Path: utzoo!utgpu!water!watmath!clyde!att-cb!osu-cis!tut.cis.ohio-state.edu!mailrus!umix!uunet!vsi!friedl
From: friedl@vsi.UUCP (Stephen J. Friedl)
Newsgroups: comp.misc
Subject: Re: Commercial liability for distributing a virus
Summary: Detecting viruses
Message-ID: <449@vsi.UUCP>
Date: 26 Mar 88 03:50:36 GMT
References: <500@xios.XIOS.UUCP> <1535@bucsb.UUCP>
Distribution: na
Organization: V-Systems, Inc. -- Santa Ana, CA
Lines: 15

Many ask about detecting a virus in production software:  I'm the
last guy to be an expert on this but it strikes me that if (say)
Aldus ships off some disks to a production house, they should
take a sample disk from the run and compare it with trusted,
known binaries.  Differences should be investigated.  If the
production house itself is doing this kind of thing then they
will ship a "clean" copy for infection but perhaps Aldus or
whoever should just get a copy from a random distributor once
in a while.  This might also serve a general-purpose quality
control function for the entire package: are manuals neat, are
disks readable, is packaging clear, etc.

-- 
Steve Friedl      V-Systems, Inc.        *Hi Mom*
friedl@vsi.com   {uunet,attmail,ihnp4}!vsi!friedl