home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Magnum One
/
Magnum One (Mid-American Digital) (Disc Manufacturing).iso
/
d2
/
sentry02.arc
/
README.1ST
< prev
next >
Wrap
Text File
|
1989-09-09
|
6KB
|
117 lines
SENTRY VERSION 2
This software is distributed as shareware. You may copy it
freely and distribute it. If you choose to use it, please send a
$15 registration fee to the address below.
If you use this product and do not send the registration
fee, you will still have the best virus protection product
available at any price and you will have little to worry about
from computer viruses. However, you WILL have bad dreams and
your karma will turn sour. Your girlfriend will leave you for
the dweeb next door and the neighborhood children will ridicule
you behind your back. You will begin loosing your hair
prematurely. Your chances of an audit by the IRS will increase
by two orders of magnitude. You will be seduced, in a moment of
madness, into buying OS/2 and will convert all of your systems
three days before IBM abandons the product. We know this to be
true.
To avoid all of this and live a long, happy and prosperous
life, merely take out a check (yes, do it now before it's too
late), fill it out for $15 (cash also accepted), include your
name and address and send it to:
McAfee Associates
4423 Cheeney Street
Santa Clara, CA 95054
OR, quickly jot down your Master card or Visa number and
drop it in the envelope. For those of you never write anything
on paper - call the Homebase BBS at 408 988 4004 and leave your
credit card number in E-mail to the SysOp. Credit card orders
please add $3. Believe us, you'll feel better when you've done
this.
Now that that's out of the way, let's get down to business.
THE PRODUCT
Sentry version 2 is an updated version of the original Sentry
product. It now runs on DOS 4.0 and above, and it has additional
checks for partition table viruses. In operation, however, it is
identical to the original version. If you currently are running
Sentry, the only modification required is to re-install using the
new install routine. Everything else is identical.
I have designed and marketed an number of antiviral products
commercially through InterPath Corporation, some with more
success than others. I have also researched and tested every
antiviral product available in both the commercial and public
domain markets. All of them (including my own) were less than
satisfying. They left me with a sense of unease about the
security of my system, or alternately, were so difficult to
install and use that I would rather suffer the virus than the
product. My answer to this problem is Sentry.
Sentry uses a unique approach to the virus issue. Prior
products have used TSR filters to attempt to trap viruses, or
checksums to detect changes in critical files. The TSR approach
has numerous weaknesses, primarily because TSRs cannot prevent
viruses from directly interfacing with the system I/O
controllers. Thus, over half of existing viruses cannot be
stopped or detected by such products. The interrupt vectoring
techniques of these products are easily circumvented by viruses.
The checksum approach, on the other hand is very time consuming
and awkward to implement. Both techniques are troublesome to
install and execute.
Sentry relies on a characteristic of viruses that has been
overlooked by other product developers. That characteristic is
called the "Positioning Rule". This rule relates to how viruses
attach to programs. Very simply, viruses may attach to the
beginning, to the end or to the middle of a program, or any
combination of the three. They may fragment themselves and
scatter virus segments throughout the program. Or they may even
keep the main body of the virus unattached to the program, hidden
in a bad sector for example. All viruses that have been
discovered, however, have modified at least some small portion of
the beginning instructions of the program. This is because a
virus must be executed first, that is - before the host program
to which it has attached. If the virus does not execute before
its host program, then the environment in which the virus "wakes
up" will be uncertain, and the probability of program failure
will be high.
The exceptions to this positioning rule are viruses that
replace the entire program, such as boot sector infectors, and
viruses that attack only specific programs, like known operating
system files or other programs that would be commonly found in
large numbers of systems. These viruses may gain control at any
point, since the structure of the host program is well known and
the environment can be predicted at any point in the host
program's processing.
The implications of this principal are very important.
Sentry takes advantage of this characteristic to radically speed
up the checking function. If every byte of every program is
processed by a checksum or other comparison technique, then
scanning the entire system for a virus takes a substantial time
to complete (15 minutes to an hour), and it is impractical to
perform this function frequently. As a result, previous virus
products could not effectively perform this function.
Sentry, on the other hand, employs a technique that locates
the initial instructions and branch addresses for each generic
program in the system and logs critical information about these
locations. It is able to scan the entire system for a virus over
200 times faster than global checksum techniques. As a result,
it is now practical to check the entire system each time the
system boots. This normally takes less than 20 seconds for the
average system.
Sentry is installed by simply typing the install command.
There is nothing else the user ever needs to do. Install
automatically logs ALL components of the system that can be hosts
to a virus and places an automatic check function in your
autoexec. If you ever do get a virus, Sentry will list any and
all components of the system that are affected. That's all there
is to it.
Please read the file SENTRY.DOC for installation and
operation instruction.