mweiner@bene.at (Michael Weiner) (07/30/90)
> There is one problem with your method - it will not > work with some of the > latest viruses (1260 for example), without decrypting > the virus first, as most > of it is stored in encrypted form. > > Also, another problem - code within the virus is not > always static - some > viruses for example contain a variable number of NOPS > vithin the code. Admitted. Self-modifying and self-encrypting viruses are hard to take care of when a general method is wanted. Still- I believe there is general agreement about the need for algorithmic, virus-specific methods when dealing with these viruses. About non-static code portions -- it must be possible to exclude them from the calculation range, so that they dont make the checksumming fail... > Still, those problems can be easily solved. I agree. No big deal.... But there are other problems: * Which algorithm ? I am not a mathematician and I'm not experienced with checksumming algorithms. It would have to be insured that the algorithm provides "reasonable safety" (whatever that is). Some mathematics-guru would have to help here.... * Security One of the problems of my method is that a user can not verify whether a signature is 'legitimate'. If somebody spreads false signatures, people would lose trust in the system and .... * Qualification of people creating signatures People can create signatures and checksumming/range information that is unsafe. Such data will destroy legitimate applications. There would have to be guidelines to ensure that people don't cause damage inadvertetly. Checksumming/Range data should be compatible -- i.e., if two people at two different locations describe the same virus, there should be a way to find out that both describe the same virus. This would also solve the 'naming problem' :-) Please let me know what you think about all this. Kind regards, mike +-----------------------------------------------------------------+ I UUCP: mweiner@bene.at I I Internet: mweiner@f23.n310.z2.FIDONET.ORG Voice ++43 1 8232400 I I Michael Weiner -- Ghelengasse 4 -- A-1130 Wien -- Austria I +-----------------------------------------------------------------+