Anyone else read Mark Russinovich's book? By suspending all disbelief it was halfway fun to read. But I can't say I understood after reading it how a computer virus could cause such havoc. And it was pretty disappointing how little the author explained the actual workings of the viruses.
Why so difficult to identify what part of the OS a virus has infected? Sure, the virus can mask itself so that standard tools on the PC cannot see it. But what about tools which examine data stored on the PC without relying on any OS or BIOS routine? Or attach the hard drive of a PC to another PC and examine it there.
Is it possible to know the OS installed and all of its patches? That is compare the OS code of an infected PC against what that code would be if only MSFT patches had been installed on the system. All the differences would be viruses installed on the system. From there you can compute some signatures or checksums that would tell you if other systems are infected in the same way?
Yes, a virus will be mostly encrypted. But there still has to be hacked parts of the OS code that could be detected by a byte level comparison against an uninfected system, no?
In the book I thought it odd that the hero was stumped by viruses on the PC he was called in to work on. And he actually saves the day by being shot at and eventually fighting one of the villains. Better to be matching wits with the virus writer with a culminating scene that has a lot of jargon laden dialogue between the two.