VIRUS-L Digest Wednesday, 2 Aug 1989 Volume 2 : Issue 166 Today's Topics: anti-virus software Re: "Computer Condom" (from Risks digest)... os/2 question (PC) axe by sea (PC) Fixed-disk infectors (PC) Re: message virus (was: Computer Virus Research) Re: "Computer Condom" (from Risks digest)... --------------------------------------------------------------------------- Date: Tue, 01 Aug 89 16:55:53 +0700 From: KOCI Emil Subject: anti-virus software I missed the actual programs (scan etc.) in VIRUS-L library at LEHIIBM1. It also would be a good idea to automatically distribute new versions when they arrive, to all members of the list. For "new" list-members it would be helpful to have instructions where/how to download/upload for different systems in every distribution-mail. (like IBMPC-L -list does). PS.: Is there on EARN/BITNET/ANYWHERE a regularily updated file with virus descriptions? (hard to get collection about known viruses and their symptomes) ------------------------------ Date: Tue, 01 Aug 89 12:33:15 -0400 From: Barry D. Hassler Subject: Re: "Computer Condom" (from Risks digest)... In article <0003.8907311200.AA25265@ge.sei.cmu.edu> dmg@lid.mitre.org (David Gu rsky) writes: >[From the Seattle Weekly, 5/3/89] > >PUT A CONDOM ON YOUR COMPUTER > >... >Cummings, the company's president, says the system "stops all viruses" by >monitoring the user network, the keyboard, and the program in use. He notes >that the system is programmable to alter the parameters of its control on >any given machine, but he guarantees that, "when programmed to your >requirements, it will not allow viruses to enter." Pardon me for my opinions (and lack of expertise in viral control), but I think these types of products are dangerous to the purchaser, while most likely being especially profitable for the seller. I just saw a copy of this floating around to some senior management-types after being forwarded several times, and dug up this copy to bounce my two cents off. First of all, I don't see any method which can be guaranteed to protect against all viruses (of course the "when programmed to your requirements" pretty well covers all bases, doesn't it?). Naturally, specific viruses or methods of attach can be covered with various types of watchdog software/hardware, but I don't think it is possible to cover all the avenues in any way. - ----- Barry D. Hassler hassler@asd.wpafb.af.mil System Software Analyst (513) 427-6369 Control Data Corporation ------------------------------ Date: Tue, 01 Aug 89 16:32:00 -0400 From: IA96000 Subject: os/2 question (PC) does anyone know if any of the major viruses can pass to other files when running under (in) the dos compatibility box of os/2 extended edition? IN other words, the systems boots up under os/2, you enter the dos box and start to execute dos programs. i would think it would not be able to pass, but i am open to comments and conversation on this matter. ------------------------------ Date: Tue, 01 Aug 89 16:37:00 -0400 From: IA96000 Subject: axe by sea (PC) we have been testing various ways to help prevent a file from becoming infected and have stunbled on an interesting fact. system enhancement associates (the people who wrote arc) have also released axe, a program compression utility. basically axe reads a .exe or .com file, compresses it as much as possible, tacks a dos loader on the front of the file and then saves the new file. in many instances, the resulting file is from 15% to 50% smaller than the original file and loads and runs just like a regular dos file. what is interesting is when a virus attacks an axe'd file. the virus writes itself into the file as many viruses do. however, when you next attempt to load and run the file, it will not load and locks up the system. this is not because the viruys has taken control! this happens because when an axed file is loaded, it is decompressed and the checksum is compared to the original one generated when the file was axed. I know axe was never designed to be anti-viral, but it sure works well in this regard. since the file is actually in encrypted form on the disk, it screws up the virus! ------------------------------ Date: 01 Aug 89 00:00:00 +0000 From: David M. Chess Subject: Fixed-disk infectors (PC) Does anyone know of, or has anyone even heard credible rumors of, any boot-sector virus that will infect the boot sector (master or partition) of IBM-PC-type hard disks, besides the Bouncing Ball and the Stoned? Those are the only two I seem to see that do that; am I missing any? DC ------------------------------ Date: 01 Aug 89 21:23:30 +0000 From: kelly@uts.amdahl.com (Kelly Goen) Subject: Re: message virus (was: Computer Virus Research) we call those ansi 3.64 control sequences.... vt100 and other terminals have similar if not exactly the same features... ansi.sys implements a subset of ansi 3.64 without any protection the problem has been known at various unix sites for years only now its starting to show up on pc's because of the usage of ansi.sys and other programs that recognize these sequences.... cheers kelly ------------------------------ Date: 01 Aug 89 21:18:49 +0000 From: kelly@uts.amdahl.com (Kelly Goen) Subject: Re: "Computer Condom" (from Risks digest)... hahahahahahahahah!!!!!!! right chief just like swamp land in them thar everglades... seriously though things will not improve until vendors start going for protected mode and other tricks...I am talking about 386's and 68030's here... maybe something could be done in this area with charge cars on a 286 but I doubt it... your need that virtual 8086 partition on the 386 to have any real safety and have to be operating protected mode to take advantage of it(DESQVIEW 386, THD386.sys etc) after that then there are still so many ways to get in!! cheers kelly ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253