home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!gatech!darwin.sura.net!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: Nemrod_Kedem@f101.n9721.z9.virnet.bad.se (Nemrod Kedem)
- Newsgroups: comp.virus
- Subject: VSHIELD, VIRSTOP, ... comparison ? (PC)
- Message-ID: <0004.9212221358.AA03720@barnabas.cert.org>
- Date: 19 Dec 92 06:03:00 GMT
- Sender: virus-l@lehigh.edu
- Lines: 34
- Approved: news@netnews.cc.lehigh.edu
-
- (Sorry, Aryeh... I just have to...)
-
- > 1) VShield can check the authentication codes added to the files by
- > SCAN /AV (it is a BAD idea to modify other people's files!) and refuse
- > to run those that are not "checksummed". Unfortunately, this feature
- > can be trivially bypassed (i.e., it is trivial to write a virus that
- > adds a correct checksum to the file it infects).
-
- This is true when using VSHIELD with the /CV option. A better option
- to use is the /CF one, which compares the checksums from an external
- file created by SCAN /AF command and does not alter any executable
- file.
-
- > 3) VShield uses much more memory than VirStop.
-
- But may be loaded to high memory, and then needs less then 1K of
- conventional memory.
-
- > 6) VShield can be removed from memory (very BAD idea!).
-
- That's why there is the /NOREMOVE option...
-
- Regards,
- Rudy.
-
- - ----------------------------------------------------------
- Nemrod.Kedem@f101.n9721.z9.virnet.ftn (Nemrod Kedem)
- FidoNet: 2:403/138 VirNet: 9:972/0, 9:9721/0, 9:9721/101
- (972)3-966-7562 (14.4K) (972)3-967-0348 (Voice)
- P.O.Box 8394, Rishon Le-Zion, Zip 75253, Israel.
- - ----------------------------------------------------------
-
- - --- FastEcho 1.21/Real!
- * Origin: <Rudy's Place - VirNet, Israel> Make Safe Hex! (9:9721/101)
-
