AWCTTYPA@UIAMVS.BITNET ("David A. Lyons") (08/03/88)
>Date: Tue, 2 Aug 88 13:43:02 GMT >From: steinmetz!armstrong!elliott@UUNET.UU.NET >Subject: Re: Z-Link and virus checking Jim Elliott writes: >It's possible to make a program quite virus-savvy and tricky in >detecting and warning about infection... But it quickly becomes a game >much like copy protectors versus copy programs, a vicious circle of >increasing sophistication. > >For this reason, I think it might be a good idea to talk as little as >possible about whatever virus protections we install in our programs. >Let them exist there silently until their alarms go off and they >protect a user. If we can avoid getting the virus writers interested >in and challenged by our programs, we'll be better off. On the other hand, anybody purposely infecting your program with a virus is going to find out about your protecting pronto-style anyway, so you might as well let everybody know up front. My guess is that the few people who get their jollies out of infecting things on purpose would simply move on to a different program and not bother trying to circumvent even simple checks, unless they've got something against you personally. I think it would be a good idea for a title screen or simple command to do a length check and/or a checksum on the program file and display a message in either case: "This copy of XYZZY appears to be intact." or "Warning: This copy of XYZZY may have been tampered with." > Jim Elliott / ...!seismo!uunet!steinmetz!crd!elliott > / userE2U7@rpitsmts.BITNET > "Don't look, son, it's / Jim_Elliott%mts@itsgw.rpi.edu [school] > a secular humanist!" / (or) elliott@ge-crd.arpa [work] --David A. Lyons a.k.a. DAL Systems PO Box 287 | North Liberty, IA 52317 BITNET: AWCTTYPA@UIAMVS CompuServe: 72177,3233 GEnie mail: D.LYONS2
elliott@glacier.steinmetz (08/03/88)
In article <8808030126.aa00910@SMOKE.BRL.MIL> Dave Lyons writes: >I think it would be a good idea for a title screen or simple command >to do a length check and/or a checksum on the program file and >display a message in either case: "This copy of XYZZY appears to be >intact." or "Warning: This copy of XYZZY may have been tampered >with." Yes, I agree, Dave. And this simple, announced check is far far better than no check at all (especially if the reason that no checking is done is because I am working on my whizz-bang secret anti-virus arsenal, which is not quite working yet but any day now...) Nonetheless I think a secret check, maybe that does not always get executed, is a good idea in addition. As for the former idea, though, I am planning to write me a little Davex external command for virus checking, and put it in my autoexec file. I will post it to the net if nobody has already posted a similar program by the time I get around to it. -------- >--David A. Lyons a.k.a. DAL Systems > PO Box 287 | North Liberty, IA 52317 > BITNET: AWCTTYPA@UIAMVS > CompuServe: 72177,3233 > GEnie mail: D.LYONS2 . . . . . . ... . . . . . . . . . . ... . . Jim Elliott / ...!seismo!uunet!steinmetz!crd!elliott / userE2U7@rpitsmts.BITNET "Don't look, son, it's / Jim_Elliott%mts@itsgw.rpi.edu [school] a secular humanist!" / (or) elliott@ge-crd.arpa [work] . . . . . . ... . . . . . . . . . . ... . .