From: Phiber Optik <phiber@eff.org>
Date: Thu, 11 Feb 93 21:43:13 PST
To: ebrandt@jarthur.Claremont.EDU (Eli Brandt)
Subject: Re: Viral encryption
In-Reply-To: <9302120017.AA28034@toad.com>
Message-ID: <199302120541.AA06625@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> > From: thug@phantom.com (Murdering Thug)
> > I myself am very familiar with the virus underground, so for those who are
> > not, let me explain the two newest and most deadly virus techniques which
> > are being seen in the DOS world.
> 
> [ discusses stealth viruses, around for, oh, five years at least; and
>   the MtE. ]
> 
> Reasonably accurate discussions, but let's leave the hype for _Time_
> and McAfee.  "Stealth" viruses can be detected in memory, if you make
> the mistake of getting infected in the first place.  MtE-derived
> viruses enjoyed a window of about a month while they could not be
> detected by scanners; they had no such reprieve from integrity
> checkers.  Big deal.  (Well, from the point of view of a scanner
> writer, it must be a pain, but that's not the user's problem.)
> Cryptohash integrity checking is probably the way to go in the long
> run, but scanners still work.
> 
> The "most deadly virus technique", in terms of number of infections
> caused, is probably that of boot-sector infection.  Low-tech, but it
> seems to work.
> 
> > Thug 
> 
> 	 PGP 2 key by finger or e-mail
>    Eli   ebrandt@jarthur.claremont.edu
> 

I'm sick and tired of all the virus hoo-hah myself.  The only "anti-virus
software" a hacker needs is DEBUG.  And maybe your favorite sector editor
utility, like DISKEDIT.  Anything more, and you're an embarassment.
Why don't you just send your life savings to McAfee while you're at it.
I could go and quote P. T. Barnum right now, but I think my point is made.