PSYMCCAB%UOGUELPH.BITNET@VMA.CC.CMU.EDU (Bob McCabe) (10/27/89)
As a consultant who writes software for the PC I am worried about the possibility of my programs getting infected and becoming vectors by which viri are spread. In particular I am developing an application that will be hand carried from site to site to gather data by a number of users. If this program were to get infected it could cause wide spread loss of data to an important research project, not to mention other programs and data on affected systems. I am looking at including a check to see if there has been any change in the EXE files. Failure on such a check would cause the program to disable it's self and report a possible infection. While working out the algorithm for this check it struck me that it should be possible to work out a scheme by which any program could check itself at load time for infection. In order to avoid programs using identical checks that a virus writter could get around, the algorithm would include some form of encryption parameter that could be 'customized' in each program. Presently, I am working on a system of prime number coding in which the CRC check of the EXE file is compared with a encoded CRC. The coding of the CRC would be done with a large prime number, chosen at random from a table. If written in assemblier this scheme would not slow down load time by that much. I have not had much time to persue this but hope to get back to it next month. I would welcome any comments, criticisms and suggestions. ======================================================================== BITNET : PSYMCCAB@VM.UOGUELPH.CA Bob McCabe CoSy : bmccabe Computer Consultant Phone : (519) 821-8982 University of Guelph Guelph, Ont. Canada =========================================================================