home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.166
< prev
next >
Wrap
Text File
|
1995-01-03
|
7KB
|
166 lines
VIRUS-L Digest Wednesday, 2 Aug 1989 Volume 2 : Issue 166
Today's Topics:
anti-virus software
Re: "Computer Condom" (from Risks digest)...
os/2 question (PC)
axe by sea (PC)
Fixed-disk infectors (PC)
Re: message virus (was: Computer Virus Research)
Re: "Computer Condom" (from Risks digest)...
---------------------------------------------------------------------------
Date: Tue, 01 Aug 89 16:55:53 +0700
From: KOCI Emil <KOCI@AWIIMC11.BITNET>
Subject: anti-virus software
I missed the actual programs (scan etc.) in VIRUS-L library at
LEHIIBM1.
It also would be a good idea to automatically distribute new versions
when they arrive, to all members of the list.
For "new" list-members it would be helpful to have instructions where/how
to download/upload for different systems in every distribution-mail.
(like IBMPC-L -list does).
PS.: Is there on EARN/BITNET/ANYWHERE a regularily updated file
with virus descriptions?
(hard to get collection about known viruses and their symptomes)
------------------------------
Date: Tue, 01 Aug 89 12:33:15 -0400
From: Barry D. Hassler <hassler@nap1.arpa>
Subject: Re: "Computer Condom" (from Risks digest)...
In article <0003.8907311200.AA25265@ge.sei.cmu.edu> dmg@lid.mitre.org (David Gu
rsky) writes:
>[From the Seattle Weekly, 5/3/89]
>
>PUT A CONDOM ON YOUR COMPUTER
>
>...
>Cummings, the company's president, says the system "stops all viruses" by
>monitoring the user network, the keyboard, and the program in use. He notes
>that the system is programmable to alter the parameters of its control on
>any given machine, but he guarantees that, "when programmed to your
>requirements, it will not allow viruses to enter."
Pardon me for my opinions (and lack of expertise in viral control), but I
think these types of products are dangerous to the purchaser, while most
likely being especially profitable for the seller. I just saw a copy of
this floating around to some senior management-types after being forwarded
several times, and dug up this copy to bounce my two cents off.
First of all, I don't see any method which can be guaranteed to protect
against all viruses (of course the "when programmed to your requirements"
pretty well covers all bases, doesn't it?). Naturally, specific viruses or
methods of attach can be covered with various types of watchdog
software/hardware, but I don't think it is possible to cover all the
avenues in any way.
- -----
Barry D. Hassler hassler@asd.wpafb.af.mil
System Software Analyst (513) 427-6369
Control Data Corporation
------------------------------
Date: Tue, 01 Aug 89 16:32:00 -0400
From: IA96000 <IA96@PACE.BITNET>
Subject: os/2 question (PC)
does anyone know if any of the major viruses can pass to other
files when running under (in) the dos compatibility box of
os/2 extended edition?
IN other words, the systems boots up under os/2, you enter the
dos box and start to execute dos programs.
i would think it would not be able to pass, but i am open to
comments and conversation on this matter.
------------------------------
Date: Tue, 01 Aug 89 16:37:00 -0400
From: IA96000 <IA96@PACE.BITNET>
Subject: axe by sea (PC)
we have been testing various ways to help prevent a file from
becoming infected and have stunbled on an interesting fact.
system enhancement associates (the people who wrote arc) have also
released axe, a program compression utility. basically axe reads
a .exe or .com file, compresses it as much as possible, tacks a
dos loader on the front of the file and then saves the new file.
in many instances, the resulting file is from 15% to 50% smaller
than the original file and loads and runs just like a regular dos
file.
what is interesting is when a virus attacks an axe'd file. the virus
writes itself into the file as many viruses do. however, when you
next attempt to load and run the file, it will not load and locks
up the system. this is not because the viruys has taken control!
this happens because when an axed file is loaded, it is decompressed and
the checksum is compared to the original one generated when the file
was axed.
I know axe was never designed to be anti-viral, but it sure works well
in this regard. since the file is actually in encrypted form on the
disk, it screws up the virus!
------------------------------
Date: 01 Aug 89 00:00:00 +0000
From: David M. Chess <CHESS@YKTVMV.BITNET>
Subject: Fixed-disk infectors (PC)
Does anyone know of, or has anyone even heard credible rumors of,
any boot-sector virus that will infect the boot sector (master or
partition) of IBM-PC-type hard disks, besides the Bouncing Ball and
the Stoned? Those are the only two I seem to see that do that; am
I missing any? DC
------------------------------
Date: 01 Aug 89 21:23:30 +0000
From: kelly@uts.amdahl.com (Kelly Goen)
Subject: Re: message virus (was: Computer Virus Research)
we call those ansi 3.64 control sequences.... vt100 and other
terminals have similar if not exactly the same features... ansi.sys
implements a subset of ansi 3.64 without any protection the problem
has been known at various unix sites for years only now its starting
to show up on pc's because of the usage of ansi.sys and other programs
that recognize these sequences....
cheers
kelly
------------------------------
Date: 01 Aug 89 21:18:49 +0000
From: kelly@uts.amdahl.com (Kelly Goen)
Subject: Re: "Computer Condom" (from Risks digest)...
hahahahahahahahah!!!!!!! right chief just like swamp land in them thar
everglades... seriously though things will not improve until vendors
start going for protected mode and other tricks...I am talking about
386's and 68030's here... maybe something could be done in this area
with charge cars on a 286 but I doubt it... your need that virtual
8086 partition on the 386 to have any real safety and have to be
operating protected mode to take advantage of it(DESQVIEW 386,
THD386.sys etc) after that then there are still so many ways to get
in!!
cheers
kelly
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253