jamesm@sco.COM (James M. Moore) (01/11/89)
Would having programs (particularly System) check their CODE resources (and perhaps other types of resources as well) to make sure there aren't any unknown additions help prevent the spread of the current strain of viruses? -- ** James Moore ** ** Internet: jamesm@sco.com ** ** uucp: {decvax!microsoft | uunet | ucbvax!ucscc | amd}!sco!jamesm ** ** Nil clu no suim ar bith ag SCO ceard a bhfuil me ag scriobh anois. **
cory@gloom.UUCP (Cory Kempf) (01/12/89)
In article <1272@viscous.sco.COM> jamesm@sco.COM (James M. Moore) writes: >Would having programs (particularly System) check their CODE resources >(and perhaps other types of resources as well) to make sure there aren't >any unknown additions help prevent the spread of the current strain >of viruses? Only to the extent that the virus was unaware of the code... A well built virus coud concevebly subvert the software involved in makeing the check to always reporting a negative result (ie no virus), leading to a false sense of security. A better method might be to have any files containing critical resources locked by default, with some non-simulable (is that a word?) way of overriding the lock for legitimate tasks (such as installing fonts, etc. The problems with this are A. How? and B. The system etc. would still be vulnerable at that point. +C -- Cory ( "...Love is like Oxygen..." ) Kempf UUCP: encore.com!gloom!cory "...it's a mistake in the making." -KT
jamesm@sco.COM (James M. Moore) (01/14/89)
In article <313@gloom.UUCP> cory@gloom.UUCP (Cory Kempf) writes: >Only to the extent that the virus was unaware of the code... A well >built virus coud concevebly subvert the software involved in makeing >the check to always reporting a negative result (ie no virus), leading >to a false sense of security. Yes, but this means that viruses would need to be specific to a certain program. The most likely target would be the system itself, with perhaps special cases for individual applications. While that would certainly not eliminate the problem entirely, it would at least limit the spread of the virus and hopefully make it easier to detect. -- ** James Moore ** ** Internet: jamesm@sco.com ** ** uucp: {decvax!microsoft | uunet | ucbvax!ucscc | amd}!sco!jamesm ** ** Nil clu no suim ar bith ag SCO ceard a bhfuil me ag scriobh anois. **