Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!know!samsung!zaphod.mps.ohio-state.edu!ub!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: RADAI1@HBUNOS.BITNET (Y. Radai)
Newsgroups: comp.virus
Subject: Re: 639k, detection (PC & General)
Message-ID: <0005.9007301843.AA01312@ubu.cert.sei.cmu.edu>
Date: 30 Jul 90 16:29:45 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 22
Approved: krvw@sei.cmu.edu


  Just a couple of minor comments on Padgett Peterson's posting.  He
writes:

>Though of course it is feasible, I have not yet seen
>a virus that just uses 1k.

There is at least one PC virus which uses only 1K of high RAM: the
Merritt/Alameda/Yale virus.

>simple checksum
>analysis of existing programs is adequate so long as the algorithm used is
>unknown.

Maybe we mean different things by "algorithm", but as far as I'm con-
cerned, the algorithm can be known as long as the checksums depend on
an unknown user-dependent key.

                                     Y. Radai
                                     Hebrew Univ. of Jerusalem, Israel
                                     RADAI1@HBUNOS.BITNET
                                     RADAI@HUJIVMS.BITNET