Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!cica!ctrsol!uakari.primate.wisc.edu!ames!ncar!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: time@oxtrap.oxtrap (Tim Endres)
Newsgroups: comp.virus
Subject: Re: Anti-viral hard disk controllers
Message-ID: <0006.8909291115.AA18536@ge.sei.cmu.edu>
Date: 28 Sep 89 21:02:15 GMT
Lines: 19
Approved: krvw@sei.cmu.edu

Virus infection is not *spread* via hard disks. Floppies and modems
are the *movement* medium. I am not sure what advantage this read only
hard disk has over simply monitoring the checksum of an application.

More importantly, not all computer systems have "read-only"
executables. Most notably, the Macintosh stores code in the resource
fork of an application, which is *frequently* modified. The move to
distributed execution from file servers is slowly changing this, but
it remains an issue.

We have a program, that once run against an executable, makes it
IMPOSSIBLE for a virus to infect that application and be executed.
Infection is still possible, but the application will never execute
again, thus stopping propogation. This is simply a check sum of the
executable set up in a way to inhibit execution once infection has
occurred. The use of a quick key word entered by the user at run time
prevents the virus from "intelligently" by-passing the check sum.

This solves only one facet of the problem, but a large facet it be.