home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.wwiv.com
/
ftp.wwiv.com.zip
/
ftp.wwiv.com
/
pub
/
HATCH
/
WWIVNEWS.ZIP
/
9512_1.NWS
< prev
next >
Wrap
Text File
|
1995-12-24
|
51KB
|
998 lines
Go Chiefs! ┌┐┌┐┌┐┌┐┌┐┌┐┌────┐┌┐ ┌┐┌─┐ ┌┐┌────┐┌┐┌┐┌┐┌────┐ Go Chiefs!
╔═════════════││││││││││││└─┐┌─┘││ │││ └┐│││┌───┘│││││││┌───┘═════════════╗
║ Volume 6 ││││││││││││ ││ └┼┐┌┼┘│ └┘││└───┐│││││││└───┐ Christmas ║
║ Issue 4 ││││││││││││ ││ ││││ │┌┐ ││┌───┘││││││└───┐│ 1995 ║
╚═════════════│└┘└┘││└┘└┘│┌─┘└─┐ └┼┼┘ ││└┐ ││└───┐│└┘└┘│┌───┘│═════════════╝
Go Chiefs! │ └────┘└────┘└────┘ └┘ └┘ └─┘└────┘└────┘└────┘ │ Go Chiefs!
│ Serving WWIV Sysops & Users Across All WWIV Networks │
└──────────────────────────────────────────────────────┘
┌─────────────────────┐
│This Issue's Features│
┌────────────────────────┴─────────────────────┴────────────────────────────┐
│ Random Notes.......................................Wayne Bell (1@1) │
│ │
│ Soft Servings: News from WWIV Software Services.....Sam (1@4051) │
│ │
│ The Death of the Unsolicited Ping....................Sam (1@4051) │
│ │
│ Tips For Running OS/2 Warp and Windows 95 Together...Pug (1@1625) │
│ │
│ OpSys Wars...........................................Sam (1@4051) │
│ Lockjaw The Ogre (1@5555) │
│ │
│ Understanding Viruses (Part 2 in a Series)...........Sam (1@4051) │
│ │
│ Type 2/0 Forum.......................................Dawg (1@2121) │
│ Pug (1@1625) │
│ │
│ Filo's Mod of the Month..............................Filo (1@4000) │
│ │
│ Technical Section....................................Sam (1@4051) │
│ │
│ Classified Ads.......................................A Compilation │
│ │
│ On the Lighter Side..................................Sam (1@4051) │
│ │
│ Closing Thoughts.....................................Sam (1@4051) │
└───────────────────────────────────────────────────────────────────────────┘
───────────────┬─────────────────────────────────────────────┬───────────────
│ Random Factors │
│ Creative Commentary by Wayne Bell (1@1) │
└─────────────────────────────────────────────┘
As everyone has probably heard by now, we recently had some problems with sub
pings and responses getting multiplied and clogging the network. Net36 has
been released to stop this. What it does is eliminate duplicate pings and
ping responses, letting through only one. This will be included as part of all
future net versions, as I don't see any possible drawback to it.
Unfortunately, however, some people are having a problem with the net36
network2.exe locking up their system. If you have this problem, then I'd
recommend for now just using the network1.exe (dated Dec 3) out of net36, and
keep using the network2.exe from net35. This should give you just about as
much protection against multiple pings as using both the network1 and network2
from net36. I'm still not sure why it locks up for some people, but I am
still investigating it.
I am also investigating a method of using source-verified subs pings, so that
only the NC (me, on WWIVnet) can ping for subs. (This method would be limited
in application only to netup-registered networks, so that others can still use
the wide-open method as it is now.)
In any case, happy holidays!
-=■=-
───────────────┬─────────────────────────────────────────────┬───────────────
│ Soft Servings │
│ News from WWIV Software Services │
│ By Sam (WWIVnet 1@4051) │
└─────────────────────────────────────────────┘
NGTRANS
Newsgroup Translator for WWIV
NGTRANS
Auxiliary Product Announcement
WWIV Software Services
October 2, 1995
Q. What is NGTRANS?
A. NGTRANS is the product name for a NewsGroup TRANSlator program owned
and distributed by WWIV Software Services.
Q. What does it do?
A. NGTRANS makes it possible for you to send/receive newsgroups and
e-mail to the internet via your internet provider. The internet provider must
be providing you with a Unix shell account.
Q. How much does the program cost?
A. The program is available in two forms: a leased form and a purchased
form. The leased form allows you to lease the program for use for one year at
a time. The program warns you when your year is about to expire so that you
can renew your lease for another year. The purchased form allows unlimited
use of the program and does not expire. The lease is $20 per year. The
purchase is $100.
Q. How do I order the product?
A. You may order the product from WWIV Software Services, P.O. Box 720455,
McAllen, TX 78504-0455 by sending the NGTRANS.FRM found below, or by sending a
letter indicating that you wish to WWIV Software Services indicating that you
wish to purchase or lease (as appropriate) the NGTRANS program and enclosing a
check or money order for the appropriate amount. Be sure to specify your WWIV
registration number when you order.
