Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!apple!usc!elroy.jpl.nasa.gov!sdd.hp.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: vail@tegra.com (Johnathan Vail)
Newsgroups: comp.virus
Subject: Re: Products for detecting viruses
Message-ID: <0006.9011081829.AA17940@ubu.cert.sei.cmu.edu>
Date: 7 Nov 90 21:22:00 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 32
Approved: krvw@sei.cmu.edu

71435.1777@CompuServe.COM (Bob Bosen) writes:

   Yes. I hope you'll consider "SafeWord VIRUS-Safe" from my company. It
   is an extension to MS-DOS that automatically and transparently
   examines all your programs as they are loaded for execution. It
   quickly calculates a non-forgeable signature for each program being
   executed and compares that signature with records from prior
   executions. If anything has changed since the last time it was run,
   the user is alerted. Otherwise, execution continues without any
   disruption. It detects the spread of all known MS-DOS viruses, and is
   believed to be capable of detecting the spread of all unknown viruses

This technique seems to be a good one for screening for *propogation*
if viruses on a system or network.  I have some questions and some
what if's to run by, if I may:

- -- This doesn't detect the program that is spreading the virus, only
  the ones that have been subsequently infected.  Correct?

- -- Does this provide any protection from attacks on COMMAND.COM, boot
  sectors or general attacks through DOS or BIOS?

- -- Are there programs that legitimately modify themselves with various
  defaults and setup that can trigger the virus detector?

Thanks, jv

"... until then, any action will be like trying to herd cats." -- Gene Spafford
 _____
|     | Johnathan Vail | n1dxg@tegra.com
|Tegra| (508) 663-7435 | N1DXG@448.625-(WorldNet)
 -----  jv@n1dxg.ampr.org {...sun!sunne ..uunet}!tegra!vail