home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.106
< prev
next >
Wrap
Text File
|
1995-01-03
|
7KB
|
165 lines
VIRUS-L Digest Thursday, 4 May 1989 Volume 2 : Issue 106
Today's Topics:
SecureINIT (Mac)
Sentry Program (PC)
Virus Protection Programs for IBM PCs
Virus testing at Social Security Administration
Bouncing Ball Virus (PC)
---------------------------------------------------------------------------
Date: Thu, 04 May 89 10:05:50 EDT
From: Joe McMahon <XRJDM@SCFVM.GSFC.NASA.GOV>
Subject: SecureINIT (Mac)
I downloaded a copy of this baby from CIS the other day (too bad I
didn't wait for the Clone to get it ... sigh), and I've been fooling
with it a bit on an isolated system.
First, the "documentation" (I hesitate to call it that) is incorrect.
It does not create invisible INIT files. If they were invisible, they
wouldn't work under System 6.0.x anyway (a new feature in 6.0, BTW).
It creates a "SecureINIT" file with its own little icon. There is no
"show me the icon" option at startup.
Most of the things which SecureInit does are on the elementary side,
and can be done (or undone) with a little ResEdit hacking. Making the
files in the System folder locked, making the System folder invisible,
and locking applications are all very simple and no help against viruses.
The features which allow the auotmatic removal of "alien" files and
INITs in the System folder are VERY inconvenient. If you customize
this wrong, you will TRASH your system. Yucko. Anything saved in the
System folder (like Word preferences files, etc.) will get clobbered.
The other features (exclusion of applications from other disks,
prevention of switch launches, and a couple others) might be of some
help in preventing invasions, but won't help if you've copied
something nasty onto your startup disk yourself.
There is nothing there to keep viruses from undoing any of the actions
that this INIT takes. All of the "legal" files are stored in resources
in the INIT in plain STR# resources. Let's see, unlock the INIT, add
me to the resource list, and now I'm labelled as an "OK file" Cute.
Since there's no trapping of accesses like VAccine of GateKeeper,
that's easy.
As a final note, the unimplemented (in the demo version) feature which
puts INITs into the system file ... aack! Don't be messin' with my
System file!
Final recommendation? Run away! Run away! Do NOT use this package,
unless you want a false sense of security and things happening behing
your back.
--- Joe M.
------------------------------
Date: Thu, 04 May 89 10:25:53 EDT
From: Claude Goldman <CLAUDE@BROWNVM.BITNET>
Subject: Sentry Program (PC)
I have seen several referemces to the SENTRY program which checks the
boot sector of IBM PCs. I have several questions.
1. What else does it do, if anything.
2. What kind of program is it, i.e pd, shareware, commercial?
3. How would I get I copy.
Acknowledge-To: <CLAUDE@BROWNVM>
------------------------------
Date: Thu, 04 May 89 10:29:20 EDT
From: Claude Goldman <CLAUDE@BROWNVM.BITNET>
Subject: Virus Protection Programs for IBM PCs
I am trying to put together a list of programs to help IBM PC users at
Brown protect their PCs from Virus. I have found a few pd/shareware
programs in the Sintel20 and Lehigh archives. Are there are severs I
can access via mail, messages or ftp I should be looking at? Programs
I have seen so far seem to either do checksums of varios kinds and/or
stay in memory to check for attempts to be nasty. The ones I have
found so far that offer at least sone protection are: CHK4BOMB,
TRAPDISK, ALERT, CHECKUP, DETECT, FLUSHOT +. Are there others I
should be looking at? Any comments about the value and/or usefulness
of these programs?
Acknowledge-To: <CLAUDE@BROWNVM>
------------------------------
Date: Sun, 30-Apr-89 23:48:25 PDT
From: portal!cup.portal.com!garyt@Sun.COM
Subject: Virus testing at Social Security Administration
Lynn McLean (on Homebase) has asked me to forward this message:
Original-Date: 04/28/89 17:19:42
Original-From: LYNN MCLEAN
My co-worker and his colleague in the microcomputer support center at
the Social Security Administration have just finished a review of
anti-virus products. They tested against 14 viruses (which I helped
obtain from a nefarious member of the Homebase board) and collected
over 20 products to review. The viruses were a subset of Goodwin's
collection and, supposedly, the most common ones. The results of the
review were that none of the products were effective. The Tracer
program (I understand it's been renamed Sentry and placed in public
domain) was able to detect them all, but only if the system was
re-booted every day or so. Most of our network systems are never
re-booted, or booted only every few months, and many of the test
viruses activated after only a few weeks in the system. So it doesn't
do any good to detect a virus a month after it's destroyed the system.
The rest of the products could not even detect half of the viruses, at
any time. I don't know of any other review that has used any more
viruses than we did, but the results couldn't come out much different
if they included some of the same viruses that we used. I hope this
information is useful to some of the users.
Lynn McLean
[Ed. I think that a list of viruses tested, along with a list of the
test procedures would be of great interest here.]
------------------------------
Date: Thu, 4 May 89 12:44 EDT
From: "David Ward, Computer Support Centre" <WARD@SENECA.BITNET>
Subject: Bouncing Ball Virus (PC)
We appear to have been infected by a virus in two of our teaching
labs. The worst affected lab is used for teaching WordPerfect on
MS-DOS machines with hard drives. About 3/4 of the machines have
shown symptoms but only intermittantly so it is hard to tell how
serious it is. It appears as a bouncing ball which moves up and down
diagonally across the screen. We can continue working on the machine
with the bouncing ball but must re-boot to get rid of it.
I have recently joined the VIRUS-L listserver (didn't talk to doctors
before 'cause I wasn't sick) and have been trying to find out as much
as I could about this virus. My request for help on the PCSUPT
listserver generated a few leads toward getting a program to destroy
this virus. One of the best suggestions was to check the VIRUS-L
list. If anyone has more information on this particular virus, please
contact me.
The limit on downloads from the VIRUS-L listserver proved to be a
source of delay yesterday (like the accident victim whose dipstick
shows blood down four pints -- 'Sorry sir, the limit is one pint per
day! Have to control the vampires you know.'). Perhaps some mechanism
could be set up for bypassing this limit for those with urgent needs.
- ----------------------------------------------------------------------
David Ward BITNET: WARD@SENECA
Computer Support Center
Seneca College PHONE: 416-491-5050 x2620
Toronto (home of the Boo-Jays)
- ----------------------------------------------------------------------
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253