Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!mailrus!sharkey!atanasoff!jwright
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Newsgroups: comp.sys.amiga
Subject: Re: "xeno" virus
Message-ID: <1332@atanasoff.cs.iastate.edu>
Date: 12 Aug 89 22:51:17 GMT
References: <21fB02Wm49np01@amdahl.uts.amdahl.com>  <3633@mentor.cc.purdue.edu>
Reply-To: jwright@atanasoff.cs.iastate.edu.UUCP (Jim Wright)
Organization: Iowa State U. Computer Science Department, Ames, IA
Lines: 18

In article <3633@mentor.cc.purdue.edu> ain@mentor.cc.purdue.edu (Pat-bob White) writes:
| In article  hubey@pilot.njin.net (Hubey) writes:
| > [wonders about programs to check files' CRC values]
| 
|    Anyone could write a program to do that now -- if they didn't publish
| their CRC calculation method, then things would be safer till some virus
| writer found it out.  Once that happened, there would be many people relying
| on that program to keep them safe.. making it actually easier for a virus to
| spread.

There's a better way.  Use two different polynomials to compute the CRC
values.  A single CRC check can be faked out by tweaking the bytes, but
getting past two such checks would be much more difficult.  Even if you
distributed source code.

-- 
Jim Wright
jwright@atanasoff.cs.iastate.edu