Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: frisk@rhi.hi.is (Fridrik Skulason) Newsgroups: comp.virus Subject: Re: ways to circumvent viri attack, maybe (PC) Message-ID: <0007.9012041821.AA14135@ubu.cert.sei.cmu.edu> Date: 3 Dec 90 13:59:53 GMT Sender: Virus Discussion List Lines: 54 Approved: krvw@sei.cmu.edu pc2d+@ANDREW.CMU.EDU (Philip Edward Cutone, III) writes: >Just a thought, > > What kind of impact would say, renaming com and exe files to >something else while not being used. Then at least viri that scan the >disk looking for those files to infect would find no hosts in which to >reside. This would be practically useless, as the majority of viruses these days is not of the direct-action kind, but infect programs on execution instead. Besides, renaming files can lead to various problems, in the case of packages where one program attempts to run another one - you might have to patch many of the programs you use. I used a somwhat simmilar method that had the added advantage >of "increasing" my disk space. All programs were zipped when not in >use. When needed, I ran a program that would unzip them into a temp >directory and run a file called "go.bat" that would just run the >program. (or set up directories, whatever would be needed) As far as I >know, no viri infect zips, (boy I hope I am not giving any nasty >projects for these jerks) and any program run will be deleted after >its use, keeping the original copy untouched. This provides nearly the same level of security as not using the hard disk for programs, but running all software from write-protected diskettes. That is, you cannot prevent viruses from entering your system, if you obtain an infected program from somewhere, but you can prevent it from spreading. One problem, however, is that you cannot zip COMMAND.COM, so you would have to boot from a write-protected floppy, and insert the system disk as needed. >And data files would also be stored in a zip file automatically by go.bat >when finished. But they could have been corrupted before that. >Of course, the zipped files should be cleaned to begin with, otherwise >memory resident viri could affect other programs operation with >unpredictable results. Then why bother to zip them - if you assume you can clean the programs to start with, you gain nothing extra by zipping the files. Cleaning will not protect you from new viruses, and there are much simpler methods to deal with all the known ones, namely on-the fly scanning of all programs, as they are executed. - -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 | Brought to you by Super Global Mega Corp .com