Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) Newsgroups: comp.virus Subject: Re: Interesting advert (PC) Message-ID: <0002.9106031950.AA02037@ubu.cert.sei.cmu.edu> Date: 31 May 91 16:02:15 GMT Sender: Virus Discussion List Lines: 45 Approved: krvw@sei.cmu.edu >From: Y. Radai >There is absolutely nothing new in this ad. Exactikalaly. > Padgett Peterson to Kenny:: >>Question: when does it go resident ? If from CONFIG or later, you know >> my opinion. >Answer: Who says a checksum program has to go resident at all?? Most >checksum programs I know of (incl. Vaccine and V-Analyst) can (or >must) be run without going resident. Well some form of integrity checking must go resident, even if it is just smart enough to call the checksum program. Otherwise, what is going to identify that a program is new or changed. (you could handle "changed" with a zillion little .BAT files but new ?) Since you do not want to add to the pilot's workload, it must be automatic therefore resident. Further, in order to handle the undocumented DOS "features" and Windows/Novell /etc interactions, it needs to go resident (at least the disk handler) before DOS loads e.g. from the BIOS. Considering performance, while it would be possible to call the main routine from disk (most good anti-viral routines now permit code swapping for systems with limited free DOS RAM), it is better to keep the necessary elements available. Since new memory systems (DR-DOS, MS-DOS 5.0, QEMM) can provide up to 637k free with 121k of TSRs loaded "high" on my home machine, in the future, 10-20k of integrity management should not be a problem (incidently, the 19k check-summing routine I use is in high memory so on my PC the only loss to DOS is 1k of the BIOS-level stuff: have 636k of free RAM under 640k). The delay in checking each program/disk access is unnoticable to the user. (Norton reports SI 27.1 / DI 9.1 on a non-cached 25 mhz 386, ST-251-1/SMARTDRV combo) Point is, anyone who says the above can't be done is nuts. Warmly, Padgett ps My wife has no idea any of the above is there when she writes a letter, she just turns the PC on & goes.