VIRUS-L Digest Monday, 16 Jan 1989 Volume 2 : Issue 16 Today's Topics: Any connection between the ping-pong virus and WordPerfect? (PC) re:anti-viral encryption schemes --------------------------------------------------------------------------- Date: Mon, 16 Jan 89 16:33:29 IST From: "Eldad Salzmann (+972)-3-494520" Subject: Any connection between the ping-pong virus and WordPerfect? (PC) I am new to this list, I heard about it from Norbert Hanke after sending a query about some viruses I ran into in Israel. The query was sent both to Dist-Mic at RPICICGE and to RED-UG at TREARN. I'm repeating my query here for the sake of those who haven't read it. I will be very grateful if some of you, who feel that they are well-informed, will be able to enlighten me a little about this subject. * * * Originally entitled: Needed: A Virus Vademecum Recently I've encountered the formidable Bouncing Ping-Pong virus on a friend's hard disk. As far as I know, this is a "benign" virus, which does not cause any damage to files, but I'm not sure about that. I heard it resides on the root, but I'm not sure about that either (what does this imply? That it attacks the system files, the two hidden DOS files and/or the command.com?). Is a diskette totally safe when it is write-protected? I was sure about that, until I read some things which made me worry. How can one know that the antivirus program s/he received is really effective? I guess it's not possible to know that, the taste of the pudding is in the eating... Was WordPerfect infected by the omnipotent virus? I don't know whether it had anything to do with the following event, but... A WordPerfect which was till then working quite smoothly from the HD, sud- denly began to look at drive A: for its WP.exe file, and to complain that the diskette was write-protected. At first I thought that the virus had high expectations and aspired to enlarge its kingdom over the diskette files as well, but it then occurred to me that maybe WordPerfect needs to write something on the diskette (or the HD) when it loads, something like a tempo- rary file which is erased afterwards. Well, does it? And why does it need to load its main file from a diskette all of a sudden, after it worked so nicely from the HD? * * * Is there any panacea against viruses? And if not, are there any programs which counteract both the first known virus (in Israel it was the famous virus which appended itself to EXE and COM files, indicating its existence by the appearance of the string "SuMSDos" within the executable files) and the Bouncing Ping-Pong virus? Any comments will be appreciated. I sincerely hope there are people on this list who experienced some sort of a virus (or a Trojan horse) and survived, and now can share with me their experience. Eldad Salzmann ------------------------------ Date: Mon, 16 Jan 89 12:20:20 EST From: Don Alvarez Subject: re:anti-viral encryption schemes Homer W. Smith and others have been discussing program encryption as a method of defending against viruses. Before use, the program would be decrypted. Any virus which had attached itself to an application would become scrambled and neutralized when the application was decrypted. Sorry to disagree with you, but you have to be very careful that the "cure" isn't worse than the "disease". If you do daily backups, you can't loose more than 8 hours work. 30 seconds of decryption time 30 times a day means in two months you waste 8 hours doing decryptions. Anyone who expects viral infections less frequently than once every two months is quite literaly wasting their time with this scheme. Consider instead just spending two minutes a day backing up your work. At this rate, you will have achieved a savings in time as long as you are infected at least once a year, and as a side benefit you are protected against power outages, head crashes, and disasterous typos. - Don Alvarez + ----------------------------------------------------------- + | Don Alvarez MIT Center For Space Research | | boomer@SPACE.MIT.EDU 77 Massachusetts Ave 37-618 | | (617) 253-7457 Cambridge, MA 02139 | + ----------------------------------------------------------- + ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253