[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: anti-tamper software

Thanks to all who replied to my request, although it seems I didn't quite
make it clear what I was looking for.

I'm not particularly interested in a strong cryptographic solution, as this
isn't intended to detect intentional tampering - just unintentional, such
as a bad spot on a hard drive or corruption.  Turns out that Simtel has
a couple of such packages in /SimTel/msdos/virus - CVIRPROT.ZIP is enough
protection, although STEALTH.ZIP looked intriguing...

I was, however, interested in what Fred Cohen said about there being a generic
attack against such methods when applied to software protection against viruses
(virii?).  Is there such a generic attack, besides the obvious of jumping around
the detection code?  How about encrypting the executable, adding loader and
decryption code, then decrypting the executable at runtime - would that defeat
such an attack, or all such defenses doomed to failure?
Ed Carp, N7EKG    			[email protected], [email protected]
					214/993-3935 voicemail/digital pager
Finger [email protected] for PGP 2.5 public key		[email protected]

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes