Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: pro-angmar!achilles@alphalpha.com (David Holland)
Newsgroups: comp.virus
Subject: re: Lateral Thinking
Message-ID: <0011.9012061357.AA16381@ubu.cert.sei.cmu.edu>
Date: 5 Dec 90 05:26:24 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 23
Approved: krvw@sei.cmu.edu


 > A very good friend of mine, who sometimes watches this group, has
 > written a nifty gadget that he calls Acabus.

Seems to me you could make that into a pretty good security and
anti-virus program by popping up a permit/deny window every time it
detected something trying to change an interrupt vector. Only trouble
is that anybody using it would have to know his interrupts cold so he
can decide what to allow - if you deny everything most of your
programs won't run. Of course, one could always make a list of "legal"
interrupt changes and legal values to change them to based on offsets
from the code segment of a particular executing program.

Our lives would be much easier if MS-DOS had been designed with even the
slightest of concessions to security...

 ------
 David A. Holland

 Internet:  pro-angmar!achilles@alphalpha.com          | There is no great
            aeneas@blade.mind.org            (slower)  | talent without a
 Citadel:   blade!aeneas@{undermind, overmind}         | mixture of madness.
 Fidonet:   David Holland @ 1:322/337 (not preferred)  |       -Seneca