Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!samsung!brutus.cs.uiuc.edu!ux1.cso.uiuc.edu!tank!cps3xx!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: SMIBS@RHODES.BITNET (Benjamin S. Smith) Newsgroups: comp.virus Subject: The Ultimate Anti-Viral Solution? Message-ID: <0011.9002021158.AA26135@ge.sei.cmu.edu> Date: 1 Feb 90 20:37:00 GMT Sender: Virus Discussion List Lines: 37 Approved: krvw@sei.cmu.edu An idea which rolled off the top of my head this afternoon: Every new program which comes out for your computer also has an "anti-virus module" with it, as a separate data file. This module contains information on what actions the program which you have just acquired takes during operation. Does the program ever change size? Does it ever create additional files? Is it authorized to make changes to other programs? What kinds of changes? How is it allowed to make such changes? Does it ever run/read other programs or data files? and so on. Included would be a list of all required read/write actions which the program uses. A central program, included with your computer from its manufacturer, is in charge of overseeing every one of these data files. It is a system-wide guard against unauthorized attempts from within any program to modify data on your computer. If a problem occurs, the central program spells it out for you and asks for further instructions. Somehow the central program would have to be referenced with every read and write, admittedly a long process. Maybe the program could be a piece of hardware, a chip, or extra memory simply set aside to be used only by the central program. Also, the more programs you have, the more that the central program must keep track of. Perhaps too much information to deal with at once. But it sounds good, right? This way the burden for virus protection falls on the computer manufacturer and the software companies themselves. No new updates of anti-virus programs are needed, since the computer can recognize any "incorrect" activity. Saves your $$, as you don't have to subscribe to an anti-virus updating service. Feasible? Or just too complicated? Could such a setup be compromised in any way short of hardware failure? Give it some thought..... Ben Smith smibs@rhodes.bitnet