Path: utzoo!attcan!sobmips!uunet!cs.utexas.edu!asuvax!ncar!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: frisk@rhi.hi.is (Fridrik Skulason) Newsgroups: comp.virus Subject: Ralf Burger's book Message-ID: <0014.8911161543.AA03334@ge.sei.cmu.edu> Date: 15 Nov 89 01:02:11 GMT Sender: Virus Discussion List Lines: 55 Approved: krvw@sei.cmu.edu I spent a part of last evening reading the book "Computer Viruses, a high-tech disease". This book has been mentioned here several times before, in most cases because it contains a (slightly crippled) disassembly of the Vienna virus. This disassembly, and other that have been (and will be) made generally available will become a major source of problems in the future. The reason is quite simple. It takes a GOOD assembly language programmer at least a couple of days to write and debug an original virus. Given a disassembly to start from, he can complete the job in a few hours instead. A novice may spend a bit longer time creating a new virus built on a disassembly, but it will be MUCH harder for him to write a new virus from scratch. It takes no genius to write a virus, only an experienced assembly language programmer, but since the novices outnumber the experienced ones, the availability of a virus disassembly will result in a far greater number of people being able to write viruses with less effort. My opinion of the book is very simple. I can not recommend it. This is not due to the fact that it contains listings of "real" viruses, but rather that the information in the book is inaccurate and out of date. Consider for example the different virus types described. They are: Overwriting viruses. Non-overwriting viruses. Memory-resident viruses. Calling viruses. Hardware viruses. Buffered viruses. "Live and Die" viruses. "Hide and Seek" viruses. Boot sector viruses are not mentioned in this list, or anywhere else in the book. This is of course because they only appeared in 1988, but the book was written in 1987. Some of the virus types mentioned are unknown and VERY unlikely to appear at all. Some time is spent on the subject of "Randomly occurring viruses"... "who can say that his software cannot be turned into a virus by changing a single bit ?". .. and that sort of stuff. Still, this book is l lot better than the two other books I saw here at the university bookstore. I guess we will never get a "good" book on viruses, since they will probably have become obsolete by the time they appear. But who needs a book when we have VIRUS-L and comp/virus ? :-) - -frisk