ftp.wwiv.com

home *** CD-ROM | disk | FTP | other *** search

/ ftp.wwiv.com / ftp.wwiv.com.zip / ftp.wwiv.com / pub / HATCH / WWIVNEWS.ZIP / 9512_1.NWS < prev next >

Wrap

Text File | 1995-12-24 | 51KB | 998 lines

Go Chiefs! ┌┐┌┐┌┐┌┐┌┐┌┐┌────┐┌┐ ┌┐┌─┐ ┌┐┌────┐┌┐┌┐┌┐┌────┐ Go Chiefs! ╔═════════════││││││││││││└─┐┌─┘││ │││ └┐│││┌───┘│││││││┌───┘═════════════╗ ║ Volume 6 ││││││││││││ ││ └┼┐┌┼┘│ └┘││└───┐│││││││└───┐ Christmas ║ ║ Issue 4 ││││││││││││ ││ ││││ │┌┐ ││┌───┘││││││└───┐│ 1995 ║ ╚═════════════│└┘└┘││└┘└┘│┌─┘└─┐ └┼┼┘ ││└┐ ││└───┐│└┘└┘│┌───┘│═════════════╝ Go Chiefs! │ └────┘└────┘└────┘ └┘ └┘ └─┘└────┘└────┘└────┘ │ Go Chiefs! │ Serving WWIV Sysops & Users Across All WWIV Networks │ └──────────────────────────────────────────────────────┘ ┌─────────────────────┐ │This Issue's Features│ ┌────────────────────────┴─────────────────────┴────────────────────────────┐ │ Random Notes.......................................Wayne Bell (1@1) │ │ │ │ Soft Servings: News from WWIV Software Services.....Sam (1@4051) │ │ │ │ The Death of the Unsolicited Ping....................Sam (1@4051) │ │ │ │ Tips For Running OS/2 Warp and Windows 95 Together...Pug (1@1625) │ │ │ │ OpSys Wars...........................................Sam (1@4051) │ │ Lockjaw The Ogre (1@5555) │ │ │ │ Understanding Viruses (Part 2 in a Series)...........Sam (1@4051) │ │ │ │ Type 2/0 Forum.......................................Dawg (1@2121) │ │ Pug (1@1625) │ │ │ │ Filo's Mod of the Month..............................Filo (1@4000) │ │ │ │ Technical Section....................................Sam (1@4051) │ │ │ │ Classified Ads.......................................A Compilation │ │ │ │ On the Lighter Side..................................Sam (1@4051) │ │ │ │ Closing Thoughts.....................................Sam (1@4051) │ └───────────────────────────────────────────────────────────────────────────┘ ───────────────┬─────────────────────────────────────────────┬─────────────── │ Random Factors │ │ Creative Commentary by Wayne Bell (1@1) │ └─────────────────────────────────────────────┘ As everyone has probably heard by now, we recently had some problems with sub pings and responses getting multiplied and clogging the network. Net36 has been released to stop this. What it does is eliminate duplicate pings and ping responses, letting through only one. This will be included as part of all future net versions, as I don't see any possible drawback to it. Unfortunately, however, some people are having a problem with the net36 network2.exe locking up their system. If you have this problem, then I'd recommend for now just using the network1.exe (dated Dec 3) out of net36, and keep using the network2.exe from net35. This should give you just about as much protection against multiple pings as using both the network1 and network2 from net36. I'm still not sure why it locks up for some people, but I am still investigating it. I am also investigating a method of using source-verified subs pings, so that only the NC (me, on WWIVnet) can ping for subs. (This method would be limited in application only to netup-registered networks, so that others can still use the wide-open method as it is now.) In any case, happy holidays! -=■=- ───────────────┬─────────────────────────────────────────────┬─────────────── │ Soft Servings │ │ News from WWIV Software Services │ │ By Sam (WWIVnet 1@4051) │ └─────────────────────────────────────────────┘ NGTRANS Newsgroup Translator for WWIV NGTRANS Auxiliary Product Announcement WWIV Software Services October 2, 1995 Q. What is NGTRANS? A. NGTRANS is the product name for a NewsGroup TRANSlator program owned and distributed by WWIV Software Services. Q. What does it do? A. NGTRANS makes it possible for you to send/receive newsgroups and e-mail to the internet via your internet provider. The internet provider must be providing you with a Unix shell account. Q. How much does the program cost? A. The program is available in two forms: a leased form and a purchased form. The leased form allows you to lease the program for use for one year at a time. The program warns you when your year is about to expire so that you can renew your lease for another year. The purchased form allows unlimited use of the program and does not expire. The lease is $20 per year. The purchase is $100. Q. How do I order the product? A. You may order the product from WWIV Software Services, P.O. Box 720455, McAllen, TX 78504-0455 by sending the NGTRANS.FRM found below, or by sending a letter indicating that you wish to WWIV Software Services indicating that you wish to purchase or lease (as appropriate) the NGTRANS program and enclosing a check or money order for the appropriate amount. Be sure to specify your WWIV registration number when you order. Q. If I have additional questions, who should I direct them to? A. Write to Filo@4000.wwivnet or 1@4000.wwivnet. -------------------------cut here------------------------------------- WWIV Software Services P.O. Box 720455 McAllen, TX 78504-0455 Name__________________________________ WWIV Reg. Number___________ Address_______________________________ WWIVnet Node Number________ City__________________________________ IceNET Node Number_________ State (Province)______________________ WWIVLink Node Number_______ Zip or Postal Code____________________ Check one of the options below: [ ] I wish to lease NGTRANS [ ] I wish to purchase NGTRANS (cost $20 per year) (cost $100) Mail the form to the address above. Enclose a check or money order made payable to WWIV Software Services. We do NOT accept checks drawn on banks that are not located in the USA. Orders originating outside the USA should be accompanied by international Postal Money Orders or bank drafts drawn on US banks and should