Q. If I have additional questions, who should I direct them to?
A. Write to Filo@4000.wwivnet or 1@4000.wwivnet.
-------------------------cut here-------------------------------------
WWIV Software Services
P.O. Box 720455
McAllen, TX 78504-0455
Name__________________________________ WWIV Reg. Number___________
Address_______________________________ WWIVnet Node Number________
City__________________________________ IceNET Node Number_________
State (Province)______________________ WWIVLink Node Number_______
Zip or Postal Code____________________
Check one of the options below:
[ ] I wish to lease NGTRANS [ ] I wish to purchase NGTRANS
(cost $20 per year) (cost $100)
Mail the form to the address above. Enclose a check or money order made
payable to WWIV Software Services. We do NOT accept checks drawn on banks
that are not located in the USA. Orders originating outside the USA should be
accompanied by international Postal Money Orders or bank drafts drawn on US
banks and should be payable in US dollars. There is a $15 charge assessed for
checks not honored by your bank. Please DO NOT SEND CASH. If you send money
orders, you are advised to keep your receipt until you have received the
product from WWIV Software Services.
Please allow three weeks for delivery from the date that you mail your order.
If you have not received delivery by then, please check with 1@4000 on WWIVnet
or send a fax to WWIV Software Services at 210-618-3532. The program and a
receipt will be sent to you via normal mail. The program is not available for
downloading and should never be made available for downloading. It is a
commercial product protected by all applicable copyrights.
-=■=-
───────────────┬─────────────────────────────────────────────┬───────────────
│ The Death of the │
│ Unsolicited Ping │
│ By Sam (1@4051) │
└─────────────────────────────────────────────┘
.....Late news flash! California man runs amuck with meat cleaver!
Blames it on ping withdrawal! Details at 11!.....
Laugh if you will. But anyone reading the WWIV Network Concerns sub over the
past six to eight months will tell you that while that pseuso-headline is
indeed an exaggeration, the question over allowing network-wide pings by
individuals other than Wayne, and Wayne's subsequent ruling on the subject has
been one of the most heated debates, if not *the* most heated debate the
history of WWIVNet.
The entire discussion centered primarily around one individual who in the past
had been allowed to a) "ping the network" to obtain information from sysops who
were using his shareware programs, and to b) send encrypted mass email to each
and every node on the network. Most sysops would never be aware they were even
getting the email were it not for a blurb in their netdatx.log, or unless they
were running a program such as Stripit that allows entrapment of sysop-defined
message types (or if they were using one of the individual's shareware
programs). Many sysops, myself included, took issue with this practice. To
us, it did not seem fair to be forced to subsidize for the most part, this
individual's shareware business just to be a part of WWIVNet. It was not an
issue of cost. In reality, the collective cost of every ping ever sent out
since the network's inception probably amount to less than a total of ten
dollars in phone charges to the network.
Rather, it was a matter of principle.
Mass email over the network is prohibited. Yet it was happening regularly under
the guise that it was "not readable" without the use of a special program.
Further, pings were regularly sent out , "probing" the network to seek out and
find people who may be using a certain program. All of us (you) in WWIVNet
were helping to carry out this probe, and you too were subjected to it, by
default, simply by being a member of WWIVNet. Bear in mind that if you were
not using the software the "probe" was seeking out, the ping was deleted and
were it not for a note in your netdatx.log, you would never be aware of it's
presence.
A discussion on the merits of this practice ensued. After several months of
what was at times, extremely heated debate, Wayne announced a new, albeit
interim policy governing pings on WWIVNet:
THE OFFICIAL INTERIM WWIVNET POLICY ON PINGS AND UNSOLICITED NET PACKETS.
This policy applies to:
1. Netedit messages
2. External types
3. Any undefined/unused net types
4. Any other packet that might be considered a ping, not including subs.lst
pings as sent by the NC or subs.lst coordinator.
WWIVnet policy on all other message types or topics is unchanged by this
policy.
(Note, that this policy DOES apply to regions.dat pings and updated info.
Note that I'm not going to retroactively apply this policy.)
The policy itself is fairly simple. No packets of the types to which this
policy applies may be sent, unless the sender has prior approval from either:
1. Each and every receiver of each and every packet sent out (and I'd suggest
you save off the emails of people granting such approval, "just in case"),
-or-
2. The NC (me).
If anyone ever does get approval from me, it will follow at least a one month
discussion on this sub about it. As of right now, nobody has authority under
category (2) (NC approval).
/****************************************************************************/
And a further clarification...for example:
Scenario: A node installs a program. That node sends my node (I have
expressly permitted receipt openly) a type 'X' message. Should that be all I
need to interchange further type 'X' messages?
Ruling: No, that wouldn't do it. It has to be a specific act taken by the
sysop installing the program to allow a certain class of messages sent to
his/her node. If the installation process specifically prompted the person
installing, "Do you wish to request pings be sent to your system?", then I'd
say that'd probably be OK. You should have a compelling argument why that
person must have typed in "yes" there, though, if they complain later, and
have something specifically stated as how to "un-request" the messages be sent.
Let me also make explicit that the "installation notification" messages are
_NOT_ covered by this policy. That is, it's OK to have those sent back to the
author's system.
