dennya@pnet02.cts.com (Denny Atkin) (06/10/89)
In Message-ID: #28364, ccemdd@rivm.UUCP (Marco Dedecker) writes: >A few days ago I got the latest version (I think) of virusX (version >3.2). It's a nice program and it will probably work fine. However >I tried something out. I run the program called 'guardian' (a >resident viruskiller). Then I reboot my computer, knowing the >guardian was still in it. Then I inserted the disk with virusX and >called the program. >Then NOTHING happened. VirusX did NOT SEE the guardian, although it >was resident. CAN YOU REALLY TAKE THAT CHANGE ?? I myself haven't >found a virus yet that stays resident the way the guardian does, but >how long before one will. >I strongly suggest you test the "KickTagPtr" too, the same way you >test the "*Capture" (KickTagPtr should be 0). You musn't wait with >testing that place after a new virus has found it's way to the >software, test it now so that a new virus won't have a change. --------------------- I forwarded the note to SteveX Tibbett on PeopleLink, and he sends this response: ---------------------- Marco; VirusX is meant to find Viruses. It is not meant as the ultimate protection to get around new viruses - because (my theory) nobody is going to write a virus knowing that the most prevalent Amiga virus detection utility will already find it. My philosophy behind VirusX is to hunt out Viruses. Checking the KickTagPtr vector would mean checking a vector that is used not only by Viruses, but by a lot of actually useful things. You should be GLAD that VirusX doesn't bring up a requester when it sees RAD: in the KickTagPtr vectors. I purposefully ignore them (except in the case of known viruses that use them - and there are some), because alerting every RAD: user on every reboot would get a tad tiresome. The main problem with my method is that you really need to be using the most recent version of VirusX. Can't really see an easy way around that... (VirusX 4.0, currently in the works, might have KickTagPtr checking as an OPTION, as it will have DoIO vector checking, Trackdisk vector checking... as Options. You don't ask for them, it doesn't annoy you.) ...Steve _________ +-----------------------------------------------------+---------------------+ | Denny Atkin, Writer at Large //Amiga |"It's all the | | PeopleLink: DENNY \X/ 1000! | truth--except the | | UUCP:{ames!elroy, <backbone>}!gryphon!pnet02!dennya | bits that are lies."| | INET:dennya@pnet02.cts.com | -- Douglas Adams | +-----------------------------------------------------+---------------------+