be payable in US dollars. There is a $15 charge assessed for checks not honored by your bank. Please DO NOT SEND CASH. If you send money orders, you are advised to keep your receipt until you have received the product from WWIV Software Services. Please allow three weeks for delivery from the date that you mail your order. If you have not received delivery by then, please check with 1@4000 on WWIVnet or send a fax to WWIV Software Services at 210-618-3532. The program and a receipt will be sent to you via normal mail. The program is not available for downloading and should never be made available for downloading. It is a commercial product protected by all applicable copyrights. -=■=- ───────────────┬─────────────────────────────────────────────┬─────────────── │ The Death of the │ │ Unsolicited Ping │ │ By Sam (1@4051) │ └─────────────────────────────────────────────┘ .....Late news flash! California man runs amuck with meat cleaver! Blames it on ping withdrawal! Details at 11!..... Laugh if you will. But anyone reading the WWIV Network Concerns sub over the past six to eight months will tell you that while that pseuso-headline is indeed an exaggeration, the question over allowing network-wide pings by individuals other than Wayne, and Wayne's subsequent ruling on the subject has been one of the most heated debates, if not *the* most heated debate the history of WWIVNet. The entire discussion centered primarily around one individual who in the past had been allowed to a) "ping the network" to obtain information from sysops who were using his shareware programs, and to b) send encrypted mass email to each and every node on the network. Most sysops would never be aware they were even getting the email were it not for a blurb in their netdatx.log, or unless they were running a program such as Stripit that allows entrapment of sysop-defined message types (or if they were using one of the individual's shareware programs). Many sysops, myself included, took issue with this practice. To us, it did not seem fair to be forced to subsidize for the most part, this individual's shareware business just to be a part of WWIVNet. It was not an issue of cost. In reality, the collective cost of every ping ever sent out since the network's inception probably amount to less than a total of ten dollars in phone charges to the network. Rather, it was a matter of principle. Mass email over the network is prohibited. Yet it was happening regularly under the guise that it was "not readable" without the use of a special program. Further, pings were regularly sent out , "probing" the network to seek out and find people who may be using a certain program. All of us (you) in WWIVNet were helping to carry out this probe, and you too were subjected to it, by default, simply by being a member of WWIVNet. Bear in mind that if you were not using the software the "probe" was seeking out, the ping was deleted and were it not for a note in your netdatx.log, you would never be aware of it's presence. A discussion on the merits of this practice ensued. After several months of what was at times, extremely heated debate, Wayne announced a new, albeit interim policy governing pings on WWIVNet: THE OFFICIAL INTERIM WWIVNET POLICY ON PINGS AND UNSOLICITED NET PACKETS. This policy applies to: 1. Netedit messages 2. External types 3. Any undefined/unused net types 4. Any other packet that might be considered a ping, not including subs.lst pings as sent by the NC or subs.lst coordinator. WWIVnet policy on all other message types or topics is unchanged by this policy. (Note, that this policy DOES apply to regions.dat pings and updated info. Note that I'm not going to retroactively apply this policy.) The policy itself is fairly simple. No packets of the types to which this policy applies may be sent, unless the sender has prior approval from either: 1. Each and every receiver of each and every packet sent out (and I'd suggest you save off the emails of people granting such approval, "just in case"), -or- 2. The NC (me). If anyone ever does get approval from me, it will follow at least a one month discussion on this sub about it. As of right now, nobody has authority under category (2) (NC approval). /****************************************************************************/ And a further clarification...for example: Scenario: A node installs a program. That node sends my node (I have expressly permitted receipt openly) a type 'X' message. Should that be all I need to interchange further type 'X' messages? Ruling: No, that wouldn't do it. It has to be a specific act taken by the sysop installing the program to allow a certain class of messages sent to his/her node. If the installation process specifically prompted the person installing, "Do you wish to request pings be sent to your system?", then I'd say that'd probably be OK. You should have a compelling argument why that person must have typed in "yes" there, though, if they complain later, and have something specifically stated as how to "un-request" the messages be sent. Let me also make explicit that the "installation notification" messages are _NOT_ covered by this policy. That is, it's OK to have those sent back to the author's system. (End of policy statement) Shortly after this policy was announced, a rash of subs.lst pings plagued the network. I myself received, in successive days, 96, 437, 2500, and nearly 5000 subs.lst pings (message type 20/0). I host 9 subs. On the last day, my packet going back to Wayne was nearly a megabyte. Imagine the network traffic bound back to Wayne! To handle this abuse, Wayne quickly modified NET35 and released NET36. If you do not have NET36, you should download it from a Support Board and install it today. NET36 will strip