Alan_J_Roberts@cup.portal.com (08/14/90)
This is a forward from John McAfee: ================================================================ Professor Timo Salmi was quite right in his criticism of the new "Validate" feature of SCAN that he posted in yesterday's Virus-L. I must apologize for the inconvenience caused by the bug in SCAN's validation code removal processing. It has been fixed and Version 66-B has been released. Mr. Salmi is also correct in stating that the validation feature will cause programs that do a self-CRC check to mistakenly false alarm. This issue was carefully considered prior to implementing the validate feature and we hope we have placed sufficient flexibility in choosing target files (and removing validation codes) to bypass most problems that might occur. We felt that there was a sufficiently large number of existing programs that did not do a self-check, and that these programs would benefit from SCAN's validation processing. With 66-B, the code removal is as simple as the code application, so programs that do currently perform a self-check can be returned to their original state, or, alternately, they can be skipped over when the code is originally applied. As to Mr. Salmi's concern that the code application seemed too much like "patching" the program, I must in good humor disagree. The validation code in no way modifies the internal logic of the program. It is merely an appendage. For those who disfavor this approach, we will still support SENTRY and continue its distribution. SENTRY performs a similar validation, only instead of attaching the codes directly to the validated programs, it maintains a separate log file for its comparisions. The advantage of the SCAN approach, however, is that it is system independent. The validation code travels with the program as it is passed around. A further advantage of the SCAN approach is that the next version of VSHIELD (V67) will disallow any program from executing if the program contains a validate code which is incorrect. This will help prevent unknown viruses from getting into your system at all. John McAfee 408 988 3832
davidsen@sixhub.UUCP (Wm E. Davidsen Jr) (08/17/90)
In article <900813155152.AJR@cup.protal.com> Alan_J_Roberts@cup.portal.com writes: | For those who disfavor this approach, we will still support | SENTRY and continue its distribution. SENTRY performs a similar | validation, only instead of attaching the codes directly to the | validated programs, it maintains a separate log file for its | comparisions. For those who want to be SURE, boot from floppy and check all your files with brik. It will flag files with bad or missing CRCs, and if you boot from (write protected) floppy you will be on a clean system. How long does it take to validate everything? And how long to reload from backup? -- bill davidsen - davidsen@sixhub.uucp (uunet!crdgw1!sixhub!davidsen) sysop *IX BBS and Public Access UNIX moderator of comp.binaries.ibm.pc and 80386 mailing list "Stupidity, like virtue, is its own reward" -me