hobbit@pyrite.rutgers.edu (*Hobbit*) (04/11/90)
The best way anyone could validate his antiviral is to distribute the sources. Which most of these authors seem highly unwilling to do, for some odd reason. Did you ever wonder what they were hiding sometimes? This exe-file validation stuff is a crock. _H*
phaedrus@milton.u.washington.edu (The Wanderer) (04/12/90)
hobbit@pyrite.rutgers.edu (*Hobbit*) writes: >The best way anyone could validate his antiviral is to distribute the >sources. Which most of these authors seem highly unwilling to do, for >some odd reason. Did you ever wonder what they were hiding sometimes? >This exe-file validation stuff is a crock. > >_H* I don't think this is a valid argument, for at least three reasons. 1) SCANRES, SCAN, et al are *commercial* programs. Commercial programs do not generally have their source code distributed; that is a simple fact of the industry. We can argue the merits of free software all day and it won't change that. Take your argument to its logical conclusion: The lab where I work uses Microsoft Word for word processing. We would be just as damaged if we were to receive a virus-infected copy of Word that if we were to receive a virus-infected copy of SCAN. Therefore, we should expect Microsoft to supply complete source to Word with every update of their program, so we can compile Word ourselves and avoid any possible contamination of their masters. I don't see this happening. (I don't see why it should... I for one would not care to have to keep a copy of every language ever written around just in case some program I wanted to use happened to be written in it. And if you're not going to recompile from the source, what's the good of having it? How do you know the executables contain the same code as the source?) 2) Source would be absolutely useless to 99%+ of the program's users. If someone were to hand me a copy of, say, SCAN source, and say "Two lines of this code will destroy your hard disk. Find them," I wouldn't know where to begin; I don't know enough about low-level file access to tell the normal calls from the destructive ones, and I consider myself a pretty darn good programmer. And that's assuming the destructive code was written in a straightforward fashion; ever read the Obfuscated C contest? (And the SCAN programs are relatively small; you could hide a battleship in, say, the Word source...) 3) Such a listing, however, would be *extremely* useful to 99%+ of the virus writers out there. Given exact knowledge of how a virus-checking routine works, writing a counter-routine specifically designed to evade or disable it is trivial. Let the virus writers at least go through the work of disassembling the executable; it won't stop 'em, but it'll slow 'em down at any rate. - -- Internet: phaedrus@u.washington.edu (University of Washington, Seattle) The views expressed here are not those of this station or its management. "If you can keep your head while those about you are losing theirs, consider an exciting career as a guillotine operator!"