| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 4223.1 | | CBHVAX::CBH | Lager Lout | Sat Oct 28 1995 13:09 | 5 |
| Excuse the dripping cynicism, but F-PROT is probably nice and cheap, and is
therefore saving the company money... (just like the CHEFS supercluster saved
a huge amount, especially as no-one'll use it because it's so slow!)
Chris.
|
| 4223.2 | Don't know what you're all complaining about | VIVIAN::RANCE | http://vivian.hhl.dec.com/rance/ | Sat Oct 28 1995 18:26 | 18 |
| I recently tested what the current version of F-PROT did when I
inserted a floppy containing the FORM virus.
I had discovered the virus on scanning the floppy prior to reading it
and decided to see what happened when I tried to copy files from the
floppy. Under MS-DOS virstop displayed 3 warnings, each accompanied
by a sound from the PC speaker. When I tried to get a directory
listing from File Manager under windows it did the same, overwriting
my windows with the message.
Seems good enough to me.
On the subject of the CHEFS cluster. It's working fine for me at the
moment, if only you moaners would stop trying to read your mail
during work time you'd have no problems 8^)
Stuart
|
| 4223.3 | Works great, if you install it properly. | HSOSS1::HARDMAN | Digital. WE can make it happen! | Sat Oct 28 1995 19:20 | 22 |
| You can't just copy F-Prot onto your hard drive and think that you're
protected! Just becuse the files are on the drive, doesn't make them
active. You need to add a line to your config.sys as follows:
DEVICEHIGH=C:\F-PROT\VIRSTOP.EXE
(assuming you have F-Prot in the F-PROT directory on the C drive)
to activate the virus detection each time you boot.
I've been using F-Prot for years now, and it's always detected any
viruses I've brought home from customer sites. (Even customer sites
that were running Norton Anti-Virus!) As for the so-called Anti-Virus
files that come with DOS, you might as well delete them. They're just a
waste of disk space. MSAV is one of the least effective Anti-Virus
programs around. :-(
BTW, Phil Bancroft (MINOTR::BANCROFT) is the PC Virus Specialist with
Corporate Security. You can also read more than you ever wanted to know
about computer virii in the POWDML::PC_SECURITY notesfile.
Harry
|
| 4223.4 | | tennis.ivo.dec.com::KAM | Kam WWSE 714/261.4133 DTN/535.4133 IVO | Sun Oct 29 1995 01:37 | 2 |
| I just got a HiNote from Corporate with F-PROT 2.19 and it will DETECT
the FORM virus but will NOT delete it.
|
| 4223.5 | F-Prot removes Form Virus and most others! | MROA::HEIER_L | | Sun Oct 29 1995 08:49 | 8 |
| F-PROT has always removed the FORM Virus. You need to boot off of
a clean, bootable floppy to remove the FORM virus from the boot
sector of the Floppy disk. If you need help, please add the
following notes conference: POWDML::PC_SECURITY
Regards,
Larry
|
| 4223.7 | | BSS::BRUNO | Burly Computer Nerd | Sun Oct 29 1995 15:27 | 7 |
| F-Prot has always removed FORM for me, and I encounter it pretty
frequently.
My guess is that it is configured to just report, instead of
AUTOMATIC DISINFECTION.
Greg
|
| 4223.8 | Check Everything--Save ALL | SUBSYS::MCCULLER | | Sun Oct 29 1995 20:04 | 29 |
| RE: -.0
Bill--
I recently had a vendor conduct a thorough examination of one
of our tools because of a virus rumor. The sample size was 1000
diskettes from a population of 6000. The vendor checked the diskettes
using the version of F-PROT I distributed to the field (you are on
my distribution list, I believe). In addition to determining if
there was any virus present on any diskettes, they checked to
determine if the write-protect tab was set on the diskettes distributed
from SSB. The results were positive: no viruses, only one of 1000
diskettes had the write-protect tab in the non protected position.
Although it is possible to have any number of viruses on your system,
if you use the FPROT utility to check all floppies before you try to
install them, you will reduce your risk of infection. Note that ANY
TIME you feel you have received an infected diskette, you should
contact the source immediately-AND provide them the diskette for
examination. Your best bet is to follow the setup instructions I
provided you in September and check you hard disk on boot-up, and
every floppy you insert in your floppy drive.
