Path: utzoo!yunexus!lethe!torsqnt!jarvis.csri.toronto.edu!mailrus!wuarchive!udel!haven!mimsy!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: frisk@rhi.hi.is (Fridrik Skulason) Newsgroups: comp.virus Subject: Re: Sophisticated viruses Message-ID: <0001.8911161543.AA03334@ge.sei.cmu.edu> Date: 13 Nov 89 12:12:46 GMT Article-I.D.: ge.0001.8911161543.AA03334 Sender: Virus Discussion List Lines: 32 Approved: krvw@sei.cmu.edu jim frost writes: > Fridrik Skulason writes: > >jim frost writes: > >>Given the limited resources of PC environments, it's > >>unlikely that you'll get a very sophisticated virus. > > >I must disagree. > > No, it's harder. The disagreement results from our different understanding of the words "very sophisticated virus." I understood them in a relative sense, meaning that a "very sophisticated virus" in the PC environment does not have to be nearly as complicated or large as a "very sophisticated virus" in the UNIX environment, and therefore much easier to write. So, we really do not disagree regarding the fact that > MS-DOS systems are so trivial that it's difficult to build a good virus > detector and there are no inherent security systems. Viruses don't need to > be sophisticated. > >"Bypass protection programs and jump directly to the hardware, DOS or > >BIOS routines." > > I didn't add that because that's not usually one of the "survival" > traits, but rather is used in propagation and/or infection. No, because a part of the "survival" is to avoid detection. Many protection program simply hook interrupts, and any virus that bypasses the interrupt table has a good chance of avoiding them altogether. - -frisk