home *** CD-ROM | disk | FTP | other *** search
- Path: senator-bedfellow.mit.edu!dreaderd!not-for-mail
- Message-ID: <computer-virus/mini-faq_952514862@rtfm.mit.edu>
- Supersedes: <computer-virus/mini-faq_952087937@rtfm.mit.edu>
- Expires: 29 Mar 2000 11:27:42 GMT
- X-Last-Updated: 1999/08/24
- Organization: none
- From: George Wenzel <gwenzel@telusplanet.net>
- Newsgroups: alt.comp.virus,comp.virus,alt.answers,comp.answers,news.answers
- Followup-To: alt.comp.virus
- Subject: Mini-FAQ: alt.comp.virus
- Summary: The most important things to know before posting to a.c.v.
- Approved: news-answers-request@MIT.EDU
- X-no-archive: yes
- Originator: faqserv@penguin-lust.MIT.EDU
- Date: 12 Mar 2000 09:55:04 GMT
- Lines: 186
- NNTP-Posting-Host: penguin-lust.mit.edu
- X-Trace: dreaderd 952854904 2942 18.181.0.29
- Xref: senator-bedfellow.mit.edu alt.comp.virus:99983 comp.virus:30969 alt.answers:47733 comp.answers:40005 news.answers:179083
-
- Archive-name: computer-virus/mini-faq
- Posting-Frequency: Every 7 days
-
- -----BEGIN PGP SIGNED MESSAGE-----
-
- ALT.COMP.VIRUS Mini-FAQ (version 1.2)
- Last updated August 23, 1999
- Maintained by George Wenzel <gwenzel@telusplanet.net>
-
- Messages asking for help posted to alt.comp.virus are more likely to
- receive a useful response if they conform to accepted standards of
- civility. The news group news.announce.newusers includes information
- on good newsgroup etiquette.
-
- Don't reformat, low-level format, or use FDISK in an effort to remove
- a virus. Using DOS utilities to remove viruses is not necessary.
- Especially do not use FDISK unless you know EXACTLY what you're doing;
- you could lose access to your hard drive. It is always preferable,
- if at all possible, to use an anti-virus product to remove a virus. If
- anything, it's safer.
-
- Please, don't just ask "I've got a virus, can anyone help me?"
-
- When asking for help, the more relevant information you give,
- the more help can be returned. It helps to:
-
- * Run more than one anti-virus program. Anti-virus programs do false
- alarm once in a while (some more than others).
- * When reporting the output of anti-virus programs, please list them
- (name and version number), and say what each one said about the
- possible virus. Posting the exact output can be helpful.
- * Please consider the possibility that whatever you are seeing might
- not be a virus. Many system problems are not virus related.
- * Note that you cannot catch a virus simply by reading certain e-mail
- or newsgroup messages. For a virus to spread, infected code must be
- run.
-
- Basic answers to common questions:
-
- 1) The following "viruses" are in fact hoaxes (warnings about viruses
- that do not, or cannot, exist):
-
- * "Good Times"
- * "Deeyenda Maddick"
- * "Irina"
- * "Penpal Greetings"
- * "Join the Crew"
- * "Returned or Unable to Deliver"
- * "NaughtyRobot".
- * "It takes guts to say Jesus"
- * "Win a Holiday"
-
- As a general rule, any "Virus Warning" that you receive unexpectedly in
- your e-mailbox that asks you to pass the message along (similar to a chain
- letter) is highly likely to be a hoax. Information about these hoaxes
- and more can be found at the Computer Virus Myths Website:
-
- http://www.kumite.com/myths/
-
- 2) Many people have asked why alt.comp.virus is decidedly anti-virus
- in nature. Because of the large proportion of anti-virus producers and
- end users in the group, viruses are considered to be poor use of computer
- resources, and the open distribution of them to be irresponsible.
-
- Binaries are not welcome in UseNet discussion newsgroups. Alt.comp.virus
- is a discussion newsgroup, so the posting of binaries is often met
- with opposition and complaints to ISPs. Alt.comp.virus exists for the
- discussion of computer viruses, not their distribution.
-
- The majority of a.c.v. readers do not want virus source code or binaries
- to be posted in this newsgroup. Should you post such material, you should
- be aware that some of those readers will complain to your ISP about it.
- For your own sake, check your ISP's policies regarding posting such material
- to newsgroups before risking your account.
