From: ecarp@netcom.com (Ed Carp)
Date: Fri, 13 Oct 95 08:17:46 PDT
To: cypherpunks@toad.com
Subject: re: anti-tamper software
Message-ID: <199510131516.IAA10764@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to all who replied to my request, although it seems I didn't quite
make it clear what I was looking for.

I'm not particularly interested in a strong cryptographic solution, as this
isn't intended to detect intentional tampering - just unintentional, such
as a bad spot on a hard drive or corruption.  Turns out that Simtel has
a couple of such packages in /SimTel/msdos/virus - CVIRPROT.ZIP is enough
protection, although STEALTH.ZIP looked intriguing...

I was, however, interested in what Fred Cohen said about there being a generic
attack against such methods when applied to software protection against viruses
(virii?).  Is there such a generic attack, besides the obvious of jumping around
the detection code?  How about encrypting the executable, adding loader and
decryption code, then decrypting the executable at runtime - would that defeat
such an attack, or all such defenses doomed to failure?
-- 
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes