T530083@UNIVSCVM.CSD.SCAROLINA.EDU (Dmitri Schoeman) (07/27/90)
I have certainly learned my lesson about leaving ambigious messages...What I was responding to was an idea for a virus checker which performs checksums, or other like tests to make sure it has correctly identified a virus. I was saying that a virus could fool the virus tester into not being able to definitivly identify it because it would change one (or more) of its non executing code, thus "outsmarting" the virus checker. However this would also make the virus easier to detect because the crc of the file would change each time you ran the program (or on a preset date...) When people always talk about an anti-virus program restoring the first few bytes of the program in order to restore it, what if a virus also infects a random (or predefined for that matter) part of the code by overwriting it with killer code? - -----Dmitri Schoeman