home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.org.eff.talk
- Path: sparky!uunet!cis.ohio-state.edu!zaphod.mps.ohio-state.edu!howland.reston.ans.net!usc!sol.ctr.columbia.edu!emory!nastar!phardie
- From: phardie@nastar.uucp (Pete Hardie)
- Subject: Re: Beneficial Virus
- Message-ID: <1993Jan11.174828.7461@nastar.uucp>
- Organization: Digital Transmission Systems, Duluth, GA.
- References: <m503wB4w165w@ruth.UUCP>
- Date: Mon, 11 Jan 1993 17:48:28 GMT
- Lines: 64
-
- In article <m503wB4w165w@ruth.UUCP> rat@ruth.UUCP (David Douthitt) writes:
- >I thought I would give some thought about how a beneficial virus would
- >be implemented, so that we're all arguing about the same points.
- >
- >One assumption I will be making is that the system(s) are single-user
- >MSDOS sites - multiuser viruses present a whole new can of worms.
-
- Not the best of assumptions about the state of the future, but an acceptable
- basis for discussion.
-
- >First, the user installs the software on their system (System A). They
- >run a program called INSTALL.EXE on the provided distribution diskette.
- >With appropriate warnings and notifications, the install program places
- >the marker on the system. It is possible that it would (with notice)
- >load the compression virus into memory at that time, so that it would
- >start to spread - or a choice could be given to place the virus on
- >a file or files, to be activated later (during decompression).
-
- Why should a virus require installation? If it requires me to run an
- install program, why not make it a time-run batch job that will compress
- the files daily?
-
- >If the virus was contained in the MARKER, then when a compressed file
- >leaves the system (such as taking a compressed executable from System A
- >to System B) there is no virus at ALL present in the file, and the virus
- >does not spread.
-
- This begins to invalidate the name 'virus' - the program then becomes a
- compression TSR, producing self-extracting executables
-
- >One possible problem would be a malicious virus masquerading as a
- >valid marker file. Then any file compressed with the beneficial
- >virus would activate the malicious virus - some sort of check would
- >have to be made that the virus was the *RIGHT* virus.
-
- With all the attendant troubles of verification and the slowdown it will
- present.
-
- >Having considered the infected file, let's consider the virus in operation.
- >It is assumed that the virus has only been placed in memory after it has
- >been verified that the marker was present, and it is okay for it to run.
-
- Does the virus get removed from memory after the executable stops? If not,
- then what happens when another executable is run?
-
- > 3. If the file is not compressed, it would write out to the file on
- > disk, in order:
- > - the marker check routine
- > - the decompression routine
- > - the compressed executable
- >
- > 4. It would then delete the original and rename the temporary file to
- > be the original.
-
- Note that this would change the creation date of every executable every time
- the program was run. Even on a single-user MS-DOS system, this can have
- some undesirable results.
-
-
- --
- Pete Hardie: phardie@nastar (voice) (404) 497-0101
- Digital Transmission Systems, Inc., Duluth GA
- Member, DTS Dart Team | cat * | egrep -v "signature virus|infection"
- Position: Goalie |
-