multiple type 20/0 message packets from incoming data packets and prevent you from having more than a single response, even to multiple 20/0 pings, in the same data packet. While the true cause of these pings has not been widely disclosed, earlier in the summer a similar event occurred where the pings were apparently sent from node @11130. In reality they were traced back to another node, and proven so by log files. This first incident is reportedly still "under investigation". More than likely the second occurrence will trace back to the same node, and in due time, appropriate action will be taken. For the most part, Wayne's new policy has been met with overwhelming gratitude. While there have been a couple of complainers, nearly 100% of sysops who have been involved in WWIVNet for any length of time and who know the history behind the entire chain of events that climaxed with this decision have given their resounding approval to Wayne's decision. Planning is currently underway to create an encryption method to prevent anyone other than the NC from being able to send out 20/0 messages, and have unauthorized 20/0 messages stripped from net packets at the first network1.exe they hit. It is hoped by more than a few people that other unauthorized message types will be stripped as well, including those outlined by Wayne's interim policy. Stripping all unauthorized message types from network packets will solve several problems. First, it will alleviate the need for any sort of disciplinary structure to be put in place by Wayne. Such a structure would be nearly impossible to enforce. Second, it would render null the forging of packets that has already occurred since the policy was put in place. For instance, if I got mad at Filo and wanted to try to get him into trouble I could simply generate and unauthorized packet and make it look like it came from @4000. With network1.exe stripping the forged message from the packet, it would get killed at the first stop after it left my board. Third and perhaps best of all, it would provide automatic enforcement of the ping policy. The only major drawback to this method would be to offshoot networks whose NC chooses to allow message types that are prohibited on WWIVNet. One possible solution to this would be for Wayne to make available two separate versions of network1.exe- one for WWIVNet that only allows legal packet types, and one that remains in it's current form, allowing all packet types to flow through. This would seem to me to be the best solution. It would require no additional programing as the current network1.exe could be used for offshoot networks, and the WWIVNet network1.exe would simply have the extra function and function call in the source code to remove the illegal packets. Since Wayne uses modular programming structure, the wide-open network1.exe could be the one used to write the upgrades, then after all the improvements are made to the code, the extra ping-stopping/stripping functions could be added in. Another, simpler solution would be to have the major mail servers in WWIVNet use Netprobe to strip out the illegal packets. This would be far less work on Wayne's part, but may not be as effective in removing all the illegally sent packets. Whichever solution is taken, the WWIV News Staff goes on record, as have the vast majority of others, in total support of the decision to prohibit pings and other extraneous, self-serving packets in WWIVNet by anyone other than the Network Coordinator. -=■=- ───────────────┬─────────────────────────────────────────────┬───────────────── │ Running OS/2 and Windows 95 on One Computer │ │ By Pug (WWIVnet 1@11750) │ └─────────────────────────────────────────────┘ This is for anyone who wishes to install Windows 95 on their computer, but doesn't want to give up OS/2 in the process. According to the Windows 95 installation, you will lose your ability to boot OS/2 after installing it. This is untrue! Win95 overwrites the boot sector, but it doesn't delete OS/2, or stop you from using it. I was somewhat nervous about installing Windows 95, but now I have it co-existing peacefully with OS/2 on the same drive. I have two partitions on my 850 MB hard drive - one HPFS and one FAT. OS/2 is installed on the HPFS partition, and, before I installed Win95, DOS was installed on the FAT partition. I use OS/2's Boot Manager to switch between operating systems. The Windows 95 installation claims to overwrite the boot sector and make OS/2 inaccessible -- this is only partially true. When I finally had enough free time to deal with any problems that might arise, I booted to DOS and ran the Windows 95 installation program. At the first reboot during installation, I saw that the boot sector had indeed been overwritten, boot manager was gone, and Windows 95 was booting. After completing the installation, I stuck in the first OS/2 boot disk (the ones for installing the operating system) and rebooted. I waited for it to load, then inserted the second disk. I chose the "Advanced Installation" option. When I came up to the point where there is an option to install on drive C: or choose another drive, I went to the "Specify a different drive or partition" option, which runs OS/2 Fdisk. I deleted the Boot Manager partition, and immediately re-created it. All the settings had been saved, so I didn't have to set it up again. I rebooted the machine. Boot Manager came up! It still had my old options on it, I could boot "DOS", "Linux" (I have Linux on another drive), or "OS/2". I chose OS/2. OS/2 booted fine, no files were lost, and everything worked the same as before. No problems whatsoever! Afterwards, I rebooted and tried "DOS". Windows 95 was now on that partition, and that's what booted. Once again, no problems