JHSangster@DOCKMASTER.NCSC.MIL (03/02/91)
I agree with Bob Bosen that signature checking is the ONLY anti-viral protection that will detect future viruses as well as known ones. My "preferred implementation", however, is to put the checking in the BIOS ROM so that any executable can be checked while it is being loaded. With the checker in ROM, I don't think it is "too easy to fake the all clear signal" as Bob says. What is probably needed to get the manufacturers to go along is either Federal legislation forcing every commercial software vendor to provide a signature or else a Federal standard requiring it on all software bought by the Federal government. Or maybe if MicroSoft, AMI, Phoenix Technologies, IBM, and RSA Data Systems all got together and offered it as an option for people who wanted it... Unfortunately, we have here an example of what I like to call the "Railroad Problem" (literary reference, Heinlein's "Door Into Summer"): If there are no tracks, who wants to spend money to develop locomotives, but if there are no locomotives, who wants to spend money to lay down tracks? And in the present case, there may well be software vendors who don't like the idea that someone can prove their negligence if an employee sneaks a virus into their shipped products. That's why legislation may be necessary. - -John Sangster SPHINX Technologies, Inc. / (315) 446-8800 / (617) 235-8800