(End of policy statement)
Shortly after this policy was announced, a rash of subs.lst pings plagued the
network. I myself received, in successive days, 96, 437, 2500, and nearly
5000 subs.lst pings (message type 20/0). I host 9 subs. On the last day, my
packet going back to Wayne was nearly a megabyte. Imagine the network traffic
bound back to Wayne! To handle this abuse, Wayne quickly modified NET35 and
released NET36. If you do not have NET36, you should download it from a Support
Board and install it today. NET36 will strip multiple type 20/0 message packets
from incoming data packets and prevent you from having more than a single
response, even to multiple 20/0 pings, in the same data packet.
While the true cause of these pings has not been widely disclosed, earlier in
the summer a similar event occurred where the pings were apparently sent from
node @11130. In reality they were traced back to another node, and proven so
by log files. This first incident is reportedly still "under investigation".
More than likely the second occurrence will trace back to the same node, and
in due time, appropriate action will be taken.
For the most part, Wayne's new policy has been met with overwhelming gratitude.
While there have been a couple of complainers, nearly 100% of sysops who have
been involved in WWIVNet for any length of time and who know the history behind
the entire chain of events that climaxed with this decision have given their
resounding approval to Wayne's decision.
Planning is currently underway to create an encryption method to prevent anyone
other than the NC from being able to send out 20/0 messages, and have
unauthorized 20/0 messages stripped from net packets at the first network1.exe
they hit. It is hoped by more than a few people that other unauthorized message
types will be stripped as well, including those outlined by Wayne's interim
policy.
Stripping all unauthorized message types from network packets will solve
several problems. First, it will alleviate the need for any sort of
disciplinary structure to be put in place by Wayne. Such a structure would be
nearly impossible to enforce. Second, it would render null the forging of
packets that has already occurred since the policy was put in place. For
instance, if I got mad at Filo and wanted to try to get him into trouble I
could simply generate and unauthorized packet and make it look like it came
from @4000. With network1.exe stripping the forged message from the packet, it
would get killed at the first stop after it left my board. Third and perhaps
best of all, it would provide automatic enforcement of the ping policy.
The only major drawback to this method would be to offshoot networks whose NC
chooses to allow message types that are prohibited on WWIVNet. One possible
solution to this would be for Wayne to make available two separate versions of
network1.exe- one for WWIVNet that only allows legal packet types, and one
that remains in it's current form, allowing all packet types to flow through.
This would seem to me to be the best solution. It would require no additional
programing as the current network1.exe could be used for offshoot networks,
and the WWIVNet network1.exe would simply have the extra function and function
call in the source code to remove the illegal packets. Since Wayne uses modular
programming structure, the wide-open network1.exe could be the one used to
write the upgrades, then after all the improvements are made to the code, the
extra ping-stopping/stripping functions could be added in.
Another, simpler solution would be to have the major mail servers in WWIVNet
use Netprobe to strip out the illegal packets. This would be far less work on
Wayne's part, but may not be as effective in removing all the illegally sent
packets.
Whichever solution is taken, the WWIV News Staff goes on record, as have the
vast majority of others, in total support of the decision to prohibit pings
and other extraneous, self-serving packets in WWIVNet by anyone other than the
Network Coordinator.
-=■=-
───────────────┬─────────────────────────────────────────────┬─────────────────
│ Running OS/2 and Windows 95 on One Computer │
│ By Pug (WWIVnet 1@11750) │
└─────────────────────────────────────────────┘
This is for anyone who wishes to install Windows 95 on their computer, but
doesn't want to give up OS/2 in the process.
According to the Windows 95 installation, you will lose your ability to boot
OS/2 after installing it. This is untrue! Win95 overwrites the boot sector,
but it doesn't delete OS/2, or stop you from using it. I was somewhat nervous
about installing Windows 95, but now I have it co-existing peacefully with
OS/2 on the same drive.
I have two partitions on my 850 MB hard drive - one HPFS and one FAT. OS/2
is installed on the HPFS partition, and, before I installed Win95, DOS was
installed on the FAT partition. I use OS/2's Boot Manager to switch between
operating systems. The Windows 95 installation claims to overwrite the boot
sector and make OS/2 inaccessible -- this is only partially true.
When I finally had enough free time to deal with any problems that might
arise, I booted to DOS and ran the Windows 95 installation program. At the
first reboot during installation, I saw that the boot sector had indeed been
overwritten, boot manager was gone, and Windows 95 was booting. After
completing the installation, I stuck in the first OS/2 boot disk (the ones for
installing the operating system) and rebooted. I waited for it to load, then
inserted the second disk. I chose the "Advanced Installation" option. When I
came up to the point where there is an option to install on drive C: or choose
another drive, I went to the "Specify a different drive or partition" option,
which runs OS/2 Fdisk. I deleted the Boot Manager partition, and immediately
re-created it. All the settings had been saved, so I didn't have to set it up
again.
I rebooted the machine. Boot Manager came up! It still had my old options on
it, I could boot "DOS", "Linux" (I have Linux on another drive), or "OS/2". I
chose OS/2. OS/2 booted fine, no files were lost, and everything worked the
same as before. No problems whatsoever! Afterwards, I rebooted and tried
"DOS". Windows 95 was now on that partition, and that's what booted. Once
again, no problems whatsoever.
