CCTR132@csc.canterbury.ac.nz (Nick FitzGerald) (03/29/91)
In VIRUS-L V4 #49 frisk@rhi.hi.is (Fridrik Skulason) wrote: >padgett%tccslr.dnet@uvs1.orl.mmc.com (Padgett Peterson) writes: >>NO ! It will not defeat "any kind of integrity check" though "stealth" >>will defeat SCAN's if the /nomem switch is in use (wish we had italics) While >>the "stealth" seen so far will defeat a program integrity check, it will NOT >>defeat a system integrity check (the six bytes). > >I don't mean to be insulting, but I have said it before, and I will >say it again: The six-byte check is no sustitute for a full system >integrity check! Athough it will detect most wiruses, it will NOT >detect them all, in particular it will miss some "stealth" viruses, >like the "Number of the Beast". I've been following along for about eight months or so now, and have seen a few references to the "six-byte check" referred to above, but don't recall ever seeing an _explanation_ of what this is. If I've missed something simple or fundamental - common knowledge - please reply by mail with a description. If it hasn't appeared here already (or was a long time ago), is it time to re-post something to the group. Thanks, - --------------------------------------------------------------------------- Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337