Path: utzoo!utgpu!water!watmath!clyde!bellcore!faline!scherzo!allegra!princeton!udel!gatech!bloom-beacon!athena.mit.edu!cthulhu From: cthulhu@athena.mit.edu.UUCP Newsgroups: comp.sys.amiga Subject: Re: virus Message-ID: <2902@bloom-beacon.MIT.EDU> Date: 11 Feb 88 19:08:42 GMT Sender: daemon@bloom-beacon.MIT.EDU Reply-To: cthulhu@athena.mit.edu (Jim Reich) Lines: 25 Posted: Thu Feb 11 14:08:42 1988 In article <2650@encore.UUCP> soper@encore.UUCP (Pete Soper) writes: > > Why not have a program that says "insert a known good disk", reads this >disk's boot block, then says "now insert the disk to test", and then >compares this boot block with the known good one. Why bother messing around with reading a good disk, which might even have been corrupted itself -- the war zone of viruses is a dangerous environment, and disks on the front line tend to get hurt. The boot block is sufficiently small that it could just be kept as a part of the virus checker. Or you could simply use a checksum like Vcheck1.9 does. It would be REAL tough to write code that would checksum to the same value as the original code, and virtually impossible to write one that would run through two different checks (check both the sum and a sum of all the bytes exclusive or'd with 27 or shifted left or whatever...) An idea: How about a program which reads boot blocks of disks and saves copies if they are abnormal. A library of as many as 80 boot blocks could be kept on one disk. When the virus strikes and kills a copy protected disk, you could use this utility to restore the boot block. I don't think any copy protection scheme can prevent the copying of the boot block, as the system must be able to read it... am I right? Perhaps this utility could be added to a disk catalogger or something, which would make it doubly useful... -- Jim