and restore it to the end user registry. To compromise this in a normal implementation, the viral s/w would need to compromise the hash function AND the encryption function. As an anti-virus provider I would use 3 to 5 basic funcs randomly distributed in my alpha offering. That is to say, 1/5th of the end users would receive each encryption function. For example, two-fish, blowfish, 3des, idea and aes. Multiply this by three hash functions of various characteristics and it starts to get "hairy" to write the compromise even in a lab environment. Updating the software is equally hairy though. At the very least you end up with three hash values of every update registry entry, or a database of users, itself subject to compromise.