> Reducing the rate of virus infections by 10% is a lot more useful
>and interesting than reduing the rate at which breakins occur by 10%,
>perhaps one should think differently about the two phenomena.
Could not prove it by me. In 1991 I developed a method requiring about 20
bytes in the MBR/DBR of a PC that would have eliminated the spread of
low level viruses in the PC. Both Microsoft and Digital Research (since
bought by Novell) said it "was not in their business interest".
Tried shareware route. Made enought to pay for a disk drive and a monitor.
When Michelanglo came out I made it FreeWare. Have a much more capable
program DiskSecure (if interested, it can be FTP'd from OAK.OAKLAND.EDU
simtel/msdos/virus/dsii242.zip). For some reason the only users seem
to be either anti-virus developers or Canadians. Did get a nice writeup
in Rob Slade's "Guide to Computer Viruses".
Suspect the problem is that it does not have a pretty GUI since is just a
hobby. Documentation could be improved. However I firmly believe (am somewhat
fanatical & realize it - why I have not mentioned it before & will try to
avoid mentioning again) that if widely used, would eliminate the spread of
all current low-level viruses (last change to mechanism was made in early '93
and is still true today) - not all viruses but was about 50% in 1992,
is more like 80% now and *every one* of the "top 15" listed by IBM. These
are the ones that are not operating system dependant.
Compatable with nearly everything. 300 byte TSR in *low* memory. Triple-
redundant recovery (first line is fully automatic and *that* is dual
redundant), can use on Novell server, can use with Windows 32BitDiskAccess
(second best virus detection tool). Password control (trivial but harder to
bypass than Windows screen savers). LAN authentication. Does not need updates
(obviously another marketing mistake). No one except experts was interested.
And you talk about 10%.
The bottom line is that unlike anything else, a virus must spread to survive.
Stop the spread and they will fade away. Further, there are only a limited
number of ways that a virus can spread or know when to try to spread and these
can be controlled.
However, somewhere 10,000,000 lemmings were convinced that scanners were the
way to go, scanners that require periodic update$ to stay current. IMNSHO,
the order any organization needs to follow is
1) Discover that something is attacking
2) Determine what
Scanners are very good at handling the second but not so good at the first and
then are limited to what they know about. The fact that ten years after the
first PC virus, they are still a problem indicates how successful scanning has
been.
Sorry for the bandwidth but in firewalls it seems to be "deja vu all over
again".
Warmly,
Padgett
|
|