That's the way I handled it. However, I know many people use dual boot rather
than boot manager. This is even easier! After the Windows 95 installation is
done, go to a command prompt and type:
boot /OS2 /N
(the /N is so it doesn't immediately reboot the machine)
Immediately shut down Windows 95 after this. Next time it reboots, it should
load OS/2. If you want to get back to Win95, just type:
boot /DOS /N
Shut down, and Windows 95 should boot.
Now I will mention a few things that can and can't be done with your new OS/2
& Win95 setup. If you have the fullpack version of OS/2, rather than the
Win-OS/2 version, you will lose your OS/2 Windows support. Win95 will have
overwritten the Windows 3.1 files, and OS/2 won't be able to find them. To
remedy this problem, install a new bare-bones copy of Windows 3.1 on your
drive in a directory other than the one Windows 95 is in. Then re-install the
Windows support files in OS/2.
A useful tip is to put a TSR to read your HPFS partition in the Windows 95
AUTOEXEC.BAT file. There are at least a dozen of these, and can be found on
almost any BBS that features OS/2 support. Most of these TSRs will allow you
to read your HPFS partition, and I've heard that there are even some that will
write the partition, but I've never seen one, nor do I suggest using one like
that. OS/2 should be the only thing that has write access to the HPFS
partition, as anything else could do damage to it.
Once a TSR (or device driver) for HPFS access is installed, Windows 95 will
recognize your HPFS partition, and you'll be able to navigate it with the GUI
as well as from command prompt.
Something else that can be done is to create a Windows 95 boot disk, and use
the "DOS from drive A:" option provided in OS/2. I'm not sure how useful this
is, but it will allow you to access the Windows 95 command prompt (aka DOS 7)
from within OS/2. I have not been able to make the Win95 GUI load from OS/2,
if anyone figures out how, this information would be much appreciated.
If you have any tips or comments, I can be reached at 1@11750 on WWIVnet,
pug@sorcererisle.com on the Internet, or at my BBS, Sorcerer's Isle:
(719)-522-1396, (719)-522-1394.
-=■=-
───────────────┬─────────────────────────────────────────────┬───────────────
│ The GC's Corner │
│ Notes from the Group Coordinators │
│ A Compilation │
└─────────────────────────────────────────────┘
Through an oversight on my part (I forgot to send out the request in time),
there is no commentary from the GC's in this issue. A number of them have
asked me to express their sincere wishes to each of you for a happy, safe, and
joyous holiday season.
-=■=-
───────────────┬─────────────────────────────────────────────┬───────────────
│ OpSys Wars │
│ Compiled by Sam (1@4051) │
└─────────────────────────────────────────────┘
"IBM Throws in the Towel on OS/2"
Recently, there have been rumors floating around that IBM intended to drop it's
support for OS/2. Instead of blindly following the rumors, as many people
apparently chose to do, I called IBM to find out the truth. Being an OS/2 user
myself, I had a vested interest in getting to the bottom of these allegations.
After talking to IBM, my suspicions were confirmed. The rumors circulating
around about the demise of OS/2 were just that- unsubstantiated rumors being
circulated by misinformed people who did not care enough about the truth to
confirm it prior to repeating it.
Here is the official word from Lou Gerstner, Chairman of IBM, and the man who
was misquoted on August 1st by the New York Times:
"In today's edition [August 1, 1995] of the New York Times there was an
article that misinterpreted statements regarding OS/2 I had made at a meeting
with securities analysts yesterday. My statements were regarding the fact that
OS/2 is the market leader in enterprise and commercial accounts and that IBM's
primary OS/2 focus is to maintain that leadership. The consumer and
stand-alone desktop markets for OS/2 are growing but are secondary to our
emphasis on robust line-of-business client/server applications for our
enterprise customers.
OS/2 is one of the cornerstones of the IBM software strategy. We remain
committed to its success.
Louis V. Gerstner, Jr."
-=■=-
(The following is a non-objective viewpoint from a fellow OS/2 user regarding
the ever-present IBM vs MicroSoft debate. When I read the post, I asked his
permission to include it in this issue.)
Windows NT was the original MS plan to kill OS/2
Lockjaw The Ogre #1 @5555
MS and IBM worked together on OS/2 through its 1.x versions. with the upgrade,
MS and IBM worked separately on the next two revisions of OS/2. IBM worked on
a version for standalone and Workstation use, while MS worked on a version for
workstation and server (networking and security being the main differences).
MS decided that they liked the idea of the Presentation Manager on OS/2 1.3 so
much, they redesigned their windows 2.x product to be more like it and called
it Windows 3.0. changing Desktop Manager to Program Manager, and making a few
other cosmetic changes in the interface, they ported it over to be a shell run
on top of DOS.
it worked, somewhat, but well enough that MS brought out Windows 3.1 as an
upgrade and took over the market pretty well over time.
MS realized they had a name product here, that would probably sell better than
anything with the boring OS/2 name on it. they announced that they officially
withdrew from the pact with IBM and would discontinue their work on OS/2.
here's the fun part.
