Path: utzoo!attcan!uunet!portal!cup.portal.com!Mark_Peter_Cookson From: Mark_Peter_Cookson@cup.portal.com Newsgroups: comp.sys.mac Subject: Re: nVIR info (was: Virii at the U of I Message-ID: <9475@cup.portal.com> Date: 27 Sep 88 00:36:25 GMT References: <20200005@uxh.cso.uiuc.edu> <3716@charon.unm.edu> <541@uva.UUCP Organization: The Portal System (TM) Lines: 12 XPortal-User-Id: 1.1001.2181 About checking each file and/or program. When you run a program, most of the time it gets its "changed" bit changed. This is why some backup programs offer not to back up applications since you can waste a lot of disk space backing up something that looks like it has changed, but really hasn't. I don't think that your method would work with applications or system files (they also get changed when run, sometimes....). Since the virus can't change anything until it is run, and it will probably only change the program that is running (it would get obvious if it started doing all the files on the HD). All in all, I don't think that the plan would work too well since too many are changed just by normal use and might be hard to tell from virus changed.... Mark Cookson