home *** CD-ROM | disk | FTP | other *** search
- Path: senator-bedfellow.mit.edu!faqserv
- From: George Wenzel <gwenzel@gpu.srv.ualberta.ca>
- Newsgroups: alt.comp.virus,comp.virus,alt.answers,comp.answers,news.answers
- Subject: ALT.COMP.VIRUS MINI-FAQ - READ BEFORE POSTING
- Supersedes: <computer-virus/mini-faq_876908404@rtfm.mit.edu>
- Followup-To: alt.comp.virus
- Date: 23 Oct 1997 09:37:03 GMT
- Organization: none
- Lines: 165
- Approved: news-answers-request@MIT.EDU
- Expires: 13 Nov 1997 09:32:10 GMT
- Message-ID: <computer-virus/mini-faq_877599130@rtfm.mit.edu>
- NNTP-Posting-Host: penguin-lust.mit.edu
- Summary: The most important things to know before posting to alt.comp.virus.
- X-Last-Updated: 1997/10/20
- Originator: faqserv@penguin-lust.MIT.EDU
- Xref: senator-bedfellow.mit.edu alt.comp.virus:51173 comp.virus:30098 alt.answers:29797 comp.answers:28643 news.answers:115202
-
- Archive-name: computer-virus/mini-faq
- Posting-Frequency: Every 7 days
- URL: http://www.faqs.org/faqs/computer-virus/mini-faq/
- Maintainer: George Wenzel <gwenzel@gpu.srv.ualberta.ca>
-
- -----BEGIN PGP SIGNED MESSAGE-----
-
- ALT.COMP.VIRUS Mini-FAQ (version 1.14)
- Last updated October 20, 1997
-
- Messages asking for help posted to alt.comp.virus are more likely
- to receive a useful response if they conform to accepted standards of
- civility. The news group news.announce.newusers includes information
- on good news group etiquette.
-
- Don't reformat, low-level format, or use FDISK before posting: using
- DOS utilities to remove viruses is not necessary. Especially do not
- use FDISK unless you know EXACTLY what you're doing - you could lose
- access to your hard drive.
-
- Please, don't just ask "I've got a virus, can anyone help me?"
-
- When asking for help, the more relevant information you give, the more
- help can be returned. It helps to:
-
- * Run more than one anti-virus program. Some do make mistakes.
- * When reporting the output of anti-virus programs, please list
- them (name and version number), and say what each one said about
- the possible virus. Posting the exact output can be helpful.
- * Say what the symptoms are. You *cannot* be too detailed. Include
- things like CPU, RAM(size), Disk(size), BIOS (name and date),
- and Operating System. Be as specific as possible.
- * Please consider the possibility that whatever you are seeing might
- _not_ be a virus. Many system problems are not virus related.
- * Note that you cannot catch a virus simply by reading certain e-mail
- or newsgroup messages. For a virus to spread, infected code must
- be run.
- * If you want an e-mail reply to your post, be sure to state that
- you will post a summary of the responses to the group.
-
-
- Basic answers to common questions:
-
- 1) The following "viruses" are in fact hoaxes: "Good Times", "Deeyenda",
- "Irina", "Penpal Greetings", "Join the Crew", "Returned or Unable to
- Deliver", and "NaughtyRobot". Information about these hoaxes and
- more can be found at
-
- http://www.kumite.com/myths/
-
- 2) Many people have asked why alt.comp.virus is decidedly anti-virus in
- nature. Because of the large proportion of anti-virus producers and
- end-users in the group, viruses are considered to be poor use of
- computer resources, and the open distribution of them to be
- irresponsible.
-
- Binaries are not welcome in UseNet discussion newsgroups.
- Alt.comp.virus is a discussion newsgroup, so the posting of
- binaries is often met with opposition and complaints to ISPs.
-
- In addition, the majority of a.c.v. readers do not want virus source
- code or binaries to be posted in this newsgroup. Should you
- post such material, you should be aware that some of those readers
- will complain to your ISP about it. For your own sake, check your
- ISP's policies regarding posting such material to newsgroups before
- risking your account.
