okay@tafs.mitre.org (Okay S J) (09/27/89)
In VIRUS-L.V2NO201 David Gursky(DMG@LID.MITRE.ORG) >Let me take this one step further. Anti-virus applications (IMO) make >a poor carrier for a virus. In order for a virus to succeed, it must >go undetected. This means that prior to the activation of the virus' >logic-bomb or time-bomb, it cannot interfere with the normal operation >of the computer or the applications in use on the computer. To do so >greatly improves the chances the virus will be discovered (to wit, the >Jerusalem virus). If we work under the assumption that when a user >acquires an anti-virus application, they actually use it (in fact we >must work under this rule; otherwise the virus would not spread), the >virus necessarily undergoes an increased chance of detection because >an application is running that looks for viruses! The only problem with this is that with a virus or other destructive program masking itself as an anti-viral, you would think that the person would have ripped the detection code out for the particular virus he is trying to spread, or just chopped it out altogether. It would be kind of funny to have a virus you are trying to spread zapped by its own carrier! :). But then again, some criminals can be pretty stupid....(which is all any of us can really hope for) ----Steve Stephen Okay Technical Aide, The MITRE Corporation x6737 OKAY@TAFS.MITRE.ORG/m20836@mwvm.mitre.org