When i was younger and had a lot of spare time on my hands (i can't remember if it in was my first year off college or in the last year of high school). I was a little of a paranoid virus buff, at a certain time i suspected i had a virus on my system.
I can't recall the exact number of virus scanners i had installed on my system, perhaps (3 or 4 probably more) but there was not a single file that entered my system without being scanned by 2 or 3 scanners, i could relax this rule a little but not one file entered the system with being scanned by the fabulous f-prot antivirus and it's amazing heuristics scanner.
I was quite sure i had gotten a virus on a file i had downloaded on a local BBS, so i fired up debug.com and wrote the smallest .COM file i could remember to act as a sacrificial lamb. I can't remember exactly what it was, but i think it consisted of a single RET, i executed it, and bingo the file got bigger. I had isolated the little bugger on my first attempt. Perhaps my moment of fame had arrived, since we already had a lisbon virus (i live in Lisbon) perhaps this one would be named after me. :-)
I sent the file to F-Prot to be analyzed. What happened after that was amazing, i got a reply from the famous Vesselin Bontchev, he thanked the file, and indeed it contained a virus but they already had obtained a copy 1 or 2 days ago. Alas my 15 minutes of fame hadn't arrived, but what i got aftwards was much better. Free education, and with one of the best. I started making some questions about virus modus operandis and techniques, and Dr Bontchev replied. The game was afoot and the dialog had begun. The mail exchange was fun, and i learn't a lot. But after a while (for christ's sake i was ~17-18 and knew everything :-) ) the pupil had (obviously in a different dimension) surpassed the master, he was no longer asking questions, he was making suggestions.
Apparently i wasn't completely off track, one of the suggestions (among others) i distinctly remember was to rewire Int 13h and detect malicious (while allowing legitimate ones, off course) writes (the reply was, product XXX does that (i got some of those)). Another ones, was intercepting machine code execution and interpret (in real time) it in order to detect malicious patterns. I wasn't aware of what i was suggesting, but some years later i understood that i was suggesting a complete virtualization of the operating system (and these on MS-DOS and a puny 386). Oh well it was fun while it lasted, but i was probably tearing off the patient Dr. Bontchev. So he went for the kill and said something along the lines of (i think these were his exact words) "Nothing is impossible for the man who doesn't has to do it!". Amazingly that ringed some bells, it was time for the idiot to shut up and crawl to under his rock.
I never forgot that interaction, and everytime i ask or suggest something to someone i ask myself "Is this impossible for someone who isn't going to do it?"
I thought this was a nice way to start my blog.
If you stumbled upon this and are planning to return i promise the next posts will be related to .NET. :-)