MS renamed the product that they were working on as OS/2 to Windows NT. IBM
brought out their version of OS/2. it did very well. MS talked about how NT
would be the be-all, end-all operating system that would replace Windows 3.11,
DOS, OS/2 and UNIX. everyone would want it, and it would run everywhere.
Magazines picked up on it and announced how everyone's life would be affected
by Windows NT and how everyone would want to run it. IBM garnered award after
award for OS/2 2.0 while MS talked about their future product.
IBM produced an upgrade to 2.1 of OS/2. MS declared that despite delays, they
still expected NT on every desktop real soon now. IBM continued to garner
industry awards for OS/2 2.1.
OS/2 2.1 and Windows NT appeared in a head-to-head competition, at the Houston
Area PC User's Group. OS/2 beat NT hands down, and MS (as well as the sales
rep) were made out to be fools by the crowd (great video). IBM distributed a
video of the event, until MS asked that they not distribute the NT part. IBM
then distributed everything BUT the NT parts, including questions asked to the
MS rep, but not the answers.
NT was (finally) released. users failed to come out of the woodwork, as did
developers. MS eventually decided that giving away copies was the best way to
entice people to use it (we got our copy), and gave away hundreds.
NT went through a major upgrade that multiplied its sales, yet still couldn't
bring the OS to its first one million copies.
in the meantime, MS had been working on another project, now considered to be
the OS/2 killer (because the last OS/2 killer project failed) called Chicago.
IBM released OS/2 Warp's first incarnation, and collected many industry awards,
often beating out the first OS/2 killer, NT.
MS finally releases Chicago, now called Windows 95 after IBM has released 4 of
the 5 flavors of OS/2 Warp (For Windows, Fullpack, Warp Connect for Windows,
Warp Connect Fullpack and Warp Server being the 5) and produces much fanfare.
first day sales for Windows 95 are phenomenal. MS ships enough copies into the
channel to meet OS/2 sales thus far. one month later, however, only 2.5 to 3
million copies have sold and retailers are complaining about unsold and
unsalable product, while OS/2 sales continue to grow.
That's the story thus far, including a description of what NT is as a product.
-=■=-
(I retrieved the following article from the Internet. Since I am not a regular
Windows 95 user, I was attempting to find some reports comparing Windows 95 and
OS/2 in an effort to help those who may be trying to decide between which
32 bit operating system to purchase. Using Lycos, I searched for "WINDOWS and
WARP". This is the only article I was able to find that gave any sort of
side-by-side comparison of the two products. The article was written
approximately eight months *prior* to the official release date of Windows 95,
so some of it may be out of date, obsolete, or inaccurate, as MicroSoft may
have addressed some of the shortcomings pointed out in this article prior to
releasing Windows 95. I asked people in WWIVNet who I know use Windows 95 to
provide me with some information as to their praises or problems with Windows
95, but none of them responded. Perhaps by the next issue of WWIVNews I will
receive some input from Windows 95 users as to how it is working for them, and
possibly some tips, tricks, and trips they have encountered along the way.)
OS/2 Warp vs. Windows95
The following charts provide a summary of OS/2 and Windows 95 features,
including multitasking characteristics, application environments, and bundled
productivity tools.
OS/2 OS/2 Warp VS Windows 95 on Architecture:
FEATURE OS/2 Warp Windows 95
32-bit Window Management Yes No (1)
32-bit Graphics Subsystem Yes No (2)
32-bit Printing Subsystem Yes Yes
32-bit Multimedia Subsystem Yes Yes
32-bit Kernel Yes Yes
Demand Paged Virtual Memory Yes Yes
HPFS Support Yes No
Non-locking Input Queue (3) Yes No
(Applications can keep running)
(1) USER is 16-bit, non-reentrant code
(2) 50% of GDI calls are serviced by 16-bit, non-reentrant code
(3) OS/2 Warp, new version of OS/2, has an engine that will unlock
the input queue if it is locked
OS/2 Warp VS. Windows 95 on Application Environments
FEATURE OS/2 Warp Windows 95
16-bit OS/2 PM Applications Yes No
32-bit OS/2 PM Applications Yes No
Win32s Applications (Ver 1.0 & 1.1) Yes Yes
Preemptive Multitasking (4) Yes No
Win16 Application Support Yes Yes
Win16 Device Driver Support Yes Some (5)
(4) See chart on multitasking comparison
(5) Windows 3.x communications drivers need to be re-written
OS/2 Warp VS. Windows 95 on Multitasking Characteristics
FEATURE OS/2 Warp Windows 95
Preemptive of 32-bit Os/2 and Win32s Yes No
Version 1.1 applications
Preemptive of DOS Applications Yes Yes
Preemptive of Win16 Applications Yes No
Preemptive of mixed 16/32-bit Yes No (7)
Applications
Multiple, Protected Win16 VDMs Yes No (8)
Crash Protection Yes No (9)
Preemptive Multi-threading Yes Yes (10)
(7) 16 & 32 Bit OS/2, Win16, and Win32S V1.1 applications
(8) WinMUTEX prohibits access to USER and portions of GDI
when a Win16 application is executing
(9) All 16-bit applications share a single address space - the
System Virtual Machine (VM)
(10) Key operating system code structures (USER and GDI) share
the System VM address space with 16-bit applications
