[plug] [OT] heuristics (was: Rewinding word)
Leon Brooks
leon at brooks.fdns.net
Wed Mar 20 09:05:08 WST 2002
On Tuesday 19 March 2002 23:17, Peter J. Nicol wrote:
>> A virus scanner does not provide
>> any sort of technical impediment to me writing a piece of software which
>> erases all the files on your hard disk and posting it to you in the hope
>> that you'll try to open it.
> Not always correct. Many virus scanners employ heuristics that detect
> virus like behaviour.
Such as running dd if=/dev/null of=$device over each entry in /etc/mtab if
the program is run as root? I'm pretty sure that there are many ways to
destroy stuff that the heuristics don't cover. With the aid of Ghost and some
evolutionary programming, it shouldn't be too hard to do a semi-exhaustive
search on a typical system and find a handful of methods that escape the
heuristics, and are sufficiently difficult to systematise that the only hope
of catching them is basically to fall back on a specific-exception list.
``There are fifty ways,
to lose your data...''
Cheers; Leon
More information about the plug
mailing list