The 640 MEG Shareware Studio 2

home *** CD-ROM | disk | FTP | other *** search

/ The 640 MEG Shareware Studio 2 / The 640 Meg Shareware Studio CD-ROM Volume II (Data Express)(1993).ISO / virus / virsim20.zip / VIRSIM.DOC < prev

Wrap

Text File | 1992-09-06 | 17KB | 286 lines

-------------------------------------------------------------------- Virus Simulator - Safe & Sterile Virus Protection Validation. -------------------------------------------------------------------- Virus Simulator Copyright Rosenthal Engineering 1991 all rights reserved. 3737 Sequoia, San Luis Obispo, CA USA 93401 Version 2.0 VIRSIM.COM generates controlled programs infected with the signatures (only) of every known virus available. Virus Simulator's ability to harmlessly compile and infect with safe viruses, is very valuable for demonstrating and evaluating anti-virus security measures without harm or contamination of the system. The infected programs can be renamed and copied to other disks and directories as bait for virus detecting programs. Viruses are a form of terrorism and require many of the same precautionary measures. Airports test the effectiveness of their security measures in much the same way. An official disguised as a passenger will attempt to bring a disarmed bomb through, trying to evade security measures and avoid detection. Real viruses, like real terrorists, are much more difficult to test with. The test viruses generated by Virus Simulator are safe and sterile, but form a validation test suite that triggers vigilant virus detectors. Because of the security nature of this program, you should not trust it to be harmless unless you can directly trace its source to Rosenthal Engineering without compromise. Never make copies from anything other than the original write protected distribution disk. Remove all test viruses from your system immediately after completing tests. Insist on having Virus Simulator generate your own unique simulation files and never accept or distribute the simulated viruses themselves. This is especially important if the simulations are to retain their safe and sterile integrity. Virus Simulator creates simulated test suites for every known virus available at the time of release. Real viruses are most often not created from scratch, but by modifying existing viruses and thus pose additional problems for virus detecting programs. To further emulate real viruses that might actually be encountered, Virus Simulator creates a completely new modified simulated virus the same way. No two files or disks will be created identically. New virus signatures are regularly being added, so the latest version is sent by first class mail directly for a single user license registration fee of $25. US Businesses, corporations, government agencies and institutions require a negotiated site license. Virus Simulator prompts the user to generate any (or all) of three test suite types: Files, boot sector, and memory. 1) Generate A:\VIRUS\VIR_#.COM & .EXE files. (Erase to remove) 2) Overwrite A: boot with (new) simulated virus (Format A: to remove) 3) Install memory test simulated virus (Power off system to remove) VIRSIM.COM compiles simulated viruses directly. VIRSIM.COM itself is virus-free, and when scanned by virus detection programs, must always be found free of infection. Only the simulated viruses should result in any infection report. Each time Virus Simulator is run, it generates a completely new and unique test suite of simulated viruses with accompanying documentation. The text files A:VIR_LIST.DOC and A:VIR_BOOT.DOC are created at execution time and provide an audit trail describing each unique virus test simulation suite. Executing the generated test suite programs is not required, and they will only display their Rosenthal Engineering origin. The virus signature strings contained within the individual test suite member programs are protected from entering execution, but will be detected by a virus scanner. Virus Simulator will only generate file and boot sector simulations on a formatted disk in drive A:. You must have an A: drive. Copy VIRSIM.COM to what ever drive you wish to run it from. Precautions have been taken to force VIRSIM to run only from the directory it appears in so no paths, please. NOTE. A:> VIRSIM or C:> VIRSIM (works ok) C:> A:VIRSIM or C:>\TEST\VIRSIM (won't work) Place a freshly formatted diskette in the A: drive. This diskette will receive the generated test virus simulation suite. If you select the "2) Overwrite A: boot sector" option, the system will not be bootable from this disk, but will display an "Infected with simulated boot sector virus" message if you attempt to boot from the diskette. If you select the "1) Generate A:\VIRUS\VIR_#.COM & .EXE files" option, VIRSIM.COM will generate a subdirectory on the diskette containing a set of simulated virus-infected files which are named with sequential numbers as VIR_[#].COM or .EXE. The A:\VIRUS\VIR_#.COM or .EXE files can be renamed and copied to other disks (including hard disks) for testing, but remember to erase all test viruses after completing your tests. If the "3) Install memory test virus" option is selected, a warning message will appear in the upper right corner of the screen until power for the system is turned off. When power is restored, the system will return to normal, and the memory virus test suite will be removed. Run VIRSIM and follow the prompts. Then, scan for viruses. A note here about false alarms, especially when using disk cacheing. Anytime you read or write using a disk, the data is first buffered by memory. If you've just written or read a test suite, your virus scanning program may discover it still in the disk buffer memory. Just power down the system and watch it go away. These test suites are only safe and sterile simulations to evaluate your security measures. A virus detecting program is validated when it detects and reports the presence of the simulated viruses. Virus detecting programs that fail to find these simulations may indeed discover their real counterparts and variations, but should only be trusted after that ability is demonstrated. - - - - - - - - - - - History of Virus Simulator Virus simulator was first developed to support testing my System Monitor program. System Monitor is not a virus scanner or even a program devoted to virus protection. It installs in your IBM PC/XT/AT 386 or 486 Compatible computer to test and extensively monitor a number of performance indicators. Each time you use your computer, System Monitor re-evaluates the system and alerts you to any discrepancies it finds with an announcement that is hard to ignore. You install System Monitor as soon as you're confident that your computer is configured and operational. From then on, System Monitor will intervene immediately upon detecting problems, usually long before a user even suspects any difficulty. This early monitoring and detection is essential in avoiding and correcting problems before they can compound and provides formidable anti-virus protection. Virus Simulator can help determine which anti-virus programs are best for you. These programs then can be installed ahead of System Monitor so a virus that attempts to disable either of these programs will have the very Herculean task of disabling or circumventing them both or risk detection by the other. The first version of Virus Simulator was only