From: Hans-Bernhard Broeker <broeker AT acp3bf DOT physik DOT rwth-aachen DOT de>
Newsgroups: comp.os.msdos.djgpp
Subject: Re: self-mod code and DJGPP - writable code segment?
Date: 15 Mar 2000 16:56:31 GMT
Organization: Aachen University of Technology (RWTH)
Lines: 23
Distribution: world
Message-ID: <8aofbv$ppt$1@nets3.rz.RWTH-Aachen.DE>
References: <INEPKJNPJEEIBAAA AT shared1-mail DOT whowhere DOT com> <Pine DOT SUN DOT 3 DOT 91 DOT 1000315105955 DOT 17230V-100000 AT is> <h7cvcs4ucael32pfin6a5nbdo0q1kliadj AT 4ax DOT com>
NNTP-Posting-Host: acp3bf.physik.rwth-aachen.de
X-Trace: nets3.rz.RWTH-Aachen.DE 953139391 26429 137.226.32.75 (15 Mar 2000 16:56:31 GMT)
X-Complaints-To: abuse AT rwth-aachen DOT de
NNTP-Posting-Date: 15 Mar 2000 16:56:31 GMT
User-Agent: tin/1.4-19991113 ("No Labels") (UNIX) (Linux/2.0.0 (i586))
Originator: broeker@
To: djgpp AT delorie DOT com
DJ-Gateway: from newsgroup comp.os.msdos.djgpp
Reply-To: djgpp AT delorie DOT com

Damian Yerrick <Bullshitd_yerrick AT hotmail DOT comremovebullshit> wrote:
> On Wed, 15 Mar 2000 11:04:21 +0200 (IST), Eli Zaretskii
> <eliz AT is DOT elta DOT co DOT il> wrote:

>>They now concentrate on Windows programs, so 
>>any DOS program is probably more safe.

> Would the features allow early detection of an infected
> RSXNTDJ program?

I don't think so. AFAIK, RSXNTDJ generates Win32 native apps,
i.e. pretty normal Windows programs. Meaning they're as infectable or
immune as any other Win32 app out there is. No special protection in
sight. The more advanced Win32 viruses may have problems with its
different layout (less slack space in the COFF to hide in, or
something like that), but I'm not sure about that.

The essential thing is really security by obscurity, here, I think.
DJGPP and RSXNTDJ compiled apps are too rare to act as the host for
any 'successful' virus.
-- 
Hans-Bernhard Broeker (broeker AT physik DOT rwth-aachen DOT de)
Even if all the snow were burnt, ashes would remain.