OS/2 Warp VS. Windows 95 on User Interface
FEATURE OS/2 Warp Windows 95
Folder Work Areas Yes No
Integration with operating SOM Yes No (11)
Launch Pad Yes Yes
Drag & Drop Deletion Yes No
Drag & Drop Faxing Yes Yes
Drag & Drop Access Paths (change Yes No
execution paths it will still work)
Object Type Templates Yes No
Parent Folder Closing Options Yes No
(11) Windows 95 shell components are not OLE 2.01 objects
OS/2 Warp VS. Windows 95 on Multimedia
FEATURE OS/2 Warp Windows 95
Image Viewer Yes No
Photo CD Support Yes No
Autodesk Animation Yes No
Play any Audio File from Internet Yes No
Audio/Video Synch Manager Yes No
MPEG Support Yes Yes
32-bit Audio/Video Playback Yes Yes
OS/2 Warp VS. Windows 95 on Bundled Applications
FEATURE OS/2 Warp Windows 95
Internet Access Tools Yes No
FTP Yes No
Telnet Yes No
Gopher Yes No
Newsreader Yes No
WEB Explorer Yes No
CompuServe Front-End Yes No
Word Processor Yes No (12)
Spreadsheet Yes No
Database Yes No
Charting Yes No
Report Writer Yes No
Electronic Mail Yes Yes
Image Viewer Yes No
FAX Yes Yes
Phonebook Yes No
Personal Information Mgr Yes No
Sys Info Yes No
VideoIn Yes No
Video Conferencing Yes No
(12) Windows 95 comes with a simple text editor, not a word processor
(Again, some of this may have changed since this article was written. If anyone
using Windows 95 would like to submit an article for the next issue that may be
more recent, I will gladly publish it.)
-=■=-
───────────────┬─────────────────────────────────────────────┬───────────────
│ Understanding Viruses │
│ Compiled by Sam (1@4051) │
└─────────────────────────────────────────────┘
[This was taken from an FAQ I picked up on the net. It is a rather large
article, which I'm posting in parts over several newsletters.]
= Virus Detection =
═════════════════════
What are the symptoms and indications of a virus infection?
Viruses try to spread as much as possible before they deliver their "payload",
but there can be symptoms of virus infection before this, and it is important
to use this opportunity to spot and eradicate the virus before any
destruction.
There are various kinds of symptoms which some virus authors have written into
their programs, such as messages, music and graphical displays. However, the
main indications are changes in file sizes and contents, changing of interrupt
vectors or the reassignment of other system resources. The unaccounted use of
RAM or a reduction in the amount known to be in the machine are important
indicators. The examination of the code is valuable to the trained eye, but
even the novice can often spot the gross differences between a valid boot
sector and an infected one. However, these symptoms, along with longer disk
activity and strange behavior from the hardware, can also be caused by genuine
software, by harmless "prank" programs, or by hardware faults.
The only foolproof way to determine that a virus is present is for an expert
to analyze the assembly code contained in all programs and system areas, but
this is usually impracticable. Virus scanners go some way towards that by
looking in that code for known viruses; some will even try to use heuristic
means to spot viral code, but this is not always reliable. It is wise to arm
yourself with the latest anti-viral software, but also to pay close attention
to your system; look particularly for any change in the memory map or
configuration as soon as you start the computer. For users of DOS 5.0, the
MEM program with the /C switch is very handy for this. If you have DRDOS, use
MEM with the /A switch; if you have an earlier version, use CHKDSK or the
commonly-available PMAP or MAPMEM utilities. You don't have to know what all
the numbers mean, only that they change. Mac users have "info" options that
give some indication of memory use, but may need ResEdit for more detail.
What steps should be taken in diagnosing and identifying viruses?
Most of the time, a virus scanner program will take care of that for you.
(Remember, though, that scanning programs must be kept up to date. Also
remember that different scanner authors may call the same virus by different
names. If you want to identify a virus in order to ask for help, it is best
to run at least two scanners on it and, when asking, say which scanners, and
what versions, gave the names.) To help identify problems early, run it on
new programs and diskettes; when an integrity checker reports a mismatch, when
a generic monitoring program sounds an alarm; or when you receive an updated
version of a scanner (or a different scanner than the one you have been
using). However, because of the time required, it is not generally advisable
to insert into your AUTOEXEC.BAT file a command to run a scanner on an entire
hard disk on every boot.
If you run into an alarm that the scanner doesn't identify, or doesn't
properly clean up for you, first verify that the version that you are using is
the most recent, and then get in touch with one of the reputable antivirus
researchers, who may ask you to send a copy of the infected file to him.
What is the best way to remove a virus?
In order that downtime be short and losses low, do the minimum that you must
to restore the system to a normal state, starting with booting the system from
a clean diskette. It is very unlikely that you need to low-level reformat the
hard disk!
