[3890] in WWW Security List Archive
heuristic vacine and hers probems
daemon@ATHENA.MIT.EDU (Cybrain the raider)
Mon Dec 23 13:47:55 1996
Date: Mon, 23 Dec 1996 13:14:19 +0000
From: Cybrain the raider <cyb@tucbbs.com.ar>
To: www-security@ns2.rutgers.edu
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Some heuristics vacines (like DR-SOLOMONS, FPROT, TBAB, etc.) can be broken easly.
Testing Dr-Solomons, fProt and tbAv we found his probems.
Fprot
Dr-Solomons
Antidebuging protection can be easly passed with a simple antidebug routine that
end the program normaly.
TBAB
Is better than Fprot and Dr-Solomons because use a full code analisis without
debuging methods and then use debuging methods. So, the problem is...Antidebuging
at the encriptor.
But the big problem is Fprot and TBav's flags. With this help, virus makers easly found
these bugs!
I hope the next version of these products will fix that bugs.
-- o -- o -- o -- o -- o -- o -- o -- o -- o -- o -- o -- o -- o -- o -- o -- o -- o -- o --
Sorry for my english...
__ _ _ 0
/ \/ |_/ |_/ /\ | |\ |
\__ \ |_\ | \ /--\ | | \|
The Raider
