Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!eecae!cps3xx!usenet
From: usenet@cps3xx.UUCP (Usenet file owner)
Newsgroups: comp.sys.mac
Subject: Virus protection (was: Re: nVIR info)
Message-ID: <720@cps3xx.UUCP>
Date: 24 Sep 88 22:20:27 GMT
References: <20200005@uxh.cso.uiuc.edu> <3716@charon.unm.edu> <541@uva.UUCP> <6443@pyr.gatech.EDU>
Organization: Engineering, Michigan State U., E. Lansing MI
Lines: 26
In-reply-to: ccasths@pyr.gatech.EDU's message of 24 Sep 88 19:20:59 GMT

In message <6443@pyr.gatech.EDU>, Scott Hinckley (ccasths@pyr.gatech.EDU)
suggests:
>How about this for Virus protection - 
>
>  [ Logging the date of every file change deleted ]
>
> Now, when you go to do your next back up you tell the backup program to only
> back up files that have changed (requires some sort of checksum and date
> modified disk from last backup?)
> When it finds a changed file it tells you what was changed and when it was
> last modified.
> You check this against your list before allowing the backup.
>
> Would it work?  Would it take way too much time?  Just some thoughts.

  Unfortunately, a smart virus author could preserve the modification
date.  So this wouldn't work 100% of the time.  The rest of the time
it would work, but would be too much work, I think (some programs,
like WriteNow for instance, mark files as modified even if they've
only been opened).
  Nice try though.

+----------------------------------+------------------------+
| Anton Rang (grad student)	   | "VMS forever!"	    |
| Michigan State University	   | rang@cpswh.cps.msu.edu |
+----------------------------------+------------------------+