IA96@PACE.BITNET (IA96000) (08/02/89)
we have been testing various ways to help prevent a file from becoming infected and have stunbled on an interesting fact. system enhancement associates (the people who wrote arc) have also released axe, a program compression utility. basically axe reads a .exe or .com file, compresses it as much as possible, tacks a dos loader on the front of the file and then saves the new file. in many instances, the resulting file is from 15% to 50% smaller than the original file and loads and runs just like a regular dos file. what is interesting is when a virus attacks an axe'd file. the virus writes itself into the file as many viruses do. however, when you next attempt to load and run the file, it will not load and locks up the system. this is not because the viruys has taken control! this happens because when an axed file is loaded, it is decompressed and the checksum is compared to the original one generated when the file was axed. I know axe was never designed to be anti-viral, but it sure works well in this regard. since the file is actually in encrypted form on the disk, it screws up the virus!
IA96@PACE.BITNET (IA96000) (08/05/89)
i did not mean to propse that axe is the cure all or preventative for viral infections. i just wanted to point out what we had found. in most cases, a virus attacking a program which has been axed creates a situation where the axe'd program will not load properly due to the compression used when the program was axe'd. basically axe reads a file and like arc applies a compression formula to the file and then writes the file back to the disk along with a special loader incorporated in the file. when a virus attacks the file, it changes (obviously) some of the compressed data. however it does not really know that the data has been compressed by axe. so when the user goes to load the program the loader cannot un-compress the data and halts operation. while not a cure all or anything like that it is a good way to spot instantly if a file has been tampered with.