whatsoever. That's the way I handled it. However, I know many people use dual boot rather than boot manager. This is even easier! After the Windows 95 installation is done, go to a command prompt and type: boot /OS2 /N (the /N is so it doesn't immediately reboot the machine) Immediately shut down Windows 95 after this. Next time it reboots, it should load OS/2. If you want to get back to Win95, just type: boot /DOS /N Shut down, and Windows 95 should boot. Now I will mention a few things that can and can't be done with your new OS/2 & Win95 setup. If you have the fullpack version of OS/2, rather than the Win-OS/2 version, you will lose your OS/2 Windows support. Win95 will have overwritten the Windows 3.1 files, and OS/2 won't be able to find them. To remedy this problem, install a new bare-bones copy of Windows 3.1 on your drive in a directory other than the one Windows 95 is in. Then re-install the Windows support files in OS/2. A useful tip is to put a TSR to read your HPFS partition in the Windows 95 AUTOEXEC.BAT file. There are at least a dozen of these, and can be found on almost any BBS that features OS/2 support. Most of these TSRs will allow you to read your HPFS partition, and I've heard that there are even some that will write the partition, but I've never seen one, nor do I suggest using one like that. OS/2 should be the only thing that has write access to the HPFS partition, as anything else could do damage to it. Once a TSR (or device driver) for HPFS access is installed, Windows 95 will recognize your HPFS partition, and you'll be able to navigate it with the GUI as well as from command prompt. Something else that can be done is to create a Windows 95 boot disk, and use the "DOS from drive A:" option provided in OS/2. I'm not sure how useful this is, but it will allow you to access the Windows 95 command prompt (aka DOS 7) from within OS/2. I have not been able to make the Win95 GUI load from OS/2, if anyone figures out how, this information would be much appreciated. If you have any tips or comments, I can be reached at 1@11750 on WWIVnet, pug@sorcererisle.com on the Internet, or at my BBS, Sorcerer's Isle: (719)-522-1396, (719)-522-1394. -=■=- ───────────────┬─────────────────────────────────────────────┬─────────────── │ The GC's Corner │ │ Notes from the Group Coordinators │ │ A Compilation │ └─────────────────────────────────────────────┘ Through an oversight on my part (I forgot to send out the request in time), there is no commentary from the GC's in this issue. A number of them have asked me to express their sincere wishes to each of you for a happy, safe, and joyous holiday season. -=■=- ───────────────┬─────────────────────────────────────────────┬─────────────── │ OpSys Wars │ │ Compiled by Sam (1@4051) │ └─────────────────────────────────────────────┘ "IBM Throws in the Towel on OS/2" Recently, there have been rumors floating around that IBM intended to drop it's support for OS/2. Instead of blindly following the rumors, as many people apparently chose to do, I called IBM to find out the truth. Being an OS/2 user myself, I had a vested interest in getting to the bottom of these allegations. After talking to IBM, my suspicions were confirmed. The rumors circulating around about the demise of OS/2 were just that- unsubstantiated rumors being circulated by misinformed people who did not care enough about the truth to confirm it prior to repeating it. Here is the official word from Lou Gerstner, Chairman of IBM, and the man who was misquoted on August 1st by the New York Times: "In today's edition [August 1, 1995] of the New York Times there was an article that misinterpreted statements regarding OS/2 I had made at a meeting with securities analysts yesterday. My statements were regarding the fact that OS/2 is the market leader in enterprise and commercial accounts and that IBM's primary OS/2 focus is to maintain that leadership. The consumer and stand-alone desktop markets for OS/2 are growing but are secondary to our emphasis on robust line-of-business client/server applications for our enterprise customers. OS/2 is one of the cornerstones of the IBM software strategy. We remain committed to its success. Louis V. Gerstner, Jr." -=■=- (The following is a non-objective viewpoint from a fellow OS/2 user regarding the ever-present IBM vs MicroSoft debate. When I read the post, I asked his permission to include it in this issue.) Windows NT was the original MS plan to kill OS/2 Lockjaw The Ogre #1 @5555 MS and IBM worked together on OS/2 through its 1.x versions. with the upgrade, MS and IBM worked separately on the next two revisions of OS/2. IBM worked on a version for standalone and Workstation use, while MS worked on a version for workstation and server (networking and security being the main differences). MS decided that they liked the idea of the Presentation Manager on OS/2 1.3 so much, they redesigned their windows 2.x product to be more like it and called it Windows 3.0. changing Desktop Manager to Program Manager, and making a few other cosmetic changes in the interface, they ported it over to be a shell run on top of DOS. it worked, somewhat, but well enough that MS brought out Windows 3.1 as an upgrade and took over the market pretty well over time. MS realized they had a name product here, that would probably sell better than anything with the boring OS/2 name on it. they announced that they officially withdrew from the pact with IBM and would discontinue their work on OS/2. here's the fun part. MS renamed the product that they were working on as OS/2 to Windows NT. IBM brought out their version of OS/2. it did very well. MS talked about how NT would be the be-all, end-all operating system that would replace Windows 3.11, DOS, OS/2 and