Call me if you wish to discuss this in more detail (I'll be at THOT
so I will probably see you there). Good reference in earlier note
about the PC_SECURITY notesfile.
Mac
|
| 4223.9 | Looking into the wrong end of the tube? | RICKS::PHIPPS | DTN 225.4959 | Mon Oct 30 1995 05:51 | 5 |
| I never (knock on wood) have run into FORM or any other virus.
Where do you people get these floppies?!
mikeP
|
| 4223.10 | | ROWLET::AINSLEY | Less than 150 kts. is TOO slow! | Mon Oct 30 1995 08:08 | 10 |
| re: .9
>Where do you people get these floppies?!
From our management. Seriously. About a year ago, one member of our
development team received a floppy from someone up our management chain
that contained a virus. I don't remember which one.
Bob
|
| 4223.11 | | ICS::BEAN | Attila the Hun was a LIBERAL! | Mon Oct 30 1995 08:10 | 14 |
| re some back
F-PROT is very inexpensive. In fact, it is FREE for personal use and
costs very little when used on business' machines (last I checked, it
was one US dollar per machine, with a minimum of 20 machines).
However, that is NOT a reflection of its worth. F-PROT is exensively
tested and was reviewed last year at the top of the list of available
virus scanners by PC Magazine.
I've been using it for about three years and cannot remember ever
having a problem with it. I am anxiously waiting for a WIN95 version.
tony
|
| 4223.12 | That me - Mr F-PROT | MINOTR::BANCROFT | | Mon Oct 30 1995 09:23 | 45 |
| Phil Bancroft - DTN 223-8732 Corporate Information Security Group
I chose the F-PROT software kit as the highest Return On Investment
item I could find. It has normally rated top or second on anti-virus
scanner tests.
There are various files in the kit, regrettable named .DOC which
explain the capabilities and arguements for the software. Please read
the COMMAND.DOC at least before condeming the software.
I HAVE seen cases where there was a "Circular Infection" (TWO different
boot sector viruses on the same system) and F-PROT has been unable to
remove both at the same time. That meant one was removed, then next
one came in, that one removed, the original came in. Fortunately in
every case so far, the viruses have NOT been tricky. That means I was
able to boot from a diskette, and SEE the C: frive and files (showing
the virus had not shafted the hard drive like MONKEY will). I was
therefore able to safely use FDISK/MBR to replace the MBR and kill both
viruses at once.
PLEASE do a DIR MINOTR::USER6:[VIRUS] and look at the files. The top
files, marked REM are empty files used as remarks to YOU to tell you
the latest Versions of the tools, and any other vital data. Following
that in the directory and things like C_F_PROT.EXE which is the latest
full F-PROT kit, PKZIPped and then ZIP-2-EXEed to make it self
exploding. I also modify it from stream to Fixed Blocked 512 to make
the copying more reliable. Any questions on the other stuff, please
email me or look in the POWDML::PC-SECURITY notes file where many
sharp people add value to the effort.
FOR THE FUTURE - we have licensed and are piloting the SOPHOS suite of
tools which eventually will cover VMS, UNIX, AND APLHA servers, and
DOS, OS2, W95, WIN-NT, and Novell clients. These server/client tools
will cover us easier and faster. F-PROT supplier does not intend to
go beyond DOS support, so this is a good time to upgrade. We will
probably maintian F-Prot as a second line item for stand-alone systems.
The future tool set will prevent file type viruses by encrypted CRC
checks against a table of "certified" programs, and only when there has
been a change will the suspect software be scanned. This combines the
best of both Integrity Checking (VERY FAST) and scanning. Updates of
the software will be server based and automatic.
The effort is evolutionary. Polite suggestions are welcome.
Any PC experts and/or virus experts are invited to join our "Anti-Virus
SWAT Team" (SWAT = special weapons and tactics, seems appropriate).
