home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Crawly Crypt Collection 1
/
crawlyvol1.bin
/
utility
/
virus
/
vtest10
/
vtest.doc
< prev
Wrap
Text File
|
1990-04-05
|
4KB
|
97 lines
Virus Test 1.0 ( 3/31/88 )
==========================
This program is in the public domain. It may be copied freely, and you can
even try to sell it for all I care.
What is a Virus?
================
Recently there has been a report by Chris Allen in England that a boot virus
for the Atari ST has been spotted. This virus can spread without being seen
and infect your floppy disks, and eventually destroys them. However, you
can protect yourself.
There are 2 basic kinds of programs which can destroy your data: "trojan
horse" programs and viruses. A trojan horse is an ordinary-looking program
which contains a nasty part: for example, it might erase your hard disk.
However, trojans are easy to see: generally someone uploads a copy to a
BBS, where the sysop never tests it until users' data is lost.
A virus is much more subtle. It is capable of "reproduction", and is tough
to see. A floppy disk which contains a virus is said to be "infected".
How does this virus work?
=========================
The particular virus reported in England is called a "boot virus". A floppy
disk for the ST can be either bootable or non-bootable. A bootable disk
contains a short program, called the boot program, which is written on the
disk in a special place. When you turn your ST on or reset it, the disk in
each drive is checked for a boot program. If it has one, it is executed.
The English virus consists of a short boot program. It attaches itself to
GEMDOS. Once installed, it will write a boot sector onto each new diskette
which you insert into your disk drive. This is how it propagates itself.
Each time it reproduces, it adds to a counter. When the counter reaches
a certain limit, the virus erases all disks currently in your disk drives.
We can therefore state 2 rules which the virus obeys:
1) the virus can only be active if you BOOT a disk infected with the virus.
merely reading from or writing on a disk with the boot virus will not
activate it.
2) even if booted, the virus cannot reproduce onto a write-protected disk.
How do I protect myself?
========================
If you ALWAYS boot from the same disk, and this disk is write-protected and
virus-free, you will never catch the virus.
[ hard disk users note: GEMDOS will still check for boot sectors on your
floppy drives, even if your hard disk is set to auto-boot. therefore, you
must be very careful concerning which disks are in your drives when you
reboot. ]
How can I tell if a particular disk is infected?
================================================
A boot virus disk must be bootable. However, very few GEMDOS disks are normal
bootable. Only a disk containing TOS-on-disk or a copy-protected game might
be bootable. Hence, if you see a seemingly-normal disk which is bootable, it
probably contains a boot virus.
The desk accessory VTEST.ACC, contained in this archive, can be used to test
a disk to see if it is bootable.
What if important files are on an infected disk?
================================================
Remember that the virus can only install itself and spread if you boot from
it... so if you detect a disk which is infected, you can still copy files
off of it as long as you are sure not to boot with it.
Reformatting a floppy disk will destroy the virus.
Finally:
========
This desk accessory cannot protect you from future types of viruses:
probably someone could write a virus which could not be detected by
VTEST. Keeping your boot disk and program disks write protected, however,
should help keep you safe.
If you have any comments, suggestions, or improvements to this program, please
feel free to contact me at:
Greg Lindahl
10 Arbutus Trail
Greenville, SC 29607
ci$: [76515,1122]
Parts of this program were based on "bootsec.c", written by George R. Woodside.