UNIX. everyone would want it, and it would run everywhere. Magazines picked up on it and announced how everyone's life would be affected by Windows NT and how everyone would want to run it. IBM garnered award after award for OS/2 2.0 while MS talked about their future product. IBM produced an upgrade to 2.1 of OS/2. MS declared that despite delays, they still expected NT on every desktop real soon now. IBM continued to garner industry awards for OS/2 2.1. OS/2 2.1 and Windows NT appeared in a head-to-head competition, at the Houston Area PC User's Group. OS/2 beat NT hands down, and MS (as well as the sales rep) were made out to be fools by the crowd (great video). IBM distributed a video of the event, until MS asked that they not distribute the NT part. IBM then distributed everything BUT the NT parts, including questions asked to the MS rep, but not the answers. NT was (finally) released. users failed to come out of the woodwork, as did developers. MS eventually decided that giving away copies was the best way to entice people to use it (we got our copy), and gave away hundreds. NT went through a major upgrade that multiplied its sales, yet still couldn't bring the OS to its first one million copies. in the meantime, MS had been working on another project, now considered to be the OS/2 killer (because the last OS/2 killer project failed) called Chicago. IBM released OS/2 Warp's first incarnation, and collected many industry awards, often beating out the first OS/2 killer, NT. MS finally releases Chicago, now called Windows 95 after IBM has released 4 of the 5 flavors of OS/2 Warp (For Windows, Fullpack, Warp Connect for Windows, Warp Connect Fullpack and Warp Server being the 5) and produces much fanfare. first day sales for Windows 95 are phenomenal. MS ships enough copies into the channel to meet OS/2 sales thus far. one month later, however, only 2.5 to 3 million copies have sold and retailers are complaining about unsold and unsalable product, while OS/2 sales continue to grow. That's the story thus far, including a description of what NT is as a product. -=■=- (I retrieved the following article from the Internet. Since I am not a regular Windows 95 user, I was attempting to find some reports comparing Windows 95 and OS/2 in an effort to help those who may be trying to decide between which 32 bit operating system to purchase. Using Lycos, I searched for "WINDOWS and WARP". This is the only article I was able to find that gave any sort of side-by-side comparison of the two products. The article was written approximately eight months *prior* to the official release date of Windows 95, so some of it may be out of date, obsolete, or inaccurate, as MicroSoft may have addressed some of the shortcomings pointed out in this article prior to releasing Windows 95. I asked people in WWIVNet who I know use Windows 95 to provide me with some information as to their praises or problems with Windows 95, but none of them responded. Perhaps by the next issue of WWIVNews I will receive some input from Windows 95 users as to how it is working for them, and possibly some tips, tricks, and trips they have encountered along the way.) OS/2 Warp vs. Windows95 The following charts provide a summary of OS/2 and Windows 95 features, including multitasking characteristics, application environments, and bundled productivity tools. OS/2 OS/2 Warp VS Windows 95 on Architecture: FEATURE OS/2 Warp Windows 95 32-bit Window Management Yes No (1) 32-bit Graphics Subsystem Yes No (2) 32-bit Printing Subsystem Yes Yes 32-bit Multimedia Subsystem Yes Yes 32-bit Kernel Yes Yes Demand Paged Virtual Memory Yes Yes HPFS Support Yes No Non-locking Input Queue (3) Yes No (Applications can keep running) (1) USER is 16-bit, non-reentrant code (2) 50% of GDI calls are serviced by 16-bit, non-reentrant code (3) OS/2 Warp, new version of OS/2, has an engine that will unlock the input queue if it is locked OS/2 Warp VS. Windows 95 on Application Environments FEATURE OS/2 Warp Windows 95 16-bit OS/2 PM Applications Yes No 32-bit OS/2 PM Applications Yes No Win32s Applications (Ver 1.0 & 1.1) Yes Yes Preemptive Multitasking (4) Yes No Win16 Application Support Yes Yes Win16 Device Driver Support Yes Some (5) (4) See chart on multitasking comparison (5) Windows 3.x communications drivers need to be re-written OS/2 Warp VS. Windows 95 on Multitasking Characteristics FEATURE OS/2 Warp Windows 95 Preemptive of 32-bit Os/2 and Win32s Yes No Version 1.1 applications Preemptive of DOS Applications Yes Yes Preemptive of Win16 Applications Yes No Preemptive of mixed 16/32-bit Yes No (7) Applications Multiple, Protected Win16 VDMs Yes No (8) Crash Protection Yes No (9) Preemptive Multi-threading Yes Yes (10) (7) 16 & 32 Bit OS/2, Win16, and Win32S V1.1 applications (8) WinMUTEX prohibits access to USER and portions of GDI when a Win16 application is executing (9) All 16-bit applications share a single address space - the System Virtual Machine (VM) (10) Key operating system code structures (USER and GDI) share the System VM address space with 16-bit applications OS/2 Warp VS. Windows 95 on User Interface FEATURE OS/2 Warp Windows 95 Folder Work Areas Yes No Integration with operating SOM Yes No (11) Launch Pad Yes Yes Drag & Drop Deletion Yes No Drag & Drop Faxing Yes Yes Drag & Drop Access Paths (change Yes No execution paths it will still work) Object Type Templates Yes No Parent Folder Closing Options Yes No (11) Windows 95 shell components are not OLE 2.01 objects OS/2 Warp VS. Windows 95 on Multimedia FEATURE OS/2 Warp Windows 95 Image Viewer Yes No Photo CD Support Yes No Autodesk Animation Yes No Play any Audio File from Internet Yes No Audio/Video Synch Manager Yes No MPEG Support Yes Yes 32-bit Audio/Video Playback Yes