From: Hans-Bernhard Broeker Newsgroups: comp.os.msdos.djgpp Subject: Re: self-mod code and DJGPP - writable code segment? Date: 15 Mar 2000 16:56:31 GMT Organization: Aachen University of Technology (RWTH) Lines: 23 Distribution: world Message-ID: <8aofbv$ppt$1@nets3.rz.RWTH-Aachen.DE> References: NNTP-Posting-Host: acp3bf.physik.rwth-aachen.de X-Trace: nets3.rz.RWTH-Aachen.DE 953139391 26429 137.226.32.75 (15 Mar 2000 16:56:31 GMT) X-Complaints-To: abuse AT rwth-aachen DOT de NNTP-Posting-Date: 15 Mar 2000 16:56:31 GMT User-Agent: tin/1.4-19991113 ("No Labels") (UNIX) (Linux/2.0.0 (i586)) Originator: broeker@ To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp Reply-To: djgpp AT delorie DOT com Damian Yerrick wrote: > On Wed, 15 Mar 2000 11:04:21 +0200 (IST), Eli Zaretskii > wrote: >>They now concentrate on Windows programs, so >>any DOS program is probably more safe. > Would the features allow early detection of an infected > RSXNTDJ program? I don't think so. AFAIK, RSXNTDJ generates Win32 native apps, i.e. pretty normal Windows programs. Meaning they're as infectable or immune as any other Win32 app out there is. No special protection in sight. The more advanced Win32 viruses may have problems with its different layout (less slack space in the COFF to hide in, or something like that), but I'm not sure about that. The essential thing is really security by obscurity, here, I think. DJGPP and RSXNTDJ compiled apps are too rare to act as the host for any 'successful' virus. -- Hans-Bernhard Broeker (broeker AT physik DOT rwth-aachen DOT de) Even if all the snow were burnt, ashes would remain.