Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!oliveb!intelca!mipos3!omepd!psu-cs!sagar
From: sagar@psu-cs.UUCP (Arun Sagar)
Newsgroups: comp.sys.mac.programmer
Subject: Program immunization
Message-ID: <1780@psu-cs.UUCP>
Date: 22 Mar 89 02:03:02 GMT
Distribution: usa
Organization: Dept. of Computer Science, Portland State University; Portland OR
Lines: 28



Hi,
	This may not be such a new idea, but i think merits some discussion.
In writing  programs, do the following to the release versions:

1. Make a procedure which on startup checks the size of the program and 
determines if it is equal to a constant (the size of the release version).
If so continue else blurp an alert saying: "Something has changed the program
, could be a virus", etc.

	Of course i'm assuming that the program is not self modifying, does
not allow a user to change its resources and so on.  Some of that could
be taken care of by forcing the program to use a separate file for changed
resources (a good technique, in general) and let the guardian code be more
sophisicated in that it lets some resource types to be changed, i.e., ignores
them.

	The major bottleneck is that some hack would figure out a way to 
let the virus detect such a guardian routine and modify it.  One way to
deal with this problem that comes to my mind is to use cryptoanalytic
methods (aha, there's an extensive literature on that available in your
local math library).  Of course that would take care of even *manual* 
infections.


	Any comments???
-arun.