ts@uwasa.fi (Timo Salmi LASK) (08/13/90)
We recently placed (/pc/virus/)scanv66.zip for anonymous ftp download from chyde.uwasa.fi, Vaasa, Finland, 128.214.12.3. McAfee has benefited the PC community with excellent virus checking facilities, but the new scanv66.zip includes a potentially dangerous and controversial feature. To quote: "This version of SCAN has added an option to transparently attach a CRC validation code to all of your executable files, your boot sector and your partition table. This will help protect your system in case a virus unknown to SCAN is encountered. SCAN will check these validation codes if requested and will alert the user to any files or system areas that have changed." Now there are two problems with this approach. On the practical side this method destroys a program's own virus selftest, if it has one inbuilt based on checksums. I may have made mistakes, but when I tried scan /av out on two selftesting programs, the code that scan attached naturally caused an alarm. But what is really alarming is that when I told scan to remove its code, the selftest failed even after that. This means that unless I made an error, scan could not restore the files to their exact original state! The option /rv did not work in my tests. The second problem is one of principle, and is best left for legally minded persons to work out, but let me point out the dilemma. What McAfee's scan does is that it certifiably adds code to the host program, if the user so chooses. Now this is tantamount to patching, and very strictly speaking pacthing (at least copyrighted commercial) programs may involve problems of legality. I think that this is something McAfee should have cleared very carefully before releasing this potentially compromising method. Having such a good reputation, McAfee has at least taken a public risk here. I really do not know, but be that as may, the method has too much virus-resemblance for comfort. ................................................................... Prof. Timo Salmi (Moderating at anon. ftp site 128.214.12.3) School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun