Front-End Anti-Viral Detection Mechanisms Using Replicating/Self-Replicating Software
Abstract
The objectives of Front-End Anti-Viral Detection Mechanism Using Replicating/Self-Replicating Software, are threefold: Research viral mechanisms, anti-viral procedures, and self-replicating software mechanisms for use as security products in MS-DOS and UNIX environments on PCs and Minis. Evaluate the applicability of said mechanisms to protect and/or identify and/or detect computer virus intrusion and corruption within said systems. Begin experimentation with a replicating/self-replicating software product to be used to secure SDIO operating systems, libraries, and archives. TECHNICAL PROBLEMS: AT&T UNIX system 5 version 3 (HCL America Magnix)- CSH supports job monitoring while KSH does not. The disassembler incorrectly disassembles an instruction. The use of a WORM program (a self-contained self-replicating software mechanism) for the Watchdog/Paranoia concept due to architectural limitations with regard to memory, memory addresses, and logical memory segments. Due to time and resource limitations, ACC, Inc. used a publicly known CRC-32 algorithm. Watchdog/Paranoia slows down an MS-DOS based PC appreciably; and a UNIX machine, somewhat. Faster, optimized algorithms need to be researched. Due to the impossibility of using existing appropriate technologies for detecting a well- written WORM or Trojan Horse program, these programs were omitted from the proof of concept. Future considerations will address these type of programs directly and separately. (aw)
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 19, 1989
- Accession Number
- ADA214255
Entities
People
- Ralph W. Trickey
- Thomas E. Sobczak Jr.