Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: p1@arkham.wimsey.bc.ca (Rob Slade)
Newsgroups: comp.virus
Subject: Re: Interesting advert (PC)
Message-ID: <0008.9106061535.AA06556@ubu.cert.sei.cmu.edu>
Date: 5 Jun 91 23:06:45 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 43
Approved: krvw@sei.cmu.edu

I am not quite sure what
ccml@hippo.ru.ac.za (Mike Lawrie) writes:
in response to
> RADAI@HUJIVMS.BITNET (Y. Radai) writes:
and
> >  Kenny Stevenson writes:
> >>Vaccine anti-virus system -  "Vaccine  is virus-non specific detection
> >>software.  It uses  cryptographic checksums to  monitor the  state  of
>
> >There is absolutely nothing new in this ad.  There are zillions of
> >checksum programs for the PC which claim to do the very same thing.
>
> They don't cater for this scenario:-
>
> 1. Somehow infect the RAM of your PC with a COM/EXE targetting
>    virus, such as Plastique (eg run an infected program from a
>    floppy, or from a network).
>
> 2. Run SCAN on your hard disk - this does a DOS open on all COM/EXE
>    files on your hard disk, and thus infects each and every such
>    file _after_ SCAN has pronounced them virus-free

SCAN is not a checksum/image/change detection program, but a scanner,
which looks for specific known code sequences from known viral
programs.  (A further point of Mike's posting seemed to indicate that
he thought SCAN was a checksum program.)

However, Mike's posting also seems to indicate that he feels that
Sophos' Vaccine program, because it checks for changes in the program,
will not be subject to the phenomenon he describes.  (At least that
was my reading, my aplogies if that was not your intent.)

Unfortunately, any antiviral program which examines programs, either
for virus signatures or in order to calculate an "image" check, will
open all the programs it examines, and therefore opens the possibility
of that same happening.

=============
Vancouver          p1@arkham.wimsey.bc.ca   | "If you do buy a
Institute for      Robert_Slade@mtsg.sfu.ca |  computer, don't
Research into      (SUZY) INtegrity         |  turn it on."
User               Canada V7K 2G6           | Richards' 2nd Law
Security                                    | of Data Security