Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: frisk@rhi.hi.is (Fridrik Skulason) Newsgroups: comp.virus Subject: Re: SCAN program for IBM's (PC) Message-ID: <0006.9101151325.AA04099@ubu.cert.sei.cmu.edu> Date: 13 Jan 91 14:32:42 GMT Sender: Virus Discussion List Lines: 39 Approved: krvw@sei.cmu.edu > I am interested in finding a DOS antivirus program which would > automatically scan disks as they are inserted. Why? Doing this seems a bit silly to me, to say the least. Consider the following: On PCs we have basically two types of viruses - Boot secor viruses and program viruses. Assuming we could in all cases detect if a new disk has been inserted, which cannot (I think) be done on the original PC, but only on XTs, ATs and late computers (see INT 13H, function 16H), let's just look at the benefits: It must be kept in mind that the PC does not automatically execute code from the diskette when it is inserted. One some other machines, (for example Amiga) this is done, so an anti-virus program there HAS to check the disk as soon as it is inserted. Boot viruses could be detected by automatic scanning of all disks as they are inserted, but it would be easier just to check the boot sector when Ctrl-Alt-Del is pressed. File viruses could be found as well, but this would take untolerably long time in the "worst case" - a disk full of LZEXE-packed programs, which would have to be unpacked before scanning. I doubt many would tolerate that delay whenever a disk is inserted. Just scanning the programs when they are executed seems by far preferable to me. Also - unlike Mac and Amiga, the PC does not generate any signal when a disk is changed - you would need a resident program continously checking the Diskette Change Line Status. - -frisk - -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |