Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA19370; Wed, 6 Jun 90 10:09:18 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA02727; Wed, 6 Jun 90 10:09:17 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA13780; Wed, 6 Jun 90 10:09:07 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa17058; 6 Jun 90 14:29 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 05 Jun 90 14:06:28 BST Message-Id: <$TGVGDBVHCNZH at UMPA> Subject: Virus-L vol 0 issue #0619 Virus-L Digest Sun, 19 Jun 88, Volume 0 : Issue #0619 Today's Topics Re: Cross-checking code Re: Cross-checking code ------------------------------ Date: Sun, 19 Jun 88 15:39:31 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: me! Jefferson Ogata Subject: Re: Cross-checking code > Would it be possible...? It would be possible; maybe not that easy. A virtual machine could be created to emulate a PC with, say, two virtual floppy drives and a virtual hard drive. The host machine would emulate the drives using swap space on its hard drive. I don't know of any way a virus could infect the host machine via swapping. Such an emulator could have various virus-oriented features, such as automatic trace of disk access -- what tracks were accessed and what files, and what net changes had been made to disk contents. It could also trace memory accesses to determine whether any funny business was going on in memory. Such an emulator would be pretty bulletproof, since it would be interpreting all of the machine code and never executing it direct- ly. A PC with a hard drive would be a good candidate for the host as well, although it would be desperately slow. Xerox workstations have a feature that allows you to stick a PC emulator card in the back and run a PC window. The workstations have a real floppy you can use, but allow you to create as many virtual floppies as you need. This might be a fairly safe way to test code. I'm not going to try it anytime soon, though. If you do try it, try it on someone else's Xerox. :-) By the way, other machines have similar features. - Jeff -------------------- Date: Sun, 19 Jun 88 15:43:59 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: me! Jefferson Ogata Subject: Re: Cross-checking code > Would it be possible...? It would be possible; maybe not that easy. A virtual machine could be created to emulate a PC with, say, two virtual floppy drives and a virtual hard drive. The host machine would emulate the drives using swap space on its hard drive. I don't know of any way a virus could infect the host machine via swapping. Such an emulator could have various virus-oriented features, such as automatic trace of disk access -- what tracks were accessed and what files, and what net changes had been made to disk contents. It could also trace memory accesses to determine whether any funny business was going on in memory. Such an emulator would be pretty bulletproof, since it would be interpreting all of the machine code and never executing it direct- ly. A PC with a hard drive would be a good candidate for the host as well, although it would be desperately slow. Xerox workstations have a feature that allows you to stick a PC emulator card in the back and run a PC window. The workstations have a real floppy you can use, but allow you to create as many virtual floppies as you need. This might be a fairly safe way to test code. I'm not going to try it anytime soon, though. If you do try it, try it on someone else's Xerox. :-) By the way, other machines have similar features. - Jeff -------------------- *** end of Virus-L issue ***