hsu_wh@JHUNIX.BITNET (hsu_wh) (03/17/90)
I am a computer science major at the Johns Hokpins University
who is planning a programming project on anti-viral utilities
(genralized infection detection, to be specific). I would greatly
appreciate any and ALL sources (i.e., books, periodicals, online
publications, FTP sites, and papers - especially theses like Fred
Cohen's) that anyone could recommend to me. The options I am exploring
are:
1) A Macintosh-based virus infection detector which combines aspects
of Disinfectant with a more general protection scheme which halts
unauthorized interrupts from unidentified sources, including unknown
potential virii. This would first be required to work on WDEF;
afterwards, I would test it on post-WDEF virii as they appear.
2) The same idea, applied to the 80286/386. Advantages of using the
IBM systems, besides the fact that virii are much more prevalent on
them, include the availability of technical information on 286/386
assembly and interrupts. I haven't looked at Inside Macintosh very
closely yet, so I am uncertain as to the relative difficulty level
of programming the Macintosh toolbox.
3) (A long shot, probably not feasible). Investigation of UNIX
and/or VAX system vulnerabilities, from the perspective of an
infiltration device (e.g., the infamous Internet '88 worm). This
would entail a study on aspects of Morris' composite creation, along
with speculation concerning techniques NOT used by the worm (but which
were suggested by Donn Seeley in _A Tour of the Worm_).
Any suggestions are welcome; please address mailed responses to:
HSU_WH@JHUVMS.HCF.JHU.EDU or HSU_WH@JHUNIX.HCF.JHU.EDU - also, please
post general information which may benefit the other two prospective
paper authors. Thank you.
P.S. : Could someone please E-Mail me with information on subscribing
to RISKS and Virus-L? Thanks again.