Path: utzoo!utgpu!water!watmath!clyde!att-cb!att-ih!pacbell!ames!ncar!gatech!udel!rochester!PT.CS.CMU.EDU!andrew.cmu.edu!jv0l+
From: jv0l+@andrew.cmu.edu (Justin Chris Vallon)
Newsgroups: comp.sys.mac
Subject: About this virus thing...
Message-ID: <AWInlWy00XM3zxg0HU@andrew.cmu.edu>
Date: 1 Apr 88 06:44:50 GMT
Organization: Carnegie Mellon University
Lines: 17

Maybe I'm missing something, but how does a virus killer do its thing?  Are
these INITs/applications AI programs which disassemble the code in question,
figure out what it does, and eliminate it if it is "dangerous"?  I'd like to
see this AI code... so would the rest of the world.  :->

Seriously, what could a virus-killer do?  I could see intercepting the
AddResource/ChangedResouce calls, and signal when something is being added
to the System resource file, but this doesn't get rid of already existing
viruses.  And how about a clever virus that modifies the CODE resource id 1
so that an application is infected?  I could come up with come more, like
modifing some DRVR resources, reversing Read/Write calls in the device
manager (yes, it's possible)...  can I stop?

Enlighten me!

-Justin
justin.vallon@andrew.cmu.edu