On Thu, 24 Feb 1994, Brian D Williams wrote:

Why not "Parasitize" your program on to Command.com like many viruses do? The "Stealth" viruses also employ code that will not reveal the change in size to either MEM or CHKDSK, such code can also restore the timestamp.

This is a possibility, but one would have to make sure that the resulting file is indistinguishable from a normal file if one hopes to elude any but the most casual observers. Having a noise block at the beginning of the program is definately a telltale sign that something is amiss. An simple dissasembly of the program is all it would take to be sure that the strange looking noise block doesn't belong. And, if the moethod you've suggested becomes popular, a standard scan of .COM or .EXE files could be implemented by your opponent(s). However, this solution might be effected provided that one somehow makes the "noise" block look like a legitimate part of the program it has parasitized. It must also pass the dissasembly test. Another idea might be to make one's "noise" file look like a legitimate Clipper encrypted file. Imagine the frustration that would be felt by your opponent when even the seemingly appropriate escroe key that he has spent months aquiring is of no avail in decrypting the file! Of course, your efforts are going to be for naught when he realizes that your Clipper file is nothing of the sort. :( Back to square 1.

Brian Williams Extropian Cypherpatriot

"Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham

Sergey