Path: utzoo!attcan!uunet!peregrine!elroy!ames!mailrus!tut.cis.ohio-state.edu!ucbvax!UIAMVS.BITNET!AWCTTYPA From: AWCTTYPA@UIAMVS.BITNET ("David A. Lyons") Newsgroups: comp.sys.apple Subject: viruses and checksums Message-ID: <8903071552.aa21592@SMOKE.BRL.MIL> Date: 7 Mar 89 20:50:00 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 35 >Date: Mon, 6 Mar 89 09:27:00 -0800 >From: Ryan Lanctot >Subject: VIRUSES AND CHECKSUMS > >>No! It isn't anywhere near that simple. [...] > >True, I hadn't thought of that. Although it is also true, to some >extent, that the checksum must be stored somewhere...... Perhaps a >virus could simply change the checksum on a random basis, thereby >giving false (?) reports to the system people. Then, when it's >getting to the point where it seems there's something wrong with the >checksum software, the virus could insert itself, which would be >taken as another false report. Problem with this scheme is finding >the checksum byte(s).... > >Ryan Lanctot > Again, finding the checksum, even if it is stored somewhere explicitly, is not something that can be automated. Anyway, I have a great deal of trouble imagining this "the checksum routine that cried 'wolf'" scenario. In many cases the algorithm used would be trivial enough that the implementation's correctness could be verified easily. Even if a complicated scheme was used, it would be a simple matter to determine that the implementation computed some _function_ of a file's contents (always gives the same result given a particular stream of bytes for input), so that you could be sure when your detector complained that your files really were being fiddled with in some way. --David A. Lyons bitnet: awcttypa@uiamvs DAL Systems CompuServe: 72177,3233 P.O. Box 287 GEnie mail: D.LYONS2 North Liberty, IA 52317 AppleLinkPE: Dave Lyons