Just send me mail.
|
| 4223.13 | I guess F-Prot will die with DOS | HSOSS1::HARDMAN | Digital. WE can make it happen! | Mon Oct 30 1995 10:08 | 8 |
| >F-PROT supplier does not intend to go beyond DOS support, so this is a
>good time to upgrade. We will probably maintian F-Prot as a second
>line item for stand-alone systems.
Sounds like a path to extinction... :-(
Harry
|
| 4223.14 | | NETCAD::SCARAMUZZO | Adapters Product Group, LKG1-3 | DTN 226-6977 | Mon Oct 30 1995 11:05 | 30 |
| RE: *
F-Prot *WILL* disinfect the FORMS virus. When you run F-prot (as was
previously stressed, from a clean bootable diskette) you need to
select as an "Action:" Automatic Deletion when performing a SCAN. For
some reason with F-Prot this option has to be selected to fully
delete the FORMS virus.
Also someone else mentioned to install VIRSTOP.EXE (a component of the
F-Prot package) so that it gets executed in your AUTOEXEC.BAT command
file. This is an excellent idea for ANYONE that has a PC and is concerned
about PC VIRUS's. I have it set up as follows in my AUTOEXEC.BAT:
C:\F_PROT\VIRSTOP /FREEZE
This "freezes" my PC anytime I place a diskette in my A:\ drive that
has a virus. There has been about 5 times where someone has handed me
a diskette and I placed it in my A:\ drive and VIRSTOP detected a virus
on it. Not only does this save your system from getting any virus's but
helps to alert others who have infected systems..... If VIRSTOP was
installed on every system a good chunk of these virus's would be stopped.
Kind of like a Polio vaccine.... :-)
A self expanding version of F-PROT can be copied from:
MINOTR::USER6:[VIRUS]C_F_PROT.EXE
Notesfile: POWDML::PC_SECURITY
-Pete
|
| 4223.15 | Use the latest config for best results! | HSOSS1::HARDMAN | Digital. WE can make it happen! | Mon Oct 30 1995 12:39 | 18 |
| Pete, loading Virstop from autoexec.bat isn't as effective as loading
it as a device driver. Several versions ago the VIRSTOP.DOC file was
changed to reflect this. Here's an excerpt:
>The recommended way to load VIRSTOP is to load it from the CONFIG.SYS
>file, with a command such as:
> DEVICE=C:\F-PROT\VIRSTOP.EXE
>Or, if you are using DOS 5 (or 6), you can instead use
> DEVICEHIGH=C:\F-PROT\VIRSTOP.EXE
>IMPORTANT! - If any memory managers, such ar 386MAX, HIMEM or QEMM are
>used, they must be loaded before VIRSTOP.
Harry
|
| 4223.16 | | VSSCAD::SIGEL | | Tue Oct 31 1995 15:25 | 8 |
| Re .15
Will F-PROT still do the diskette freeze Pete mentions in .14 if
you load VIRSTOP from CONFIG.SYS as you specified, or is there
something else that needs to be on the command line in order to
take advantage of that feature?
-- Andrew
|
| 4223.17 | Works for me | HSOSS1::HARDMAN | Digital. WE can make it happen! | Tue Oct 31 1995 21:57 | 7 |
| Andrew, it's been my experience that F-Prot does indeed lock the system
(with lots of fanfare and an on-screen warning) if you try to use an
infected diskette. I've been using it from config.sys for well over a
year with no problems.
Harry
|
| 4223.18 | maintain a standalone virus recovery disk | TESA::WILSOND | learning as i go | Wed Nov 01 1995 13:57 | 51 |
| clarification: our corporate license with frisk software is for
DOS F-Prot and does not include any clauses for Windows95+
support. hence, this is not a life threatening decision
from FRISK.
clarification: our corporate license, in last discussions with
phil bancroft, is in its third (and option year) of our contract.
the license is not free to digital, but digital employees do have
some free access to it.
