gm@cunixa.cc.columbia.edu (Gary Mathews) (04/09/90)
WARD@SENECA.BITNET (David Ward -- Computer Support/Special Needs) writes: >Periodically we hear concerns about the validity of SCANVxx and other >antiviral programs. I think these concerns are valid since a >virmentor creating a virus would likely take great joy in attaching >the virus software to a product designed to fight viruses. > >I do not have complete confidence in our local sources of SCANVxx > >A simple solution to this problem is that when new versions of scan >are announced on this digest, the announcement should include the >validation strings given by McAfee. Then we can download from any >local source and compare the strings published in Virus-L to >those we generate with the validate program. Dave, I agree with you fully and I think that the Virus Discussion List and/or John McAfee himself should post the validate strings to the *NET* In fact, a list of must commonly used programs should be included on such a list, but for now the validated strings of the lastest versions for the scan and clean programs should be publically accessible. Many people will hesitate from getting an updated version because it may be a virus in disguise. After people can be assured that the program is valid, then they could get the new copy and register it. Gary Mathews - ------------------------------------------------------------------------------- Gary Jason Mathews | gm@cunixd.cc.columbia.edu Columbia University | Death is life's way of telling you you've been fired. - ------------------------+ CPU time flies when you have a lot of bugs
jwright@cfht.cfht.hawaii.edu (Jim Wright) (04/10/90)
I am willing to start a new mothly posting, which includes validation information for various popular anti-viral software packages. It need not be limited to ibmpc software. Each author is free to choose their own favorite validation method. Due to the nature of this, I will only accept information from the author, or from an authorized individual. (Authorized by sending me a post card.) I will not be able to keep up with this on my own. Out here, ftp and modems are a bit expensive. So I will rely on the authors to keep this up to date. Anyone interested, just drop me a line. Jim
berg@cip-s02.informatik.rwth-aachen.de (SRB) (04/11/90)
In article <see References:> (Gary Mathews) writes: >In fact, a list of must commonly used programs should be included on >such a list, but for now the validated strings of the lastest versions >for the scan and clean programs should be publically accessible. Many I always wondered: shouldn't the crc-32 and crc-16 of zip and arc files be unique enough to validate any file? Why can't we just put these checks and the length of a file on the net. If you insist, then of course you could add any propietary validation values like the ones obtained from the validate program. But I'm pretty sure that most people trust their favorite zip or arc program more than some kind of a so-called validate program. - -- Sincerely, | berg@cip-s01.informatik.rwth-aachen.de Stephen R. van den Berg | ...!uunet!mcsun!unido!rwthinf!cip-s01!berg
gla%linus@uunet.UU.NET (gla) (04/12/90)
WARD@SENECA.BITNET (David Ward -- Computer Support/Special Needs) writes: >Periodically we hear concerns about the validity of SCANVxx and other >antiviral programs. I think these concerns are valid since a >virmentor creating a virus would likely take great joy in attaching >the virus software to a product designed to fight viruses. >... >A simple solution to this problem is that when new versions of scan >are announced on this digest, the announcement should include the >validation strings given by McAfee. Then we can download from any >local source and compare the strings published in Virus-L to >those we generate with the validate program. The problem adressed here is well-known: we need a MAC, a message authentication code. It means that you can check the checksum by using a public known key of the author. The first system usable for this is the RSA public key encryption system. For a MAC, you encrypt the checksum with the privat key of the author and append it to the message. It can be decrypted by anyone using the public key which has to be obtained once, and then the checksum can be checked. Unfortunately, it is patent copyrithed in USA and requires lengthy computations of prime numbers for the keys, and depends both on the problem of factorisation and the discrete logarithm. But there is an alternative scheme: the ElGamal-Scheme. It requires modulo arithmetic and depends only on the discrete logarithm problem, and it is - to my knowledge - not protected. To check the signature, the calculations are somewhat longer than for RSA; to obtain the signature, an equation has to be solved which is straighforward using Euclid's algorithm, extended. For the original description, see: ElGamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Trans. Inf. Theory, Vol. 31, No. 7, 1985, pp. 469-472. Rainer Glaschick, Nixdorf Computers, Paderborn, W-Germany EMail: glaschick@nixpbe.de or !uunet!nixbur!glaschick.pad Phone: +49 5251 14 6150 (absent till April 23)