Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!uunet!mcsun!hafro!isgate!krafla!frisk
From: frisk@rhi.hi.is (Fridrik Skulason)
Newsgroups: comp.sys.ibm.pc
Subject: Re: .COM and .EXE files
Message-ID: <1232@krafla.rhi.hi.is>
Date: 20 Oct 89 10:50:07 GMT
References: <00092@citasim.UUCP> <253B310B.23002@maccs.dcss.mcmaster.ca>
Reply-To: frisk@rhi.hi.is (Fridrik Skulason)
Organization: University of Iceland (RHI)
Lines: 29

In article <253B310B.23002@maccs.dcss.mcmaster.ca> cs4g6ag@maccs.dcss.mcmaster.ca (Stephen M. Dunn) writes:
>In article <00092@citasim.UUCP> agray@citasim.UUCP (andrew gray) writes:
>$ I was just thinking about trojans and such that infect the COMMAND.COM
>$file, and I got a weird idea:
>$  I renamed COMMAND.COM to FIZZGIGG.FOO and placed a 'shelll=c:\fizzgigg.foo
>$/p' statement in my CONFIG.SYS file.
:
:
>$would be any way to fool MS-DOS (or command.com) into using other extenders
>$for executable files, and ignoring COM and EXE altogether.  
>$ Seems to me that this would add a small modicum of protection against
>$trojans or other programs that corrupt executable files.
>
>   This will work fine as long as no programs you run have to shell out
>to DOS.  If one of them does, though, you're in trouble.

Another problem is that this will not provide much protection. You will be
protected against some viruses, in particular so-called "direct-action"
viruses, that search the disk for new files to infect, but this will not
provide any protection against viruses that stay resident, and infect programs
as they are run.

Also, a virus could easily find (and infect) COMMAND.COM, evinen if it has
been renamed, just by checking the COMSPEC variable.
-- 
         Fridrik Skulason          University of Iceland
         frisk@rhi.hi.is           

          Guvf yvar vagragvbanyyl yrsg oynax .................