home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Tech Arsenal 1
/
Tech Arsenal (Arsenal Computer).ISO
/
tek-12
/
vicatch.zip
/
VICATCH.DOC
< prev
next >
Wrap
Text File
|
1992-02-10
|
6KB
|
96 lines
VICATCH.ZIP
VICATCH checks for modifications to a file by calculating a check field
using a sophisticated algorithm and checking the result against a file
containing the resulting check field from a previous run.
Many programs are available that calculate an EXE file's checksum and
report if it differs from a previous run, but nearly any reasonably good
programmer can find a way to modify an EXE file and leave the check sum
unchanged. VICATCH goes beyond that. It can check ANY file, not just
.EXE files and is nearly equivalent to a full compare of files but is
faster, does not waste the disk space for a second copy and eliminates
the danger of the second copy of the file being contaminated.
VICATCH uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm
available in the MD5.ARC package (in the Computer Language Magazine
Forum library on Compuserve) to generate a 16 byte check field that
makes it nearly impossible to modify a file and retain the same check
value. Believe me, it is nearly impossible unless you have a super-
computer and even then it will take a while. If you are concerned about
it, RSA Data Security states in its source code that it allows the
publication of derivative works using its algorithm.
To use VICATCH, you merely install it on a disk (usually your hard disk),
preferably in a directory other than the root directory. Unpack it
using PKUNZIP, then read this document. Execute it with the names of
files to be checked as parameters. For itself and each file listed on
the command line, VICATCH recalculates the check value and compares it
against the value stored in its table from a previous run. If the value
does not compare, it exits with a non-zero return code which a batch
file can detect and issue a warning message or terminate.
If VICATCH is run against a file that has not previously been checked,
it calculates the check field, adds the value to the table and exits
with a return code of 0. This allows you to add files to the command
line at any time without concern but does leave a security hole since a
virus could modify the table file to drop the field containing the
infected file. Because of that hole, VICATCH always notifies you with a
message if it adds a file to the table. We hope to modify VICATCH in a
later version to encrypt the file names in the table and make it
difficult for anyone (or any program) to locate the entry for a given
file in the table.
Since the command line is limited to 130 characters, you may have to
execute VICATCH more than once to check all of the files that you should.
If you are running it for the first time on a particular file you may
put a + sign in front of the file name parameter to add the file to the
table. Do not put a space between the plus sign and the file name. If
you are already using a previous version of VICATCH you must execute it
one time with a plus sign as the first parameter. That forces VICATCH to
update its own check field in VICATCH.TAB.
The VICATCH table file is named VICATCH.TAB and will be in the same
directory as the VICATCH.EXE file. The program automatically checks
itself to protect against its infection so there is no need to include
it in the table. On our systems we check COMMAND.COM, IO.SYS,
MSDOS.SYS, XCOPY.EXE, FORMAT.COM, CHKDSK.COM, AUTOEXEC.BAT and
CONFIG.SYS as well as our word processor, spreadsheet, communications
and data base programs and all compilers and utilities. It takes only a
short while to run (from the AUTOEXEC.BAT file) and makes us feel
relatively free of virus infection. Be sure that when you first run it
against a program file that you run it against a good uninfected copy.
VICATCH does not care what path is used to reach the file. It only saves
the file name and extension so if you have multiple programs with the
same name, you'll have to rename one or more of them or check only one.
VICATCH is distributed free of charge as a public service by ChoiceWare
in the hopes that it may help someone detect a viral infection before
damage is done. If you decide to distribute it to others you may do so
so long as you don't charge for it other than a minimum disk duplication
cost. If you want to help defray the cost of writing this program you
may send a $5 registration fee to ChoiceWare for which we will send you
the next update (if any) as well as notification of other ChoiceWare
products. This program was not written as a profit-making venture. The
$5 covers the cost of production and mailing. If you still object to
that, send what you can or make out your check to your favorite charity
and include a stamped and addressed envelope. We will register you and
forward your check.
VICATCH is Copyright (c) 1992 by ChoiceWare. Portions of it are
copyright (c) 1990, RSA Security, Inc. ChoiceWare and RSA Data
Security, Inc. make no representations concerning either the
merchantability of this software or the suitability of this software for
any particular purpose. It is provided "as is" without express or
implied warranty of any kind. If are able to modify an EXE or COM file
that has been protected by VICATCH, have that program still perform any
useful function, however trivial, and still allow it to pass the VICATCH
checks, ChoiceWare will give you a current copy of at least one current
ChoiceWare product (with a retail value of at least $100) free of
charge. To prove that you have done it, you must supply ChoiceWare with
both copies of the EXE or COM file so that we can validate your claim.
The only catch is that you must be a registered user to get the reward.
ChoiceWare 8802 East Broadway, Suite 211 Tucson, AZ 85710
Tel: (602) 298-0666 (Voice or Fax)