Virus Defense Mechanisms
When viruses began to gain popularity, so did antivirus programs. The first holistic program to fight MMC was Flushot by Ross Greenberg in 1987. It attempted to prevent viruses and Trojans from making unwarranted changes to files and the disk. While hopelessly outdated today, it offered hope in the early battle against computer viruses and Trojans. There were a few programs that would search for and eradicate a particular type of MMC. But it was not until 1989 that John McAfee released his VirusScan™ program, which could detect and repair several viruses at once, that the antivirus scanner became popular. Initially scanners minimized the potential threat of MMC, and some AV researchers thought the threat of computer viruses would be over.
The typical life cycle of a DOS computer virus went something like this:
A virus gets created and released.
The virus infects a few PCs and gets sent to an antivirus company.
The antivirus company records a signature (covered in Chapter 14) from the virus.
The company includes the new signature in its database.
Its scanner now detects the virus, and the threat of the virus is lessened.
If you’re a DOS virus writer, your creation can’t spread all over the world if it’s being detected and cleaned within a few weeks of its release.
Virus writers started fighting back with more sophisticated virus defense mechanisms to go undetected longer. Thus, the war of the virus writers against the antivirus vendors began. In a sense, ...
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
