Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!tut.cis.ohio-state.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: 71435.1777@CompuServe.COM (Bob Bosen)
Newsgroups: comp.virus
Subject: Signature Programs
Message-ID: <0005.8912201621.AA09547@ge.sei.cmu.edu>
Date: 19 Dec 89 18:01:54 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 40
Approved: krvw@sei.cmu.edu

In his mailing of Dec 07 '89, Y. Radai seems to be taking the position
that since I am in favor of sophisticated authentication algorithms, I
must be against sophisticated program implementations. Nothing could
be further from the truth. A really reliable virus detection program
must have BOTH a trustworthy authentication algorithm and a
sophisticated implementation. I stressed the importance of
sophisticated authentication algorithms only because as a newcomer to
VIRUS-L, I was seeing a lot more discussion of implementation details
and scanner programs than of quality authentication techniques.

Please don't misinterpret me: PROGRAMS THAT PURPORT TO DEFEND AGAINST
VIRUSES MUST BE EXTREMELY CAREFULLY WRITTEN. In my view, they should
use the best and most sophisticated defenses available. Today, that
means authentication algorithms should be based on published standards
that have stood the test of time, such as ANSI X9.9. Obviously if a
clever virus writer is able to orchestrate a situation in which the
virus is never examined, then even a sophisticated authentication
algorithm is of no use.  What is needed is a well-written and
convenient program that applies a sophisticated authentication
algorithm across all program code without exception. Clearly this is
better than a well-written and convenient program that applies some
programmer's guess at an authentication algorithm across all program
code without exception!

The address where copies of ANSI X9.9 can be obtained didn't make it
into my last posting. Sorry about that. Copies of ANSI X9 standards
can be obtained through:

Secretariat: American Bankers Association
             Standards Department
             1120 Connecticut Avenue, N.W.
             Washington, D.C. 20036

I think the price is $15.00. I bet if you send a check and a mailing
label with your return address on it, you'll get quick response.

- -Bob Bosen-
Vice President
Enigma Logic Inc.
71435.1777@COMPUSERVE.COM