levin@BBN.COM (Joel B. Levin) (11/10/89)
>I don't agree with you on any of these points, Terry. Say, on the >Macintosh all calls to ROM are done through trap vectors in RAM. These >trap vectors are patched by the system file (to fix bugs), by some >programs and by all anti-virus tools. However, it doesn't take a >genius to figure out that one could restore the trap vector to it's >original value and thereby bypassing the "safe" system. . . . > . . . A patch like this wouldn't occupy much space and is quite >simple to write. Except that when system patches or INIT patches or program patches to the traps were removed by the virus (and how would the virus decide what value to restore them to?--this is different for each ROM and system release version) the user would certainly be likely to notice the resultant changed program behavior -- or system crashes. /JBL