PGOETZ@LOYVAX.BITNET (03/22/89)
>2) Viruses. Checksum methods are actually pretty useless. I have two > associates from high school (notice I did NOT say friends) who used > to unprotect software for fun. They'd just cover the object code > for the entire checksum routine over with NOP instructions. >Michael J Pender Jr Box 1942 c/o W.P.I. >greyelf@wpi.bitnet 100 Institute Rd. Bypassing the checksum routine is useful for deprotecting programs. I've used it myself on Microprose and Electronic Arts games. BUT... You are speaking of 1 of 2 cases: 1. A commercial checking program attaches a checksum to each program. Later, the program verifies that the checksum hasn't been changed. In this case, the virus cannot NOP the checksum routine because it is NOT on the disk with the programs. Only the checksum is. 2. A program has its own checksum routine to verify it has not been infected. Now, I suppose a virus could disable a checksum routine in, say, the operating system or COMMAND.COM (MSDOS) or something. BUT... There is a common misconception that a virus can in theory analyze a program, find weaknesses/checksum routines, and disable them. As both a deprotector and an amateur artificial intelligence researcher, let me tell you: NO! It is IMPOSSIBLE for ANY program to analyze another program! We are nowhere near being able to program a Cray X-MP to analyze & disable a checksum routine, let alone an Apple II. The software crackers can disable the checksum because they are humans, and they can read the code and find the routine. Computers CANNOT do this, and they will not be able to, in my opinion, for at least 15 years, & probably at least 30. Furthermore, there are some things which it is theoretically impossible for a computer to do. Turing wrote a famous proof showing that it is impossible for a turing machine to determine if a program on another turing machine will halt. I can't vouch for the proof, not having read it, but I can vouch for Turing as a mathematician. Phil Goetz PGOETZ@LOYVAX.bitnet