| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 60.1 | OH NO ...... | UTROP1::TRAMONTINA | | Tue Apr 26 1988 11:44 | 9 |
|
Nightmare came true. This kind of self attaching virusses are a
real danger for Public Domain software. We'll have till somebody
finds something against it.
Hopes that those guys never find out how to ignore the write protect
nodge on the disk, as they can on the Amiga.
Renato
|
| 60.2 | Rumor Control | LEDS::ACCIARDI | | Tue Apr 26 1988 11:55 | 25 |
| Huh? That's the first I've ever heard about anyone ever learning
to bypass the write protect notch on the Amiga. Are you sure you
have your facts correct?
Before any rumors get blown out of control here, let me state one
fact...
None of the known Amiga virus strains are capable of erasing or
formatting a floppy or hard disk, even if the floppy is write-enabled.
All the Amiga viruses do is lodge themselves in the floppy boot-blocks
and occasionally print annoying messages on the screen. The way
to eliminate the virus is to re-write the boot blocks with the INSTALL
command and cold reboot the machine.
If a copy protected floppy (one with non-standard boot blocks) becomes
infected (only possible if the floppy is write-enabled) and
subsequently INSTALLed, you might munge the copy protection and
trash the disk.
Please! be sure of your facts before starting frightening rumors.
I read over 100 Amiga related messages a day on Plink and USENET
and have never heard the horror you describe.
Ed.
|
| 60.3 | There's really very little protection.. | BOLT::BAILEY | Steph Bailey | Tue Apr 26 1988 12:14 | 7 |
| I'd be trivial to format the disk, rather than printing a cute message,
though, n'est-ce pas?
The write protect on the ST is just a convention obeyed by GEMDOS,
correct? The bit appears in one of those registers and if it is
in a certain state, GEMDOS won't write the disk. All you have
to do is make your own write routine, I would imagine.
|
| 60.4 | | STOPIT::BADMAN | Laugh ? I almost did. | Tue Apr 26 1988 12:14 | 19 |
| I don't believe it is possible to write to a write-protected disk
on the ST.
With regards to the linker virus, VDU has been upgraded considerably,
and the new versions are not Public Domain. The VDU program is over
70K in size now, and deals with the linker virus, and also disposes
of a particularly nasty virus on the ST that will delete the entire
FAT of a disk if a file exists with a creation date in 1987. These
things are getting serious.
I have to admit that the concept is intriguing, and I have experimented
a little with virus' myself (taking care not to infect any disks
that I didn't want infected), but to produce a strain as malicious
as these takes a warped mind. In fact, to release a virus outside
of your own control at all is a despicable act.
Jamie.
|
| 60.5 | Anyone looking for a midnight project? | BOLT::MINOW | Je suis marxiste, tendance Groucho | Tue Apr 26 1988 13:55 | 19 |
| I suspect the only way to "fix" virus programs is to build a program that
maintains a database of files and their signatures. The signatures must
be build using a sophisticated algorithm (checksum or crc-16 are too
easy to fix). The program would be kept on a private disk (run by
powering the machin off and booting the disk read-only). The database
would be maintained by the program on a disk that contained nothing else.
In addition to your program files, you would have to build a signature of
the boot block(s) and the "hidden" system files.
There's a new Macintosh program around that does absolutely nothing.
It's only purpose in life is to sit on your system and wait to be
infected. (It's only 300 bytes long, so a directory listing would detect
an infection.)
I'm afraid that, until we get good signature mechanisms, all we can do
is stay one jump ahead of the slime.
Martin.
|
| 60.6 | | BAGELS::BRANNON | Dave Brannon | Tue Apr 26 1988 21:05 | 6 |
| think of a computer virus like a real virus - you take precautions, learn
to recognize the symptoms, try to stay healthy, etc. Same sort
of thing. Eventually you may get one anyway, then you just try
to minimize the hassle.
-dave
|
| 60.7 | | BAGELS::BRANNON | Dave Brannon | Tue Apr 26 1988 21:24 | 20 |
| the write protect notch was discussed at length on Usenet. The
conclusion was that there is a physical write protect in the
disk drive hardware that prevents a write protected disk from being
written to.
That will protect the disk until you actually want to put something
on the disk. Then the lurking virus will jump on the disk as soon
as you write enable it.
Note that there is no write protect for a hard disk drive. That
is what makes running unknown pd software from the hard disk so
much more fun. Can you say backup? what backup? that one with
the virus ticking away on it?
I found a file of the more common viruses in the ibmpc world on
a bbs, anything they can do to an ibmpc can be done to a ST or
Amiga. We've just been lucky that it has taken this long for that
sort of person to learn how to do it.
-dave
|
| 60.8 | medicine for virus | DUVEL::SIMONIS | | Thu Apr 28 1988 05:14 | 25 |
| Hello I want to put here some ideas I have thought tonigh ...
1) do you know the story of the King of the Jungle who was a GIANT
Lion ,the Biggest,the most clever,INDESTRUCTIBLE .He did destroy
everything and did kill everyone on his way.Nobody found a way to
kill him,till a mouse came ... She discovers that time to time the
Lion was loosing some 'fingernails' (Is this the correct word?)
and that these nails was incredibly hards ,solid and SHARP!This
was the solution,using one of the nails of Lion self to kill him
and she succeeded .
2) In chemestry the specialists use sometimes a virus to kill another
one .Of course the first one is 'under control'.
3) and the story of the snake eating himself starting from his opposite
end ...
