Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ukma!xanth!nic.MR.NET!hal!ncoast!allbery
From: allbery@ncoast.ORG (Brandon S. Allbery)
Newsgroups: comp.sys.ibm.pc
Subject: Re: Boot-time anti-viral measures
Message-ID: <13502@ncoast.ORG>
Date: 25 Mar 89 16:34:46 GMT
References: <6231@bsu-cs.UUCP>
Reply-To: allbery@ncoast.UUCP (Brandon S. Allbery)
Followup-To: comp.sys.ibm.pc
Organization: Cleveland Public Access UN*X, Cleveland, Oh
Lines: 26

As quoted from <6231@bsu-cs.UUCP> by dhesi@bsu-cs.UUCP (Rahul Dhesi):
+---------------
| 2.   In autoexec.bat on drive A:, I have lines like this:
| 
|      c:
|      bincmp /COMMAND.COM /bin/XXXXX.COM
+---------------

At a small but possibly worthwhile cost in speed, both bincmp and the copy
of COMMAND.COM could be stored on the write-protected floppy, thus insuring
that they cannot be corrupted by a virus.

Also -- many Mac viruses attach themselves to applications, hook into the
running system, and attach themselves to other applications.  If any PC
viruses work the same way, they don't necessarily *need* to patch
COMMAND.COM or IBM???.COM -- they can still invade your system and reformat
your disk or etc.  Hooking into the operating system simply insures that
they're always activated at boot time -- but what if your boot sequence runs
e.g. CHKDSK, and the virus invades *that*?

++Brandon
-- 
Brandon S. Allbery, moderator of comp.sources.misc	     allbery@ncoast.org
uunet!hal.cwru.edu!ncoast!allbery		    ncoast!allbery@hal.cwru.edu
      Send comp.sources.misc submissions to comp-sources-misc@<backbone>
NCoast Public Access UN*X - (216) 781-6201, 300/1200/2400 baud, login: makeuser