Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!snorkelwacker!bloom-beacon!eru!luth!sunic!tut!funic!uwasa.fi!ts
From: ts@uwasa.fi (Timo Salmi LASK)
Newsgroups: comp.lang.pascal
Subject: Re: Program selftesting and viruses
Message-ID: <1990Jul31.085732.8728@uwasa.fi>
Date: 31 Jul 90 08:57:32 GMT
References: <1990Jul27.182520.12051@uwasa.fi> <1875@krafla.rhi.hi.is>
Organization: University of Vaasa
Lines: 22

In article <1875@krafla.rhi.hi.is> frisk@rhi.hi.is (Fridrik Skulason) writes:
>This program works in most cases - however, it is not effective against some
>of the latest viruses, which fool it by making the program appear unchanged,
>after the virus is in control.

This is cartainly true, and the purpose of the code is to easily
weed out elementary cases, which are the most frequent anyway.  One
of the points was to make the code simple to understand and include. 
The other alternative is to imbed a checksum in the .exe file.  But
the code is much more complicated, because the checksum (either
direct or crc) constant itself within the program must be skipped
when recalculating the checksum.  Another problem is that the
checksum must be calculated fast.  Else it renders the host program
useless.  I have the code also for calculating and checking the
direct checksum of an .exe file in addition to size & date check. 
This should be fairly effective.  This will be included in the
upcoming update of my Turbo Pascal units tspas21.arc. 

...................................................................
Prof. Timo Salmi        (Moderating at anon. ftp site 128.214.12.3)
School of Business Studies, University of Vaasa, SF-65101, Finland
Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun