PSYMCCAB%UOGUELPH.BITNET@VMA.CC.CMU.EDU (Bob McCabe) (10/27/89)
As a consultant who writes software for the PC I am worried
about the possibility of my programs getting infected and
becoming vectors by which viri are spread.
In particular I am developing an application that will be hand
carried from site to site to gather data by a number of users. If
this program were to get infected it could cause wide spread loss
of data to an important research project, not to mention other
programs and data on affected systems. I am looking at including
a check to see if there has been any change in the EXE files.
Failure on such a check would cause the program to disable it's
self and report a possible infection.
While working out the algorithm for this check it struck me
that it should be possible to work out a scheme by which any
program could check itself at load time for infection. In order
to avoid programs using identical checks that a virus writter
could get around, the algorithm would include some form of
encryption parameter that could be 'customized' in each program.
Presently, I am working on a system of prime number coding in
which the CRC check of the EXE file is compared with a encoded
CRC. The coding of the CRC would be done with a large prime
number, chosen at random from a table. If written in assemblier
this scheme would not slow down load time by that much.
I have not had much time to persue this but hope to get back to
it next month. I would welcome any comments, criticisms and
suggestions.
========================================================================
BITNET : PSYMCCAB@VM.UOGUELPH.CA Bob McCabe
CoSy : bmccabe Computer Consultant
Phone : (519) 821-8982 University of Guelph
Guelph, Ont. Canada
=========================================================================