56 lines
2.7 KiB
Plaintext
56 lines
2.7 KiB
Plaintext
FUNGEN7.CVP 911113
|
|
|
|
File checking
|
|
|
|
Most file infecting viral programs can be checked for quite
|
|
simply, and without any special programs or equipment.
|
|
Provided, that is, that the computer user will pay the most
|
|
minimal attention to the system, and take the most basic
|
|
precautions.
|
|
|
|
The simplest form of antivirus detection "equipment" is a list
|
|
of all the programs to be run on the computer, with the size and
|
|
"last changed date" for each. (The list for "resource" based
|
|
systems such as the Macintosh will, of necessity, be somewhat
|
|
larger, and must include all "code" resources on the disk.)
|
|
With some few (albeit important) exceptions, programs should
|
|
never change their size or file date. Any changes that are
|
|
made, should be at the request of the user, and thus easy enough
|
|
to spot as exceptions.
|
|
|
|
While "stealth" technology of various types has been applied to
|
|
viral programs, the most common (and successful) viri, to the
|
|
date of this writing, have not used it. Most change the size of
|
|
the file, and generally do it in such a standardized fashion
|
|
that the "infective length" of the virus is often used as an
|
|
identification of the specific viral program. The file date is
|
|
changed less often, but is sometimes deliberately "used" by the
|
|
virus as an indicator to prevent reinfection. (One used the
|
|
value of "31" in the seconds field, which is presumably why the
|
|
later 1.xx versions of F-PROT all had dates ending in 31.
|
|
Another used the "impossible" value of 62.)
|
|
|
|
Even when stealth techniques are used, they generally require
|
|
that the virus itself be running for the measures to be
|
|
effective. We thus come to the second piece of antiviral
|
|
equipment; the often cited "known clean boot disk". This is a
|
|
bootable system (floppy) disk, created under "sterile"
|
|
conditions and known to be free of any viral program infection,
|
|
and write protected so as to be free from possible future
|
|
contamination. When the computer is "booted" from this disk,
|
|
the hard disk boot sector and system areas can be bypassed so as
|
|
to prevent "stealth" programs from passing "false data" about
|
|
the state of the system.
|
|
|
|
Viral protection can thus start with these simple, and
|
|
non-technical provisions. Starting with a known-clean system,
|
|
the list can be checked regularly for any discrepancies. The
|
|
"clean disk" can be used to "cold boot" the system before these
|
|
checks for added security. Checks should be performed before
|
|
and after any changes made to software, such as upgrades or new
|
|
programs.
|
|
|
|
Security does not, of course, end here. This is only a very
|
|
simple first line of defence.
|
|
|
|
copyright Robert M. Slade, 1991 FUNGEN7.CVP 911113 |