-=> Mocking Paul Walker to Kurt Wismer <=-
   
 PW> Hi Kurt,
 PW> Kurt Wismer to Paul Walker, 17 Feb 98 22:01.
 
 KW> world requires that the virus database be reasonably small, so you're
 KW> thinking how do they fit every byte of every virus in the database -
 KW> to which i say "checksums"...
 PW> Or what others call "fingerprints", yes.
 KW> these can actually be called virus signatures, whereas scan strings do
 KW> not necessarily uniquely and exactly identify a virus, these do (with
 KW> the exception of cryptographic collision in the real world
 PW> But you don't know which method a virus scanner uses, unless it
 PW> explicitly  tells you.
and you can make scanners tell you...
some scanners, anyways...
f-prot /paranoid /guru will print "(exact)" after the virus
identification...
findvirus does exact identification by default, everything it says is
"identified as" was identified using exact identification, everything it
says is "like virus {whatever}" uses the more conventional method...
no other scanner that i know of, or developer for that matter, makes any
mention of exact identification (and you know how they are with new
technology, they advertise it a LOT)...
(further, a scanner has to provide some kind of information about which
method it's using or debugging it would be a lot harder for the
programmer)
... one good mock deserves another...
--- Platinum Xpress/Win/Wildcat5! v2.0
---------------