If backups of the infected files are available and appropriate care was taken
when making the backups, this is the safest solution, even though it requires
a lot of work if many files are involved.
More commonly, a disinfecting program is used. If the virus is a boot sector
infector, you can continue using the computer with relative safety if you boot
it from a clean system diskette, but it is wise to go through all your
diskettes removing infection, since sooner or later you may be careless and
leave a diskette in the machine when it reboots. Boot sector infections on
PCs can be cured by a two-step approach of replacing the MBR (on the hard
disk), either by using a backup or by the FDISK/MBR command (from DOS 5 and
up), then using the SYS command to replace the DOS boot sector.
What does the <insert name here> virus do?
If an anti-virus program has detected a virus on your computer, don't rush to
post a question to this list asking what it does. First, it might be a false
positive alert (especially if the virus is found only in one file), and
second, some viruses are extremely common, so the question "What does the
Stoned virus do?" or "What does the Jerusalem virus do?" is asked here
repeatedly. While this list is monitored by several anti-virus experts, they
get tired of perpetually answering the same questions over and over again. In
any case, if you really need to know what a particular virus does (as opposed
to knowing enough to get rid of it), you will need a longer treatise than
could be given to you here.
For example, the Stoned virus replaces the disk's boot record with its own,
relocating the original to a sector on the disk that may (or may not) occur in
an unused portion of the root directory of a DOS diskette; when active, it
sits in an area a few kilobytes below the top of memory. All this description
could apply to a number of common viruses; but the important points of where
the original boot sector goes - and what effect that has on networking
software, non-DOS partitions, and so on are all major questions in themselves.
Therefore, it is better if you first try to answer your question yourself.
There are several sources of information about the known computer viruses, so
please consult one of them before requesting information publicly. Chances
are that your virus is rather well known and that it is already described in
detail in at least one of these sources.
What are "false positives" and "false negatives"?
A FALSE POSITIVE (or Type-I) error is one in which the anti-viral software
claims that a given file is infected by a virus when in reality the file is
clean. A FALSE NEGATIVE (or Type-II) error is one in which the software fails
to indicate that an infected file is infected. Clearly false negatives are
more serious than false positives, although both are undesirable.
It has been proven by Dr. Fred Cohen that every virus detector must have
either false positives or false negatives or both. This is expressed by
saying that detection of viruses is UNDECIDABLE. However his theorem does not
preclude a program which has no false negatives and *very few* false positives
(e.g. if the only false positives are those due to the file containing viral
code which is never actually executed, so that technically we do not have a
virus).
In the case of virus scanners, false positives are rare, but they can arise if
the scan string chosen for a given virus is also present in some benign
programs because the string was not well chosen. False negatives are more
common with virus scanners because scanners will miss a completely new or a
heavily modified virus.
One other serious problem could occur: A positive that is misdiagnosed (e.g.,
a scanner that detects the Empire virus in a boot record but reports it as the
Stoned). In the case of a boot sector infector, use of a Stoned specific
"cure" to recover from the Empire could result in an unreadable disk or loss
of extended partitions. Similarly, sometimes "generic" recovery can result in
unusable files, unless a check is made (e.g. by comparing checksums) that the
recovered file is identical to the original file. Some more recent products
store information about the original programs to allow verification of
recovery processes.
Could an anti-viral program itself be infected?
Yes, so it is important to obtain this software from good sources, and to
trust results only after running scanners from a "clean" system. But there are
situations where a scanner appears to be infected when it isn't.
Most antiviral programs try very hard to identify only viral infections, but
sometimes they give false alarms. If two different antiviral programs are
both of the "scanner" type, they will contain "signature strings" to identify
viral infections. If the strings are not "encrypted", then they will be
identified as a virus by another scanner type program. Also, if the scanner
does not remove the strings from memory after they are run, then another
scanner may detect the virus string "in memory".
Some "change detection" type antiviral programs add a bit of code or data to a
program when "protecting" it. This might be detected by another "change
detector" as a change to a program, and therefore suspicious.
It is good practice to use more than one antiviral program. Do be aware,
however, that antiviral programs, by their nature, may confuse each other.
Where can I get a virus scanner for my Unix system?
Basically, you shouldn't bother scanning for Unix viruses at this point in
time. Although it is possible to write Unix-based viruses, we have yet to see
any instance of a non-experimental virus in that environment. Someone with
sufficient knowledge and access to write an effective virus would be more
likely to conduct other activities than virus-writing. Furthermore, the
typical form of software sharing in an Unix environment would not support
virus spread.
This answer is not meant to imply that viruses are impossible, or that there
aren't security problems in a typical Unix environment -- there are. However,
true viruses are highly unlikely and would corrupt file and/or memory
integrity. For more information on Unix security, see the book "Practical
Unix Security" by Garfinkel and Spafford, O'Reilly & Associates, 1991 (it can
be ordered via e-mail from nuts@ora.com).
However, there are special cases for which scanning Unix systems for non-Unix
viruses does make sense. For example, a Unix system which is acting as a file
server (e.g., PC-NFS) for PC systems is quite capable of containing PC file
infecting viruses that are a danger to PC clients. Note that, in this example,
the UNIX system would be scanned for PC viruses, not UNIX viruses.
