Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!mcnc!thorin!unc!bell
From: bell@unc.cs.unc.edu (Andrew Bell)
Newsgroups: comp.sys.amiga
Subject: Re: The ultimate fix!!!
Summary: I didn't make up that subject,  by the way
Message-ID: <4273@thorin.cs.unc.edu>
Date: 19 Sep 88 22:45:57 GMT
References: <681@zehntel.UUCP> <3084@hermes.ai.mit.edu> <4197@thorin.cs.unc.edu> <599@accelerator.eng.ohio-state.edu> <378@uwslh.UUCP> <3568@s.cc.purdue.edu>
Sender: news@thorin.cs.unc.edu
Reply-To: bell@unc.UUCP (Andrew Bell)
Organization: University Of North Carolina, Chapel Hill
Lines: 31

In article <3568@s.cc.purdue.edu> ain@s.cc.purdue.edu (Patrick White) writes:
>In article <4241@thorin.cs.unc.edu> I wrote:
>>It might be possible for virii to move the nifty code out of the boot block
>>and execute it after it's done its dirty work,  but a virus that can do all
>
>   Why bother.. the virus can keep part of iteslf on the disk so it can be
>larger.. then it has all the room to emulate anything it wants to...

Have the boot block program check where it's running in memory.  On a cold
boot it should be in the same location unless you get new hardware or there
is a hardware problem.  Presumably a virus that copied the boot block code
elsewhere would have to do a good bit of work to set things up again so the
boot block code ran from the same point in memory.  If the boot block code
did a complex checksum on all the stuff beneath it, it could be very hard to
fool the bbc into thinking it's running on a virus free environment.
If there are multiple bbc's out there,  it would be hard for a virus to
determine which one is on a given disk and modify it so it doesn't check
its location.

Note that this requires have your boot disk un-write-protected since it must
save any changes in start-up point,  but only each time something actually
changes.

These bbc's aren't a change in the operating system;  they could be neat little
things that are useful regardless of the existence of viruses.  

>Pat White  (ain@s.cc.purdue.edu)

    -Andrew Bell
The Schizophrenic Grad Student
bell@cs.unc.edu