Path: utzoo!attcan!uunet!portal!cup.portal.com!Mark_Peter_Cookson
From: Mark_Peter_Cookson@cup.portal.com
Newsgroups: comp.sys.mac
Subject: Re: nVIR info (was: Virii at the U of I
Message-ID: <9475@cup.portal.com>
Date: 27 Sep 88 00:36:25 GMT
References: <20200005@uxh.cso.uiuc.edu> <3716@charon.unm.edu> <541@uva.UUCP
Organization: The Portal System (TM)
Lines: 12
XPortal-User-Id: 1.1001.2181

About checking each file and/or program.  When you run a program, most of the
time it gets its "changed" bit changed.  This is why some backup programs offer
not to back up applications since you can waste a lot of disk space backing up
something that looks like it has changed, but really hasn't.  I don't think
that your method would work with applications or system files (they also get
changed when run, sometimes....).  Since the virus can't change anything until
it is run, and it will probably only change the program that is running (it
would get obvious if it started doing all the files on the HD).  All in all, I
don't think that the plan would work too well since too many are changed just
by normal use and might be hard to tell from virus changed....

Mark Cookson