Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: CCTR132@csc.canterbury.ac.nz (Nick FitzGerald) Newsgroups: comp.virus Subject: Re: Integrity Checking, programs, etc Message-ID: <0009.9103291939.AA00169@ubu.cert.sei.cmu.edu> Date: 28 Mar 91 23:37:00 GMT Sender: Virus Discussion List Lines: 28 Approved: krvw@sei.cmu.edu In VIRUS-L V4 #49 frisk@rhi.hi.is (Fridrik Skulason) wrote: >padgett%tccslr.dnet@uvs1.orl.mmc.com (Padgett Peterson) writes: >>NO ! It will not defeat "any kind of integrity check" though "stealth" >>will defeat SCAN's if the /nomem switch is in use (wish we had italics) While >>the "stealth" seen so far will defeat a program integrity check, it will NOT >>defeat a system integrity check (the six bytes). > >I don't mean to be insulting, but I have said it before, and I will >say it again: The six-byte check is no sustitute for a full system >integrity check! Athough it will detect most wiruses, it will NOT >detect them all, in particular it will miss some "stealth" viruses, >like the "Number of the Beast". I've been following along for about eight months or so now, and have seen a few references to the "six-byte check" referred to above, but don't recall ever seeing an _explanation_ of what this is. If I've missed something simple or fundamental - common knowledge - please reply by mail with a description. If it hasn't appeared here already (or was a long time ago), is it time to re-post something to the group. Thanks, - --------------------------------------------------------------------------- Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337