Greetings, gentlemen and ladies. Having just subscribed to this mailing list, I have several interesting questions to pose, not exactly knowing which end of the candle to light first. First off, my background does include some cryptological overtones. As a non-comissioned officer in the US Army, I was a COMSEC systems integrator and a COMSEC account custodian. (Anyone who may be familiar with the job knows the complexities of involvement.) I now earn my keep as a network systems integration consultant (great buzzwords) for a highly respected (and major) computer consultant firm based in the Washington, DC area -- far removed from the crypto-analytical sciences that you folks have an active interest. This job keeps me in the New York city area four days a week (What personal life?). Secondly, my professional area of expertise is networking (granted, it _does_ pat the bills). My personal area of expertise (and enjoyment), is DOS based computer virus "research". I was weened in IBM system 360/370 assembler (once upon a time) and am quite adept in the INTEL 80x86 assembler set. (Ralf Brown is one of my heros.) I "de-program" for hobby; taking things (viruses) apart to study their possible "interaction" and ability to cause major problems (sometimes they really do). You're probably telling yourself at this point, "Gee, I wish this guy would cut to the chase!" On that note -- I shall. ;-) In the past year, the DOS world has been confronted with several (two, significantly -- the MtE and more recently the TPE) encryption "engines" which are being used as "envelopes" for existing viruses. (Stay with me, now.) They are being called "polymorphs" by those "in-the-know"; more specifically, polymorphic viruses. The encryption is weak, compared to DES or RSA comparisons, but they do pose a major problem to the computer community because of the technological weaknesses of the antivirus product developers. Algorithmic development is not exactly their bag of tricks, in most cases. Most are reliant on pattern matching and have fits when presented with code that is _totally_ static. Although (I realize that) this conference newsgroup seems dedicated to privacy and ciphering-related issues, I'm just curious as to what exposure some of you may have with this type of problem. (I used to have Kelly Goen to bounce ideas off of, but he seems to have dropped out of the public eye a few years ago, but yet I see his name mentioned in the PGP docs.) Any serious responses are quite welcomed at fergp@systex.com. Public interest responses (I'd hope) will suffice in this area. Cheers from Manhattan. Paul Ferguson | Network Integration Consultant | "All of life's answers are Alexandria, Virginia USA | on TV." fergp@sytex.com (Internet) | -- Homer Simpson sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP public encryption key available upon request. --- fergp@sytex.com (Paul Ferguson) Sytex Systems Communications, Arlington VA, 1-703-358-9022