Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!husc6!ut-sally!im4u!oakhill!tomc
From: tomc@oakhill.UUCP
Newsgroups: comp.sys.ibm.pc,sci.crypt
Subject: Re: Stopping Trojans
Message-ID: <865@oakhill.UUCP>
Date: Wed, 15-Apr-87 10:36:04 EST
Article-I.D.: oakhill.865
Posted: Wed Apr 15 10:36:04 1987
Date-Received: Fri, 17-Apr-87 02:06:42 EST
References: <537@faline.bellcore.com> <5760@brl-smoke.ARPA>
Organization: Motorola Inc. Austin, Tx
Lines: 35
Xref: utgpu comp.sys.ibm.pc:2941 sci.crypt:311
Summary: Hopkins' programs

In article <5760@brl-smoke.ARPA>, gwyn@brl-smoke.ARPA (Doug Gwyn ) writes:
> In article <537@faline.bellcore.com> karn@faline.bellcore.com (Phil R. Karn) writes:
> >I've read one too many Trojan Horse reports. I'm tired of hearing about
> >people having their hard disks wiped out by jerks with a strange sense of
> >humor. They must come from the same crowd that puts cyanide into Tylenol.
> 
> >I think I have a possible technical solution to the problem.
> 
> It looks okay, if everybody would agree to use the same algorithm.

This is indeed the most general approach.  However, for IBM PCs Andy Hopkins
has written a couple of clever programs that check other programs for
potentially malicious behavior.  I have included below some of the
introductory material from the doc file of one of the programs.  They are
generally available on local bulletin board systems.  To quote:

    "Bomb Squad" (BOMBSQAD.COM) is NOT a game!  It is a further attempt to
prevent pranksters from destroying your data.  The proliferation of the
"Trojan Horse" type programs which proport to be games but actually plant
bombs in your system which format your hard disk or erase the disk
directory, has prompted the writing of this program, as well as
CHK4BOMB.EXE ("Check for Bomb").
    CHK4BOMB.EXE reads the program file from disk and attempts to spot
dangerous code and suspicious messages, but since code is often a function
of run time memory situations, it could miss spotting the "bombs".
    BOMBSQAD.COM is a program that intercepts calls to the BIOS code in ROM
as a suspicious program is run, displays what is going to happen during the
call, and asks if you want to continue.  You can abort or continue as you
see fit.
-- 

Tom Cunningham     "Good, fast, cheap -- select two."
USPS:  Motorola Inc.  6501 William Cannon Dr. W.  Austin, TX 78735-8598
UUCP:  {ihnp4,seismo,ctvax,gatech}!ut-sally!oakhill!tomc
Phone: 512-440-2953