SWEEP, from Sophos, is offerring digital platform extensive
support, and hence the effort to migrate to SWEEP.
it is also a "quality" product.
suggestion: if you are concerned with acquiring a virus, you should
carry a "virus-recovery" boot floppy. some virus have stealth
capability and will hide, etc... it also simplifies recovery
and isolation when a problem is detected.
as some virus are very destructive, having a standalone boot
floppy, may be the only way to recover.
suggestion: if are concerned about this area, i recommend "Virus
Bulletin", "the" international journal. phil is the digital
member on the advisory board.
detailed product reviews are often and comparitive studies every
six months. from the january 1995 review, norton v3.0 rated
poorly, and was not included in the july 1995 review.
virus bulletin ltd
21 the quadrant
abingdon, oxfordshire
ox14 3ys, england
44 (0) 1235 555139
suggestion: no scanner is 100%, some are damm close. so two
scanners are better than one.
three scanners are better, if you need to resolve false-positives.
comment: please note there is a difference between virus detection,
protection and removal. each require their own specific measures.
comment: as a person defining PCBU Manufacturing Software Policies,
all PCs are validated to be free of any known virus, as a final
step before shipping to manufacturing.
|
| 4223.19 | | ROWLET::AINSLEY | Less than 150 kts. is TOO slow! | Wed Nov 01 1995 14:52 | 12 |
| re: .18
>comment: as a person defining PCBU Manufacturing Software Policies,
> all PCs are validated to be free of any known virus, as a final
> step before shipping to manufacturing.
What tool do you use to do this for PCs that come preloaded with
Windows 95? Do you boot a DOS 6.xx floppy and do the check?
Bob
|
| 4223.20 | | SMURF::PBECK | Rob Peter and pay *me*... | Wed Nov 01 1995 15:35 | 12 |
| re .19
I can't see why that wouldn't work. Windows 95 does use a modified
FAT file system (for long filenames), but it creates old-FAT
compatible names that non-W95 apps like F-PROT can read. I have used
F-PROT to scan files I've downloaded to my W95 system before using
them.
What I don't know (and wouldn't really want to try) is what would
happen with the VIRSTOP TSR under Windows 95. But from my
experience, manual scanning does work (well, I've never found any
viruses with it, but I've never had a PC infected, either).
|
| 4223.21 | Sweep is nice | WOTVAX::buzyal.wlo.dec.com::sharkeya | James Bond uses Loginn | Wed Nov 01 1995 17:41 | 5 |
| FYI, the Sweep TSR works fine with Windows 95. It caught a virus on a
floppy that someone brought in
Alan
|
| 4223.22 | | NETCAD::SCARAMUZZO | Adapters Product Group, LKG1-3 | DTN 226-6977 | Fri Nov 03 1995 10:07 | 8 |
|
RE: -2, I have VIRSTOP loaded on my Windows 95 environment currently.
Although I have yet to encounter a diskette with a virus using VIRSTOP
and Windows 95. It would be nice to know if someone has detected a
virus with that environment. I would think that it should be compatible
but you obviously can't always be sure....
-Pete
|
| 4223.23 | Hoffman.exe location | CSCMA::MACVICAR | | Sat Nov 25 1995 13:09 | 8 |
| I have encountered the Monkey virus on my laptop. I was going
through the documentation and it mentioned hoffman.exe. I can't
seem to located it. Does anyone know where it is?
Any help getting rid of this virus is appreciated.
Thanks,
Victoria
|
| 4223.24 | | SPEZKO::FRASER | Mobius Loop; see other side | Sun Nov 26 1995 06:52 | 10 |
| Victoria,
For the latest information on PC anti-virus tools and
virus inoculations, please add POWDML::PC_SECURITY to your
notebook.
Regards
Andy
|
| 4223.25 | ex | MINOTR::BANCROFT | | Wed Dec 06 1995 16:41 | 13 |
| F-PROT last 5 or so versions will remove STONED.EMPIRE.MONKEY virus
(the official CARO name).
Hoffman was only a dictionary of virus explainations, not an anti-virus
tool. It became so poor we declined to renew it.
http://www.datafellows.fi/vir-desc.htm
web pages are much better, free, and always current.
The US storage place for the anti-virus tools is
MINOTR::USER6:[VIRUS]
a DIR of that area from a VAX will tell you about the latest version
numbers of the tools.
and POWDML::PC_SECURITY is the notes file for the anti-virus effort.
If all else fails, call your help desk
If really desperate call me - Phil Bancroft 223-8732
|