Another example is in the case of a 386/486 PC system running Unix, since this
system is still vulnerable to infection by MBR infectors such as Stoned and
Michelangelo, which are operating system independent. (Note that an infection
on such a Unix PC system would probably result in disabling the Unix disk
partition(s) from booting.)
In addition, a file integrity checker (to detect unauthorized changes in
executable files) on Unix systems is a very good idea. (One free program
which can do this test, as well as other tests, is the COPS package, available
by anonymous FTP on cert.org.) Unauthorized file changes on Unix systems are
very common, although they usually are not due to virus activity.
Why does my anti-viral scanner report an infection only sometimes?
There are circumstances where part of a virus exists in RAM without being
active: If your scanner reports a virus in memory only occasionally, it could
be due to the operating system buffering disk reads, keeping disk contents
that include a virus in memory (harmlessly), in which case it should also find
it on disk. Or after running another scanner, there may be scan strings left
(again harmlessly) in memory. This is sometimes called a "ghost positive"
alert.
Is my disk infected with the Stoned virus?
Of course the answer to this, and many similar questions, is to obtain a good
virus detector. There are many to choose from, including ones that will scan
diskettes automatically as you use them. Remember to check all diskettes,
even non-system ("data") diskettes.
It is possible, if you have an urgent need to check a system when you don't
have any anti-viral tools, to boot from a clean system diskette, and use the
CHKDSK method to see if it is in memory, then look at the boot sector with a
disk editor. Usually the first few bytes will indicate the characteristic far
jump of the Stoned virus; however, you could be looking at a perfectly good
disk that has been "inoculated" against the virus, or at a diskette that
seems safe but contains a totally different type of virus.
I think I have detected a new virus; what do I do?
Whenever there is doubt over a virus, you should obtain the latest versions of
several (not just one) major virus scanners. Some scanning programs now use
"heuristic" methods (F-PROT, CHECKOUT and SCANBOOT are examples), and
"activity monitoring" programs can report a disk or file as being possibly
infected when it is in fact perfectly safe (odd, perhaps, but not infected).
If no string-matching scan finds a virus, but a heuristic program does (or
there are other reasons to suspect the file, e.g., change in size of files)
then it is possible that you have found a new virus, although the chances are
probably greater that it is an odd-but-okay disk or file. Start by looking in
recent VIRUS-L postings about "known" false positives, then contact the author
of the anti-virus software that reports it as virus-like; the documentation
for the software may have a section explaining what to do if you think you
have found a new virus. Consider using the BootID or Checkout programs to
calculate the "hashcode" of a diskette in the case of boot sector infectors,
rather than send a complete diskette or "live" virus until requested.
CHKDSK reports 639K (or less) total memory on my system; am I infected?
If CHKDSK displays 639K for the total memory instead of 640K (655,360 bytes) -
so that you are missing only 1K - then it is probably due to reasons other
than a virus since there are very few viruses which take only 1K from total
memory. Legitimate reasons for a deficiency of 1K include:
1) A PS/2 computer. IBM PS/2 computers reserve 1K of conventional RAM for an
Extended BIOS Data Area, i.e. for additional data storage required by its
BIOS.
2) A computer with American Megatrends Inc. (AMI) BIOS, which is set up (with
the built-in CMOS setup program) in such a way that the BIOS uses the upper 1K
of memory for its internal variables. (It can be instructed to use lower
memory instead.)
3) A SCSI controller.
4) The DiskSecure program.
5) Mouse buffers for older Compaqs.
If, on the other hand, you are missing 2K or more from the 640K, 512K, or
whatever the conventional memory normally is for your PC, the chances are
greater that you have a boot-record virus (e.g. Stoned, Michelangelo),
although even in this case there may be legitimate reasons for the missing
memory:
1) Many access control programs for preventing booting from a floppy.
2) H/P Vectra computers.
3) Some special BIOSes which use memory (e.g.) for a built-in calendar
and/or calculator.
However, these are only rough guides. In order to be more certain
whether the missing memory is due to a virus, you should:
(1) run several virus detectors;
(2) look for a change in total memory every now and then;
(3) compare the total memory size with that obtained when cold booting from a
"clean" system diskette. The latter should show the normal amount of total
memory for your configuration.
Note: in all cases, CHKDSK should be run without software such as MS-Windows
or DesqView loaded, since GUIs seem to be able to open DOS boxes only on whole
K boundaries (some seem to be even coarser); thus CHKDSK run from a DOS box
may report unrepresentative values.
Note also that some machines have only 512K or 256K instead of 640K of
conventional memory.
I have an infinite loop of sub-directories on my hard drive; am I infected?
Probably not. This happens now and then, when something sets the "cluster
number" field of some subdirectory the same cluster as an upper-level (usually
the root) directory. The /F parameter of CHKDSK, and any of various popular
utility programs, should be able to fix this, usually by removing the
offending directory. *Don't* erase any of the "replicated" files in the odd
directory, since that will erase the "copy" in the root as well (it's really
not a copy at all; just a second pointer to the same file).
Next issue will deal with protecting against viruses.
-=■=-