markn@ll1a.UUCP (Mark Nettleingham) (03/19/88)
While pondering the many postings to this group about viruses, and the shareware problem (not enough people register and pay for shareware programs). It occurred to me that there may be a way to solve both problems at once. Or at least improve the current situation. What we need is: 1. A data base of check sums (CRC, whatever) for each of the programs on a system. 2. A program that will maintain and update this data base. 3. Some way to populate this data base with the proper information. After all the program you just downloaded from XYZZY bulletin board may be infected, and you won't be able to detect an unknown virus unless you know what the check code for the original program should be. Given that we have the above doctor program, an author could use it to create a check list for his program and send the list to all who register the program. For "freeware" programs a nominal fee could be charged 1 to 5 dollars perhaps. Given an original list from the programs author, doctor could test the program before it's run on the users "regular" disk and detect any viruses that may be present. Some one wishing to distribute an infected program would have to send a list to the victim (via US mail) before the program could do any damage. I doubt that a software terrorist would want the public to know even the city the program originated from, much less an address. I am NOT the author of any shareware programs, nor do I advocate enforcement of software license via terror. I would simply like to be able to trust the many good programs that I download. I believe that the above proposal (if it can be implemented) would at least give us a greater degree of certainty than we currently have. Mark Nettleingham ...!ihnp4!ll1!markn
dudek@csri.toronto.edu (Gregory Dudek) (03/24/88)
In article <2157@ll1a.UUCP> markn@ll1a.UUCP (Mark Nettleingham) writes: > > While pondering the many postings to this group about >viruses, and the shareware problem (not enough people register and >pay for shareware programs). It occurred to me that there may be a >way to solve both problems at once. Or at least improve the current >situation. > > What we need is: > > 1. A data base of check sums (CRC, whatever) for each of the > programs on a system. > > 2. A program that will maintain and update this data base. ..... There may be a simpler solution to the virus problem. There are only a few "easy" ways for a virus to infect a system. By checking these, the virus creation problem becomes much trickier for those nasty people & hence cuts a lot of them out. In order for a virus to escape the original code it comes in, and hence become a problem, it has to install inself in another piece of code that will get executed. Problem code that just acts messy without installing itself elsewhere is annoying but the real furor over these viruses is that they replicate themselves all over the place. There are only a limited number of ways to do this, for example: - add/change an INIT/CDEV etc in the system file - modify an application other than itself - etc (no use giving nasty people ideas) Now, it strikes me that catching resource modifications in these places isn't that tough a job. A real quick & dirty virus trap could just sublaunch the suspect code while the appropriate traps are being monitored. For smarter visuses that might only install themselves randomly, an INIT would have to be constructed. Such an INIT could look for resource modification of the above sort and bring up an alert that might allow the user to validate/invalidate such accesses from a given application. One hassle is if this happens before quickdraw is initialized -- how do you bring up the alert? Well, there's a fix to this, I promise... Anyhow, does this sound workable? It ain't too hard to do, but I sure don't have time. Anybody wanna volunteer? Greg Dudek