Yes OS/2 Warp VS. Windows 95 on Bundled Applications FEATURE OS/2 Warp Windows 95 Internet Access Tools Yes No FTP Yes No Telnet Yes No Gopher Yes No Newsreader Yes No WEB Explorer Yes No CompuServe Front-End Yes No Word Processor Yes No (12) Spreadsheet Yes No Database Yes No Charting Yes No Report Writer Yes No Electronic Mail Yes Yes Image Viewer Yes No FAX Yes Yes Phonebook Yes No Personal Information Mgr Yes No Sys Info Yes No VideoIn Yes No Video Conferencing Yes No (12) Windows 95 comes with a simple text editor, not a word processor (Again, some of this may have changed since this article was written. If anyone using Windows 95 would like to submit an article for the next issue that may be more recent, I will gladly publish it.) -=■=- ───────────────┬─────────────────────────────────────────────┬─────────────── │ Understanding Viruses │ │ Compiled by Sam (1@4051) │ └─────────────────────────────────────────────┘ [This was taken from an FAQ I picked up on the net. It is a rather large article, which I'm posting in parts over several newsletters.] = Virus Detection = ═════════════════════ What are the symptoms and indications of a virus infection? Viruses try to spread as much as possible before they deliver their "payload", but there can be symptoms of virus infection before this, and it is important to use this opportunity to spot and eradicate the virus before any destruction. There are various kinds of symptoms which some virus authors have written into their programs, such as messages, music and graphical displays. However, the main indications are changes in file sizes and contents, changing of interrupt vectors or the reassignment of other system resources. The unaccounted use of RAM or a reduction in the amount known to be in the machine are important indicators. The examination of the code is valuable to the trained eye, but even the novice can often spot the gross differences between a valid boot sector and an infected one. However, these symptoms, along with longer disk activity and strange behavior from the hardware, can also be caused by genuine software, by harmless "prank" programs, or by hardware faults. The only foolproof way to determine that a virus is present is for an expert to analyze the assembly code contained in all programs and system areas, but this is usually impracticable. Virus scanners go some way towards that by looking in that code for known viruses; some will even try to use heuristic means to spot viral code, but this is not always reliable. It is wise to arm yourself with the latest anti-viral software, but also to pay close attention to your system; look particularly for any change in the memory map or configuration as soon as you start the computer. For users of DOS 5.0, the MEM program with the /C switch is very handy for this. If you have DRDOS, use MEM with the /A switch; if you have an earlier version, use CHKDSK or the commonly-available PMAP or MAPMEM utilities. You don't have to know what all the numbers mean, only that they change. Mac users have "info" options that give some indication of memory use, but may need ResEdit for more detail. What steps should be taken in diagnosing and identifying viruses? Most of the time, a virus scanner program will take care of that for you. (Remember, though, that scanning programs must be kept up to date. Also remember that different scanner authors may call the same virus by different names. If you want to identify a virus in order to ask for help, it is best to run at least two scanners on it and, when asking, say which scanners, and what versions, gave the names.) To help identify problems early, run it on new programs and diskettes; when an integrity checker reports a mismatch, when a generic monitoring program sounds an alarm; or when you receive an updated version of a scanner (or a different scanner than the one you have been using). However, because of the time required, it is not generally advisable to insert into your AUTOEXEC.BAT file a command to run a scanner on an entire hard disk on every boot. If you run into an alarm that the scanner doesn't identify, or doesn't properly clean up for you, first verify that the version that you are using is the most recent, and then get in touch with one of the reputable antivirus researchers, who may ask you to send a copy of the infected file to him. What is the best way to remove a virus? In order that downtime be short and losses low, do the minimum that you must to restore the system to a normal state, starting with booting the system from a clean diskette. It is very unlikely that you need to low-level reformat the hard disk! If backups of the infected files are available and appropriate care was taken when making the backups, this is the safest solution, even though it requires a lot of work if many files are involved. More commonly, a disinfecting program is used. If the virus is a boot sector infector, you can continue using the computer with relative safety if you boot it from a clean system diskette, but it is wise to go through all your diskettes removing infection, since sooner or later you may be careless and leave a diskette in the machine when it reboots. Boot sector infections on PCs can be cured by a two-step approach of replacing the MBR (on the hard disk), either by using a backup or by the FDISK/MBR command (from DOS 5 and up), then using the SYS command to replace the DOS boot sector. What does the <insert name here> virus do? If an anti-virus program has detected a virus on your computer, don't rush to post a question to this list asking what it does. First, it might be a false positive alert (especially if the virus is found only in one file), and second, some viruses are extremely common, so the question "What