jv0l+@andrew.cmu.edu (Justin Chris Vallon) (04/01/88)
Maybe I'm missing something, but how does a virus killer do its thing? Are these INITs/applications AI programs which disassemble the code in question, figure out what it does, and eliminate it if it is "dangerous"? I'd like to see this AI code... so would the rest of the world. :-> Seriously, what could a virus-killer do? I could see intercepting the AddResource/ChangedResouce calls, and signal when something is being added to the System resource file, but this doesn't get rid of already existing viruses. And how about a clever virus that modifies the CODE resource id 1 so that an application is infected? I could come up with come more, like modifing some DRVR resources, reversing Read/Write calls in the device manager (yes, it's possible)... can I stop? Enlighten me! -Justin justin.vallon@andrew.cmu.edu
sarrel@clarinet.cis.ohio-state.edu (Marc Sarrel) (04/02/88)
In article <AWInlWy00XM3zxg0HU@andrew.cmu.edu> jv0l+@andrew.cmu.edu (Justin Chris Vallon) writes: >Maybe I'm missing something, but how does a virus killer do its thing? Are >these INITs/applications AI programs which disassemble the code in question, >figure out what it does, and eliminate it if it is "dangerous"? I'd like to >see this AI code... so would the rest of the world. :-> No, this is not at all what they do. (At least it is not the approach that the nVIR killer takes.) I would say that a virus killer like the one you describe is impossible. To write such a program would be to solve the halting problem (which we know to be impossible). > >Seriously, what could a virus-killer do? Well, the only one that I know anything about is the nVIR killer. It simply takes advantage of a feature that the nVIR author put in the virus. He/She created a way to keep his own system clean during development and the nVIR vaccine does the same thing. We may not be so lucky next time. In short, computer vaccines have to be specific to the virus against which they protect. > >Enlighten me! > >-Justin >justin.vallon@andrew.cmu.edu -=- Marc Sarrel The Ohio State University 611 Harely Dr #1 Department of Computer and Information Science Columbus, OH 43202-1835 sarrel@tut.cis.ohio-state.edu Disclaimer: Hey, what do I know? I'm only a grad student.
barmar@think.COM (Barry Margolin) (04/02/88)
In article <AWInlWy00XM3zxg0HU@andrew.cmu.edu> jv0l+@andrew.cmu.edu (Justin Chris Vallon) writes: >Seriously, what could a virus-killer do? I could see intercepting the >AddResource/ChangedResouce calls, and signal when something is being added >to the System resource file, but this doesn't get rid of already existing >viruses. I believe that this is what the Vaccine INIT does. No, it is not perfect, but it handles many of the more insidious virii. Just as there is no universal vaccine/drug in the medical world, it would be impossible to come up with universal computer virus protection. Infection of the system file is the worst kind of infection, because it spreads so quickly (you always use your system file). Barry Margolin Thinking Machines Corp. barmar@think.com uunet!think!barmar