In December, 1988, shortly after the Morris Worm, Jay Nickson started work on Quarantine, an anti-malware and file reliability product. released in April, 1989, Quarantine was the first such product to use file signature instead of viral signature methods.
The original Quarantine used Hunt's B-tree database of files with both their CRC16 and CRC-CCITT signatures. Doubling the signatures rendered useless, or at least immoderately difficult, attacks based on CRC invariant modifications. Release 2, April 1990, used a CRC-32 signature and one based on CRC-32 but with a few bits in each word shuffled. The subsequent MS-AV from Microsoft, 'designed' by Checkpoint, apparently relied on only an eight bit checksum -- at least out of a few thousand files there were hundreds with identical signatures.
In 1990 Quarantine received the LAN Magazine, Best of Year, Security award. In that year "Quarantine" was reportedly responsible for finding the first stealth virus at the University of Toronto, when all pattern matching virus detectors had failed.
The 1990 version also allowed
Quarantine allowed system managers to track all modifications of a selected files or file structures, hence Quarantine users also got early warnings of failing disks or disk interface cards.
The efforts and expenses to convert Quarantine to other platforms went unrewarded as Tripwire's 1991 copy of Quarantine for *nix was better funded and publicized than OnDisk could afford to match.
Jay's later efforts include modularized reliability and intrusion approaches that include either SHA-1 or MD5 signatures, or both if you like. Quarantine stopped shipping in 1994.
Vendors set to advance security plans; Sun, Cisco and IBM ready technologies designed to reduce impact of attacks.
Mar 08, 2004; Byline: ELLEN MESSMER Vendors are pursuing a variety of security initiatives intended to rein in the worst effects of problems...