----- Original Message ----- From: "Dr. Vesselin Bontchev" <[EMAIL PROTECTED]> To: "Palm Developer Forum" <[email protected]> Sent: Wednesday, April 13, 2005 14:59 Subject: Re: reading stored memory
> > If I would be a virus writer, I would definitely open at least one > > db (virus master copy:) with exclusive mode right after reset, > > thus making it unreadable, (DmOpenDatabase will fail). > > In order to do that, however, your virus has to execute first. A good virus protection would not allow a known virus to run on the protected system; it will stop it at one of the entry points. So there is no need to scan the databases then. What if I just bought your antivirus and want to make sure that there is no virus on my palm? > > And, if the virus has managed to run, then all bets are off anyway - it can delete the anti-virus program, it can do *anything* - so going through such hoops like protecting its own database is often not worth the effort; at that point the anti-virus protection has *already* lost the game. > > The only reason a virus might want to do what you suggest is to avoid unknown scanners (if it knew them, it could simply delete them) that have been updated to detect the virus *after* it has already invaded the system. > > But, in general, as we say in the security business, "a compromised system cannot be trusted". This sounds trivial when stated like this, but it is amazing how often people forget its implications. > > Regards, > Vesselin > -- > For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/ It was just a hint, that the only possible way to scan *any* database is to do it after a special reset. I thought that might be of help. Regards, Miro Pomsar -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/
