VIRUS-L Digest Friday, 14 Apr 1989 Volume 2 : Issue 89 Today's Topics: RE: Having hardware check writes to disk. re: More on the Alameda Virus (PC) Anti-viral archive at SCFVM (Mac) Re: More on Yale virus (PC) re: general question --------------------------------------------------------------------------- Date: Thu, 13 Apr 89 18:53 EST From: Go Reds! Subject: RE: Having hardware check writes to disk. The suggested solution of having hardware question writes to disk does not seem to be feasible. I work a lot with VAX Pascal and it is common for me to write to files a lot in programs. This would mean I would have to sit there and ok every write, highly inefficent. A better way would be to question writes to the operating system (I believe FluShot.com does this) since the way to make a virus most effective seems to me to be by infecting the operating system, thus changing what the run command does, thus enabling the virus to spread. Well, that's all I've got to add to this. Tom Kummer ------------------------------ Date: 14 April 1989, 09:20:02 EDT From: David M. Chess Subject: re: More on the Alameda Virus (PC) That does sound very much like the sample that I got from Yale, which I'm pretty sure is the same one that Loren got from Yale, and so is presumably the one that J.M. says is identical to the Alameda/Merrit. (Whew!) Presumably the "first free sector" in the article was a case of slight oversimplification for the sake of making it fit into the table? DC ------------------------------ Date: Fri, 14 Apr 89 10:01:00 EDT From: Joe McMahon Subject: Anti-viral archive at SCFVM (Mac) Hello all. We are going to be reorganizing the anti-virals archive here at SCFVM in the next week or so, to coincide with the rerelease of my anti-viral doc stack (version 2.0). I will be posting details when we've finalized them; I will probably be removing anything which is no longer supported (such as Interferon - since Bob Woodhead is concentrating on Virex now), or which has been outmoded. --- Joe M. ------------------------------ Date: Fri, 14 Apr 89 13:26:12 EDT From: "Conrad Jacoby (DC)" Subject: Re: More on Yale virus (PC) HI there!! As one of the original discoverers of the Yale virus this summer, I wish to make one comment in regards to a recent posting (Virus-L, v2 #88, last posting) that claimed that Almeda virus=Yale. In whoever's posting of thier summary, there was a statement that this virus did not work in 80286 machines because of different memory addresses and the like. If this is indeed true, than there is no way that the Almeda virus and the Yale virus can be the same creatures. All our public domain machines are IBM ATs, and the virus was transmitted quite successfully through any number of them. Indeed, I have no experience with the virus except on '286 machines. Could someone more knowledgeable about viruses and internal differences between 8088 and 80286 machines comment on this? - ----------------------------------------------------------------------- Conrad J. Jacoby P.O. Box 3805 Yale Station Yale University New Haven, CT 06520 Sterling Memorial Library (203) 436-1402 "Generalist at Large" JACOBY@YaleVM.BITNET @YaleVM.YCC.Yale.Edu - ----------------------------------------------------------------------- ------------------------------ Date: Fri, 14 Apr 89 14:07:35 EST From: Neil Goldman Subject: re: general question Bruce Ide suggests that the user could confirm all disk writes. Three immediate problems. 1. For every disk write, it would be a pain in the #&*%. Besides, users would get very complacent and OK everything without analyzing what is, should, and should not be written just before the little red light goes on. 2. Inexperienced users would not understand when they should confirm a write to begin with. 3. A virus could: a) simulate a "save" so the hardware thinks it is OK b) wait for a legitimate save to occur and propagate during that operation. I'm sure there are many other arguments against this methodology as well. But, Bruce, the more we work on the problem, the closer we get to a (if this is possible) a solution. So keep those ideas coming! *************************************************************** *Neil A. Goldman NG44SPEL@MIAMIU.BITNET* * * * Replies, Concerns, Disagreements, and Flames expected * * Mastercard, Visa, and American Express not accepted * *************************************************************** Acknowledge-To: ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253