Ŀ
Undetectable Viruses                                                         
By SIA [03-10-96]                                                            
S#4-19a                                                                      
                                                                             
It's very clear that the virus scanners cannot keep up with the              
new encryption programs which viruses are hidden.  For example,              
novice users often just simply scan, and if the scanner says                 
that there is nothing wrong with your file, he/she usually runs              
the file, and without warning, a virus takes over a victim's                 
hard drive.  What was wrong with that user's precaution techn-               
iques?  Picture this, a state trooper tries to use his radar                 
on high-speed sports cars, but his radar states that the car                 
is not speeding, even though it is speeding.  Its the same way               
with viruses, most viruses these days cannot be detected by                  
even the most sophisticated virus scanners, here are the reasons             
why:                                                                         
                                                                             
a. Batch file virus                                                          
b. Compressed by LZEXE, PKLite, or other .EXE compressors.                   
c. Encrypted by PROTECT or other .EXE encrypters.                            
d. New signatures                                                            
                                                                             
Batch file viruses are rarely seen these days, but they do exist,            
some batch viruses have been converted into .EXE and .COM files,             
the safest way to detect these kinds of viruses is by using a                
hex editor or even a plain text editor for .BAT files.                       
                                                                             
Compressed executable files which contains virus signatures can              
hardly be detected, since the whole .EXE file is compressed and              
some of the coding becomes "static" to your virus scanner, one               
safe way of detecting viruses off compressed executables is by               
using an decompressor, such as UNP.                                          
                                                                             
Encrypted virus executable files has also the same effect as                 
compressed virus executables, SIA suggests UNP's sophisticated               
techniques of decrypting and decompressing these files, and then             
run your favorite virus scanner.                                             
                                                                             
Most of the new virus scanner products can detect new virus                  
signatures, though be warned, not all virus scanners are perfect.            
Always look for the most up-to-date virus scanner data(s) for                
your virus scanner.  Sometimes, upgrades cost from nothing to                
$30.  It's better to be safe, than demolished.                               
                                                                             
***                                                                          
                                                                             
SIA is a non-profit organization outlined to provide the normal              
computer users with information concerning illegal activities                
and the dangers of cyberspace.                                               