Do you see what I mean ?You could perhaps use these ideas during
your 'midnight work'.Unluckily I'm not a specialist of GEM BIOS
... so I shall not be able to help you but good luck to you.
The signature solution of .5 is also a good idea but how to verify
the safety of a disk coming from outside with new software?If this
disk is 'hacked' and if you can't determine this fact you will
'secure' an infested disk !
I hope I was not too boring
regards Vincent
|
| 60.9 | Antibiotics ... | STOPIT::BADMAN | Laugh ? I almost did. | Thu Apr 28 1988 10:33 | 21 |
| RE .8
Are you suggesting that a counter virus is created that hangs about
in RAM until a disk infected by another virus is detected in the
drive, and then give the disk a shot of anti-biotics by copying
itself, a harmless virus, onto the disk in the place of the hostile
virus.
This is a good idea, providing the counter-virus can be sure that
the dodgy looking piece of code in the boot sector, in the text
section of a program, etc IS a virus and not a legitimate piece
of code. This would be hard to do.
Or in your way of putting it, the mouse is alright as long as it
uses one of the lions nails and not one of its own by mistake !
Jamie.
|
| 60.10 | standard way of thinking ... | DUVEL::SIMONIS | | Fri Apr 29 1988 04:42 | 16 |
|
Hi Jamie,
you are right but the difference seems obvious between
a mouse nail and a lion one ? no ?
So if everybody making software and writing disk did use
the same 'standard' it would be easy to recognize an
infested disk or software and then kill him.Imagine to
start a 'International Anti-Virus Club' where every member
use the same 'standard' then the only way to infest disk
would be to make a 'true' software containing the virus but
which would not 'disturb' the standard used .This would be
more difficult to build no?
bye Vincent
P.S. Of course protection of software would be more difficult
also ...
|
| 60.11 | Some general thoughts. | UTROP1::TRAMONTINA | | Wed May 04 1988 11:41 | 31 |
| re .2
OOps, sorry for taking rumors for granted.
Viruses are easy to make!!!!
As they are 'normal' 68000 code it is not possible to detect wether
a program is virus or not. A program becomes virus because of the
actions of the program. The only way to test that is to use the
program.....
The best possible protection is general knowledge about the virusses.
If everybody knows how to recognize them, the problem is half way
solved. With the boot sector virus it very easy, test every unkown
disk before putting it in your collection.
For the attaching ones, wich are simple to write, it is more difficult.
Think of a virus wich puts itself over the beginning code of a program.
The orginal program never works again, but the size is the same,
even the CRC could be made the same. The virus does some nasty things,
like installing itself on the ST and displays some idiotic message
like 'Not enough memory to run' ect.
Try finding that one in your 100+ disk collection.
Something to think about:
The virus is invented by a great software firm to kill the illegal
copiing circuit.
Greetings,
Renato
|
| 60.12 | Time Article | EXPRES::FISTER | | Wed Sep 28 1988 08:58 | 10 |
| -< Those Interested >-
Yes, this virus deal is both interesting and scary as hell.
I've gotten some of the virus detector/killers off of GEnie
Compuserve, but I still don't feel safe.
Anyone who has read this week's Time magazine about such
nastiness and are interested in the 'core wars' idea can find
the original articles reprinted in a book called 'The Armchair
Universe', available at your local bookstore.
|
| 60.13 | From one of the local BBS' down here | PNO::SANDERSB | a belagana | Wed Sep 28 1988 11:11 | 10 |
|
There is supposed to be a version of EXPRESS, V5.0 that is
floating around. This version will produce an unreadable sector
on your harddisk. According to Kieth Ledbetter the last released
version of EXPRESS was v3.0b.
This is unconfirmned from the a fellow up in Washington or Oregan
on the IBBS.
Bob
|
| 60.14 | | FOOT::BADMAN | I owe, I owe, so off to work I go ... | Wed Oct 12 1988 11:01 | 4 |
| Who is the author of "An Armchair Universe" ???
Jamie.
|
| 60.15 | Armchair author | WSE071::ANDERSEN | | Wed Oct 12 1988 18:10 | 6 |
| "An Armchair Universe" was written by A. K. Dewdney who
also writes the Computer Recreation column in Scientific
American.
|
| 60.16 | Author! Author! | EXPRES::FISTER | | Fri Oct 14 1988 08:12 | 8 |
|
"An Armchair Universe" was written by A.K. Dewdney. The book
is a series of articles originally published for Scientific
American.
Les
\8^)
|
| 60.17 | core wars | DISCVR::FISTER | | Tue Nov 08 1988 12:31 | 6 |
|
Also...anyone interested in core wars? Apparently so...there
is a note file for it. It's CVG::COREWARS.
Les
\8^)
|
| 60.18 | New? | DISCVR::FISTER | Be all, and you'll be the end all | Tue Apr 25 1989 16:06 | 18 |
|
I've been out of this conference for awhile now, and i've got
a question...
A couple days ago, after a one-month period of dormancy, I booted
the Mega2 up. I had no problem in opening my database with the mouse,
but I couldn't enter any information by the keyboard.
I wiggled the connectors. I rebooted. Same thing. So I, being
human, do a mad typing spree which consists of hitting all keys
at once.
Then this window pops up, and says "Does your mother know you
bang on your computer like that?"
I rebooted, and everything's fine!
Is this something new? Will it happen again? Has anyone seen
this? It was kind of funny, but could become annoying real fast...
Les
|