-
- 3) There is no such thing as the "best" anti-virus software. Everybody
- has different criteria for quality, and different products excel in
- different areas. It is more important to get a reasonably good anti-virus
- product and to use it often than it is to worry about having the absolute
- best anti-virus product. For maximum protection, it is generally
- recommended that more than one kind of anti-virus program be used.
- Scanners are generally used as a front line defense, but they must be
- updated regularly. Generic anti-virus programs can be of use since they do
- not need updating as often, and they can catch new viruses that a scanner
- might miss.
-
- Independent comparative reviews can be found at the following sites:
-
- _Virus Bulletin_ http://www.virusbtn.com/
- _Secure Computing_ http://www.westcoast.com/
- University of Tampere http://www.uta.fi/laitokset/virus/
- University of Hamburg ftp://ftp.informatik.uni-hamburg.de/pub/virus/
- and http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm
-
- 4) Before claiming that a "good" virus exists or could exist, it would
- be wise to read Vesselin Bontchev's paper "Are 'Good' Computer Viruses
- Still A Bad Idea", available at:
-
- ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/viruses/goodvir.zip
-
- 5) There are no viruses which damage hardware by modifying how the
- mechanical parts run or their electro-magnetic characteristics. There
- *are* reported instances of specific hardware being damaged by the
- misuse of specific software. No known viruses damage hardware,
- and despite many suggestions to the contrary, it is unlikely that
- one will ever exist.
-
- That said, there is a virus (CIH) which corrupts a system BIOS, which
- is not hardware damage, but is as difficult to fix. With a corrupt BIOS,
- it is not possible for the system to start; the BIOS chip would need to
- be returned to the factory to get re-programmed. Hardware write
- protection of the BIOS should be used whenever possible, as should current
- anti-virus software.
-
- 6) Testing your anti-virus program with a real virus is not generally
- a good idea. Most reputable anti-virus packages will now trigger an
- alert if they scan a file beginning with the following text:
-
- X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
-
- To make this file, copy the above text string into a text file using
- the DOS edit program or Windows Notepad, and save it with a .com extension.
- Virtually all Windows anti-virus programs and commercial Macintosh
- anti-virus programs can recognise this test file. Running the file
- displays the text "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!". Most people
- in the anti-virus community consider "virus simulators" unnecessary
- and unsuitable for testing proper installation of anti-virus products.
-
- 7) There are answers to other frequently asked questions and more
- details in the other virus FAQ's. They are available at various sites,
- but most of them are available at:
-
- http://www.sherpasoft.com/acvFAQ/
- and
- http://www.faqs.org/faqs/computer-virus/
-
- 8) Before you ask about what a specific virus does, try:
-
- http://www.drsolomon.com/vircen/enc/
- http://www.datafellows.com/v-descs/
- http://www.avpve.com/
- http://vil.mcafee.com/villib/alpha.asp
-
- These sites have reasonably-comprehensive virus databases. Be aware,
- though, that there are many thousands of viruses and descriptions are only
- available for the more common ones. Also, keep in mind that different
- anti-virus products may use different names for the same virus. Project
- VGREP is a virus name cross-referencing service which allows you to find
- out what name is being used for a virus by different anti-virus products.
-
- Project VGREP is available at http://www.virusbtn.com/VGrep/
-
- Disclaimer:
-
- The authors accept no responsibility for errors or omissions, or for
- any ill effects resulting from the use of any information contained in
- this document.
-
- Copyright Notice:
-
- We made this information freely available, and maintain it. Please
- don't abuse our work by using it for profit without getting permission from
- the FAQ maintainer.
-
- Copyright (c) 1999
-
- Contributors:
-
- Bruce Burrell, Graham Cluley, David Harley, Gerard Mannig, A. Padgett
- Peterson, Robert Slade, Dr. Alan Solomon, and Pierre Vandevenne.
-
- Special thanks to those out there that thought this work was worth
- something, and decided to send the maintainer a thank-you.
-
-
- -----BEGIN PGP SIGNATURE-----
- Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
- Comment: PGP Key ID 0xDCC35C75 available on Keyservers
-
- iQCVAwUBN8IYhrcpzG7cw1x1AQElxgQAkwQdMsIyzTOMOEXCX2WTgkxKx12TAZnz
- h/3Ma3O96Pla7yJo6W2N6n6OgrwZxmBFZ0CWaY9gnjNL+AU+m9K5shPaLm0j9zcC
- G394eudklIWy37349wxvGq+JB/kbcL6TFLCCjKtrDIK+syGPQ71iyqlkAwAy6ROD
- cI87IkIyGd0=
- =Nlvt
- -----END PGP SIGNATURE-----
-
-