Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!decwrl!sun!pitstop!sundc!seismo!uunet!microsoft!brianw
From: brianw@microsoft.UUCP (Brian Willoughby)
Newsgroups: comp.sys.apple
Subject: Re: viruses
Summary: Idea
Message-ID: <831@microsoft.UUCP>
Date: 8 Mar 89 03:24:11 GMT
References: <123*rdlanctot@instr.okanagan.bc.ca>
Organization: Microsoft Corp., Redmond WA
Lines: 18

In article <123*rdlanctot@instr.okanagan.bc.ca>, rdlanctot@instr.okanagan.bc.ca (Ryan Lanctot) writes:
> Some really smart cookie would probably have the virus checksum the 
> program itself before insertion, then rebalance the checksum......  Or they
> could corrupt the checksum program itself to produce the same result every time
> , no matter how the program looked.

Who says that you must use a predictable 'checksum'. A lot of the copy
protected software that I looked into used tricky methods to combine each byte
of a program into a unique value. If you want to fight these 'smart' viruses,
then use multiple checksum equations simultaneously. It would be very hard to
modify a program enough to make it generate the same result to two different
checksum algorithms. Especially if one or both of the algorithms were unknown
to the virus.

Brian Willoughby			microsoft!brianw@uunet.UU.NET
		or just			microsoft!brianw

#include <std.disclaimer>		/* just an idea */