Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!cica!ctrsol!uakari.primate.wisc.edu!ames!ncar!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: time@oxtrap.oxtrap (Tim Endres) Newsgroups: comp.virus Subject: Re: Anti-viral hard disk controllers Message-ID: <0006.8909291115.AA18536@ge.sei.cmu.edu> Date: 28 Sep 89 21:02:15 GMT Lines: 19 Approved: krvw@sei.cmu.edu Virus infection is not *spread* via hard disks. Floppies and modems are the *movement* medium. I am not sure what advantage this read only hard disk has over simply monitoring the checksum of an application. More importantly, not all computer systems have "read-only" executables. Most notably, the Macintosh stores code in the resource fork of an application, which is *frequently* modified. The move to distributed execution from file servers is slowly changing this, but it remains an issue. We have a program, that once run against an executable, makes it IMPOSSIBLE for a virus to infect that application and be executed. Infection is still possible, but the application will never execute again, thus stopping propogation. This is simply a check sum of the executable set up in a way to inhibit execution once infection has occurred. The use of a quick key word entered by the user at run time prevents the virus from "intelligently" by-passing the check sum. This solves only one facet of the problem, but a large facet it be.