Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!iuvax!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: padgett%tccslr.dnet@uvs1.orl.mmc.com (Padgett Peterson) Newsgroups: comp.virus Subject: Re: Anti-virus viruses Message-ID: <0001.9008171919.AA16211@ubu.cert.sei.cmu.edu> Date: 17 Aug 90 23:08:12 GMT Sender: Virus Discussion List Lines: 35 Approved: krvw@sei.cmu.edu Frankly the idea is abhorrent to me. For one reason, such a program must, by definition be constantly modifying files and would make any effective configuration management impossible. Secondly, there are a number of programs (VolksWriter comes to mind) using overlays that cannot function properly with any extra appendages. We already have "hunter-killer" programs (the McAfee utilities come to mind) that are initiated by the user and quit when told. Other programs are available which become resident and keep watch on system activities (e.g. Virus-Safe). Most are based on a stable environment from which deviations can be detected. Mature detection routines are still mixed into two camps: virsu spotters that work by viral signature analysis, and exception spotters that detect deviations from a known environment. While both have their pros & cons, I suspect that the final product will either be #2 or a synthesis of both. For obvious reasons any viral activity, even of a benign nature, would make this impossible. While it is certainly possible that an adaptive expert system might be developed that would be essentially virus-proof, it would also be a troubleshooting nightmare. We must remember that a solution must be appropriate for 50 million uneducated users who wish the PC to be a tool, not for the "experts" who can pull apart a 160k .EXE and determine its function. Unfortunately, the users for whom a global solution is necessary are unlikely to participate in this forum. (personal opinion) One further opinion: some people have commented that the 4096 is not reponsible for crosslinking files and that users cause the problems when they use CHKDSK/F. Sounds like something a politician would say. Padgett