does the Stoned virus do?" or "What does the Jerusalem virus do?" is asked here repeatedly. While this list is monitored by several anti-virus experts, they get tired of perpetually answering the same questions over and over again. In any case, if you really need to know what a particular virus does (as opposed to knowing enough to get rid of it), you will need a longer treatise than could be given to you here. For example, the Stoned virus replaces the disk's boot record with its own, relocating the original to a sector on the disk that may (or may not) occur in an unused portion of the root directory of a DOS diskette; when active, it sits in an area a few kilobytes below the top of memory. All this description could apply to a number of common viruses; but the important points of where the original boot sector goes - and what effect that has on networking software, non-DOS partitions, and so on are all major questions in themselves. Therefore, it is better if you first try to answer your question yourself. There are several sources of information about the known computer viruses, so please consult one of them before requesting information publicly. Chances are that your virus is rather well known and that it is already described in detail in at least one of these sources. What are "false positives" and "false negatives"? A FALSE POSITIVE (or Type-I) error is one in which the anti-viral software claims that a given file is infected by a virus when in reality the file is clean. A FALSE NEGATIVE (or Type-II) error is one in which the software fails to indicate that an infected file is infected. Clearly false negatives are more serious than false positives, although both are undesirable. It has been proven by Dr. Fred Cohen that every virus detector must have either false positives or false negatives or both. This is expressed by saying that detection of viruses is UNDECIDABLE. However his theorem does not preclude a program which has no false negatives and *very few* false positives (e.g. if the only false positives are those due to the file containing viral code which is never actually executed, so that technically we do not have a virus). In the case of virus scanners, false positives are rare, but they can arise if the scan string chosen for a given virus is also present in some benign programs because the string was not well chosen. False negatives are more common with virus scanners because scanners will miss a completely new or a heavily modified virus. One other serious problem could occur: A positive that is misdiagnosed (e.g., a scanner that detects the Empire virus in a boot record but reports it as the Stoned). In the case of a boot sector infector, use of a Stoned specific "cure" to recover from the Empire could result in an unreadable disk or loss of extended partitions. Similarly, sometimes "generic" recovery can result in unusable files, unless a check is made (e.g. by comparing checksums) that the recovered file is identical to the original file. Some more recent products store information about the original programs to allow verification of recovery processes. Could an anti-viral program itself be infected? Yes, so it is important to obtain this software from good sources, and to trust results only after running scanners from a "clean" system. But there are situations where a scanner appears to be infected when it isn't. Most antiviral programs try very hard to identify only viral infections, but sometimes they give false alarms. If two different antiviral programs are both of the "scanner" type, they will contain "signature strings" to identify viral infections. If the strings are not "encrypted", then they will be identified as a virus by another scanner type program. Also, if the scanner does not remove the strings from memory after they are run, then another scanner may detect the virus string "in memory". Some "change detection" type antiviral programs add a bit of code or data to a program when "protecting" it. This might be detected by another "change detector" as a change to a program, and therefore suspicious. It is good practice to use more than one antiviral program. Do be aware, however, that antiviral programs, by their nature, may confuse each other. Where can I get a virus scanner for my Unix system? Basically, you shouldn't bother scanning for Unix viruses at this point in time. Although it is possible to write Unix-based viruses, we have yet to see any instance of a non-experimental virus in that environment. Someone with sufficient knowledge and access to write an effective virus would be more likely to conduct other activities than virus-writing. Furthermore, the typical form of software sharing in an Unix environment would not support virus spread. This answer is not meant to imply that viruses are impossible, or that there aren't security problems in a typical Unix environment -- there are. However, true viruses are highly unlikely and would corrupt file and/or memory integrity. For more information on Unix security, see the book "Practical Unix Security" by Garfinkel and Spafford, O'Reilly & Associates, 1991 (it can be ordered via e-mail from nuts@ora.com). However, there are special cases for which scanning Unix systems for non-Unix viruses does make sense. For example, a Unix system which is acting as a file server (e.g., PC-NFS) for PC systems is quite capable of containing PC file infecting viruses that are a danger to PC clients. Note that, in this example, the UNIX system would be scanned for PC viruses, not UNIX viruses. Another example is in the case of a 386/486 PC system running Unix, since this system is still vulnerable to infection by MBR infectors such as Stoned and Michelangelo, which are operating system independent. (Note