intended as a tool to assist volunteers who were beta testing System Monitor in a real world environment. Before beta testing, System Monitor had been tested in a controlled environment, using a considerable collection of real viruses. You can imagine the enthusiasm my beta testers showed to turning real viruses loose on their systems. During the beta testing of System Monitor, we discovered a real need for Virus Simulator beyond its' original intention. Some virus detectors not only didn't find the simulated viruses... on closer inspection, they didn't find the real ones either. We found several cases where no security procedures were being adhered to and even though the organization had acquired a site license for a very capable program, few users had ever run it. Additionally, a virus detecting program thought to be protecting a system used to duplicate distribution disks for other offices was found to be an obsolete version which missed nearly all of the current viruses. No virus protection program will ever be effective without the cooperation of its users, and Virus Simulator provides a means to verify compliance with established security procedures. The current version Virus Simulator creates simulated test suites for every known virus available. - - - - - - - - - - - Statistics, Probability and Making Sense of Tests Virus Simulator makes an infinite number of simulated test viruses by varying each one in a different way. This is much the same way a real virus might be discovered in the world at large. Even testing with a program infected with a real virus can not assure every combination will be examined. Is it a .COM file, .EXE, system, compressed? Is it the same for all programs or just large ones? How about files created before or after a certain date or time. What about a virus that was modified, even trivially, offset a few bytes, or changed from one message to another. Or, a virus that only attacks one vendor's brand of software. The only way to test with any kind of absolute certainty would be to perform tests with every combination and variation, and even then, hope you didn't overlook any. Now, try that with well into many hundreds of viruses and combinations. It becomes apparent that no matter how exhaustive the tests are, they are just random, probabilistic distributions. The study of probability assumes that you know the entire population or universe from which you are going to sample. Statistics assumes that you have only a sample and that you are trying to determine, or at least guess, the parameters or characteristics of the most likely population or source from which the sample was taken. That's what Virus Simulator supplies, a large enough sample population size to establish statistical significance with some reliability. Allowing Virus simulator to fill a single 360 K disk should be more than adequate to support reliable testing. Although a 1.2 M disk offers some improvement, additional disks offer ever diminishing benefits, as the distribution confidence interval shows an insignificant improvement beyond that point. In other words, for files...One disk ought to do it. Testing using boot sector viruses is another matter because, unlike the hundreds of files that can be created on a disk by Virus Simulator, there is only one boot sector per disk. You can generate a simulated boot sector virus onto as many different disks as you like, or overwrite a single disk repeatedly. A new simulation will be generated each time. Evaluating anti-virus measures with viruses active in memory should only be demonstrated with simulated viruses produced by Virus Simulator, never real viruses. You're fairly safe scanning a write protected disk which contains a real virus, providing you don't attempt to run it or boot from the disk. However, a virus active in memory is another story. A real virus active in memory has taken over control of your system. Any validation tests you attempt at this point would be suspect. Virus Simulator provides a safe way to validate your anti- virus measures against viruses present in memory. You'll find that some scanners stop immediately upon discovering the first virus in memory, while others continue to scan until they have reported every virus they can find. An argument can be made for either approach, but the important thing is to show that the scanner reveals a virus in memory. System Administrators should design their own tests to see which users are practicing safe computing and complying with established safeguards. The amount of user cooperation required by anti-virus programs varies. Some users require more automatic and regimented procedures, and Virus Simulator provides system administrators with a practical way to evaluate the overall effectiveness of their security measures. These simulated test viruses are sterile; they won't reproduce and spread by themselves, so they have to be planted (copied). Such an exercise can go a long way to raising the vigilance of complacent users, so when a real virus attacks, destructive damage is held to a minimum. - - - - - - - - - - - Shareware Announcement Please feel free to use and evaluate this software without charge for 10 days. You are encouraged to copy and distribute it freely, provided it remains unmodified, complete in it's original form and no fee (other than a nominal copy charge) is required. This software is provided "as is" without warranty either expressed or implied. This software is fully functional and not copy protected or crippled. If you determine it to be useful, you must register it before the end of the 10 day evaluation period. Once the required registration fee is received, the latest registered version will be sent directly by (US) priority first class mail. - - - - - - - - - - - Software License agreement This Software is copyrighted material. It is not sold, but licensed. The registration fee must be paid before the free 10 day evaluation period expires or use of the software discontinued. You are encouraged to copy and distribute Virus Simulator freely provided it remains unmodified, complete in it's original form and no fee (other than a nominal copy charge) is required. This software is provided "as is" without warranty either expressed or implied. You may not make any changes or modifications to the software and you may not decompile, disassemble or in anyway reverse engineer the software. This constitutes the entire agreement and understanding between the parties and supersedes any prior agreement or understanding, whether oral or written and may only be modified in writing. This software is provided "as is" without warranties of any kind. Responsibility rests entirely with the user to determine its fitness for a particular purpose. ROSENTHAL ENGINEERING SHALL NOT IN ANY CASE BE LIABLE FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR OTHER SIMILAR DAMAGES ARISING FROM ANY USE OF THIS SOFTWARE. Some states may not allow these limits on warranties, so they may not apply to you. In no case shall Rosenthal Engineering's liability exceed the license fees paid by you to Rosenthal Engineering for the right to use the Licensed Software. The single users license is obtained by sending your check for $25 (US) to: Rosenthal Engineering, 3737 Sequoia, San Luis Obispo, CA 93401 USA Businesses, corporations, government agencies and institutions require a negotiated site license.