Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!unmvax!ncar!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: madd@world.std.com (jim frost) Newsgroups: comp.virus Subject: Re: Where are the Sophisticated Viruses? (PC) Message-ID: <0006.8911131038.AA09039@ge.sei.cmu.edu> Date: 11 Nov 89 19:52:07 GMT Sender: Virus Discussion List Lines: 37 Approved: krvw@sei.cmu.edu frisk@rhi.hi.is (Fridrik Skulason) writes: >jim frost writes: >>Given the limited resources of PC environments, it's >>unlikely that you'll get a very sophisticated virus. >I must disagree. In the PC environment it is not a question of limited >resources, but rather the fact that any user process has full access to >ALL resources and can even directly manipulate the hardware if required. >So, my opinion is that it is even easier to write a sophisticated virus on >the PC than in most other environments. No, it's harder. Most of the items which I consider sophisticated require fairly fancy programming which requires code space, data space, and CPU time, each of which is at a premium in most PCs. A really sophisticated virus, one targeted for UNIX, for instance, could easily approach or exceed a megabyte in size. You just can't do that on most PCs, and users would notice even if you could. On the other hand you don't need to. MS-DOS systems are so trivial that it's difficult to build a good virus detector and there are no inherent security systems. Viruses don't need to be sophisticated. >Finally, I want to add one "feature" to the description of a sophisticated >virus: >"Bypass protection programs and jump directly to the hardware, DOS or >BIOS routines." I didn't add that because that's not usually one of the "survival" traits, but rather is used in propagation and/or infection. I have a fairly lengthy document on the kinds of things a real sophisticated virus might do in each stage (what I showed before was a subset of this document). I consider the document sensitive so I am wary of posting it. jim frost madd@std.com