-
- 3) We can't tell you definitively which is the best anti-virus software.
- Everybody has different criteria for quality, and different products
- excel in different areas. It is more important to get a reasonably
- good anti-virus product and to use it often than it is to worry about
- having the absolute best anti-virus product. For maximum protection,
- it is generally recommended that more than one kind of anti-virus
- program be used. Scanners are generally used as a front-line defense,
- but they must be updated regularly. Generic anti-virus programs can
- be of use since they do not need updating as often, and they can catch
- new viruses that a scanner might miss.
-
- There are vendor contacts and comparative reviews at:
-
- http://www.virusbtn.com/
-
- 4) Before claiming that a "good" virus exists or could exist, it would be
- wise to read Vesselin Bontchev's paper "Are 'good' Computer Viruses
- Still A Bad Idea", available at:
-
- ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/viruses/goodvir.zip
-
- 5) There are no viruses which damage hardware by modifying how the
- mechanical parts run or their electro-magnetic characteristics.
- There *are* reported instances of specific hardware being damaged
- by the misuse of specific software. A virus which exploited such
- a problem would have to be so selective and complex that it would
- be unlikely to survive in the real world.
-
- 6) Testing your anti-virus program with a real virus is not generally a
- good idea. Most reputable PC anti-virus packages will now trigger an
- alert if tested with a file containing the following text:
-
- X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
-
- and given a filename with a .COM extension (note that this does not work
- on a Macintosh). Running the file displays the text
- "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!". Most people in the anti-virus
- community consider virus simulators unnecessary and unsuitable for this
- task.
-
- 7) There are answers to other frequently asked questions and more details
- in the other virus FAQ's. They are available at
-
- http://www.webworlds.co.uk/dharley/
-
- 8) Before you ask about what a specific virus does, try:
-
- http://www.drsolomon.com/vircen/enc/
- http://www.datafellows.com/v-descs/
- http://www.datarescue.com/avpbase/
- ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/
- http://www.metro.ch/avpve/
- http://www.mcafee.com/support/techdocs/vinfo/index.html
-
- all of which carry virus databases and links to other sites.
-
- Disclaimer:
-
- The authors accept no responsibility for errors or omissions, or for any
- ill effects resulting from the use of any information contained in this
- document.
-
- Copyright Notice
-
- We made this information freely available, and maintain it. Please don't
- abuse our work by using it for profit without getting permission from the
- FAQ maintainer.
-
- Copyright (c) 1997
-
- Contributors:
-
- Bruce Burrell <bpb@umich.edu>
- Graham Cluley <gcluley@uk.drsolomon.com>
- David Harley <harley@icrf.icnet.uk>
- Gerard Mannig <mannig@world-net.sct.fr>
- A. Padgett Peterson <padgett@goat.orl.mmc.com>
- Robert Slade <roberts@decus.ca or rslade@vcn.bc.ca>
- Dr. Alan Solomon <drsolly@ibmpcug.co.uk>
- Pierre Vandevenne <pierre@datarescue.com>
-
- Special thanks to those out there that thought this work was worth
- something, and decided to send me a few dollars as a thank-you.
- Donations are certainly not expected, but they certainly are welcomed! :-)
-
- -----BEGIN PGP SIGNATURE-----
- Version: PGP for Personal Privacy 5.0
- Charset: noconv
-
- iQCVAwUBNEuoC7cpzG7cw1x1AQFo8QP/VdKFH/xXUXzsKe/lU94zqyvraXQm+ATE
- 4GzdPKpHYylmQY1qJmi9zhBnnaohk6QQXd9r5PgFtTjeenkwFuuH/8+XI/vZvfIA
- J5O532rY8BzDTxt8lwZTZNy4LrP2XfuHLMFo8ljVWFhmjc55nq3fvGSWfhPAQrBO
- 3XLje0BJnFE=
- =FdVe
- -----END PGP SIGNATURE-----
-
-
-
-