Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!ucsd!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: abvax!iccgcc.decnet.ab.com!herrickd@uunet.UU.NET Newsgroups: comp.virus Subject: Re: RE: Trojan Warning (PC) Message-ID: <0010.9012041357.AA13652@ubu.cert.sei.cmu.edu> Date: 30 Nov 90 16:33:11 GMT Sender: Virus Discussion List Lines: 23 Approved: krvw@sei.cmu.edu oper1%drcv06.decnet@drcvax.af.mil (DRCV06::OPER1) writes: > keithm@ashtate.A-T.COM (Keith Mund) writes: > >>>Speaking personally as a software author, buy software from the >>>manufacturer or a legitimate dealer. The same fears you have are felt >>>by them manyfold, and great care is taken to insure safe software. >>>Although you threw out names of companies freely, none of them has >>>distributed software with any problems. Why fear a problem that does >>>not exist. Viruses are spread by individuals copying software, not by >>>legitamate manufacturers. > > One way of insuring that the SCAN or F-PROT programs are > legitamate is for the authors to ZIP their program with the -AV > (Authenticate Verification) switch on. That way if the programs were > modified PKUNZIP would tell you. It would also be a way for users to > know that the ZIP file came straight from the author and hasn't been > modified in any way. Does Authenticate Verification really do something that is not subvertible? Forgive my skepticism. What does it say it does? dan herrick herrickd@astro.pc.ab.com Brought to you by Super Global Mega Corp .com