home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.compression
- Path: sparky!uunet!mcsun!sun4nl!dutrun!donau!zen.et.tudelft.nl!cornet
- From: cornet@zen.et.tudelft.nl (Jan-Pieter Cornet)
- Subject: Re: PKZ204C.EXE *NOT* INFECTED, or ...???
- Message-ID: <1993Jan07.112357.20109@donau.et.tudelft.nl>
- Sender: news@donau.et.tudelft.nl (UseNet News System)
- Nntp-Posting-Host: zen.et.tudelft.nl
- Organization: Delft University of Technology, Dept. of Electrical Engineering
- References: <bontchev.726270248@fbihh> <1750@ictser.UUCP> <bontchev.726336153@fbihh>
- Date: Thu, 07 Jan 1993 11:23:57 GMT
- Lines: 32
-
- bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) writes:
-
- >weegink@ictser.UUCP (Han Weegink) writes:
-
- >> Isn't it true, that all one can prove is ***presence*** of viri,
- >> not ***absence*** ?
-
- >It is so when you are using a known-virus scanner. I analyzed the
- >files manually with a debugger.
-
- >> The fact that the virusscanners didn't all identify a virus
- >> merely proves that the virus they are looking for is not
- >> present. But what about new viri ???
-
- >I am in the field since more than four years and I -am- able to
- >recognize a virus (even if it is new) when I see one... Sometimes it
- >might take me some time to decide whether a suspiciously-looking code
- >is a virus or not. And, as I wrote even in my original message, I did
- >not limit myself to the usage of scanners, like most of you seem to
- >have done. I analyzed the executables manually. I GUARANTEE THAT THEY
- >ARE NOT INFECTED!
-
- Oh yeah? And how come, then, that the program has already reportedly
- spread to thousands of machines, and that is is likely to hit the
- hunderdthousands before the end of the month?
-
- Clever spreading mechanism ;)
-
- -- Jan-Pieter
-
- PS. ;-) :-D (-: 8D :*) :-]
-
-