that an infection on such a Unix PC system would probably result in disabling the Unix disk partition(s) from booting.) In addition, a file integrity checker (to detect unauthorized changes in executable files) on Unix systems is a very good idea. (One free program which can do this test, as well as other tests, is the COPS package, available by anonymous FTP on cert.org.) Unauthorized file changes on Unix systems are very common, although they usually are not due to virus activity. Why does my anti-viral scanner report an infection only sometimes? There are circumstances where part of a virus exists in RAM without being active: If your scanner reports a virus in memory only occasionally, it could be due to the operating system buffering disk reads, keeping disk contents that include a virus in memory (harmlessly), in which case it should also find it on disk. Or after running another scanner, there may be scan strings left (again harmlessly) in memory. This is sometimes called a "ghost positive" alert. Is my disk infected with the Stoned virus? Of course the answer to this, and many similar questions, is to obtain a good virus detector. There are many to choose from, including ones that will scan diskettes automatically as you use them. Remember to check all diskettes, even non-system ("data") diskettes. It is possible, if you have an urgent need to check a system when you don't have any anti-viral tools, to boot from a clean system diskette, and use the CHKDSK method to see if it is in memory, then look at the boot sector with a disk editor. Usually the first few bytes will indicate the characteristic far jump of the Stoned virus; however, you could be looking at a perfectly good disk that has been "inoculated" against the virus, or at a diskette that seems safe but contains a totally different type of virus. I think I have detected a new virus; what do I do? Whenever there is doubt over a virus, you should obtain the latest versions of several (not just one) major virus scanners. Some scanning programs now use "heuristic" methods (F-PROT, CHECKOUT and SCANBOOT are examples), and "activity monitoring" programs can report a disk or file as being possibly infected when it is in fact perfectly safe (odd, perhaps, but not infected). If no string-matching scan finds a virus, but a heuristic program does (or there are other reasons to suspect the file, e.g., change in size of files) then it is possible that you have found a new virus, although the chances are probably greater that it is an odd-but-okay disk or file. Start by looking in recent VIRUS-L postings about "known" false positives, then contact the author of the anti-virus software that reports it as virus-like; the documentation for the software may have a section explaining what to do if you think you have found a new virus. Consider using the BootID or Checkout programs to calculate the "hashcode" of a diskette in the case of boot sector infectors, rather than send a complete diskette or "live" virus until requested. CHKDSK reports 639K (or less) total memory on my system; am I infected? If CHKDSK displays 639K for the total memory instead of 640K (655,360 bytes) - so that you are missing only 1K - then it is probably due to reasons other than a virus since there are very few viruses which take only 1K from total memory. Legitimate reasons for a deficiency of 1K include: 1) A PS/2 computer. IBM PS/2 computers reserve 1K of conventional RAM for an Extended BIOS Data Area, i.e. for additional data storage required by its BIOS. 2) A computer with American Megatrends Inc. (AMI) BIOS, which is set up (with the built-in CMOS setup program) in such a way that the BIOS uses the upper 1K of memory for its internal variables. (It can be instructed to use lower memory instead.) 3) A SCSI controller. 4) The DiskSecure program. 5) Mouse buffers for older Compaqs. If, on the other hand, you are missing 2K or more from the 640K, 512K, or whatever the conventional memory normally is for your PC, the chances are greater that you have a boot-record virus (e.g. Stoned, Michelangelo), although even in this case there may be legitimate reasons for the missing memory: 1) Many access control programs for preventing booting from a floppy. 2) H/P Vectra computers. 3) Some special BIOSes which use memory (e.g.) for a built-in calendar and/or calculator. However, these are only rough guides. In order to be more certain whether the missing memory is due to a virus, you should: (1) run several virus detectors; (2) look for a change in total memory every now and then; (3) compare the total memory size with that obtained when cold booting from a "clean" system diskette. The latter should show the normal amount of total memory for your configuration. Note: in all cases, CHKDSK should be run without software such as MS-Windows or DesqView loaded, since GUIs seem to be able to open DOS boxes only on whole K boundaries (some seem to be even coarser); thus CHKDSK run from a DOS box may report unrepresentative values. Note also that some machines have only 512K or 256K instead of 640K of conventional memory. I have an infinite loop of sub-directories on my hard drive; am I infected? Probably not. This happens now and then, when something sets the "cluster number" field of some subdirectory the same cluster as an upper-level (usually the root) directory. The /F parameter of CHKDSK, and any of various popular utility programs, should be able to fix this, usually by removing the offending directory. *Don't* erase any of the "replicated" files in the odd directory, since that will erase the "copy" in the root as well (it's really not a copy at all; just a second pointer to the same file). Next issue will deal with protecting against viruses. -=■=-