2003-06-02

DOS anti-virus software

Eric Auer writes:

Hi, I checked a few sites...

all have "free for personal use" DOS and Linux licensing policies. Bitdefender also has free PalmOS/WinCE versions.

As maintaining antivirus software means that you have to have either very good heuristics (and a fast PC!) or very good sources which help you by providing MANY FRESH virus samples. Otherwise, antivirus software is bound to be as bad as, say, MSAV . This is why such software is usually not available as free / open source project of decent quality.

I think heuristic scanning and shields are still useful: Scanning for easy-to-scan-for signs of viruses does not take too much CPU time, and you need no database of virus signatures. Many viruses are pretty stupid and have been pretty stupid for the last 20 years. For example, when I get mail with iframes in it or pif/scr/exe/... attachments, I know at once that it is a virus or at least spam. I do not even have to analyze the program itself to know that. For boot sector viruses, I have an heuristic scanner which simply looks for the word 413 (this is because most boot sector virusses go TSR by reducing the "top of memory" value at 40:13 / 0:413...). Kurt is planning to write some VSAFE-like tool in summer as far as I remember. I will be happy to send him some inspiring comments then.