VIRUS-L Digest   Thursday,  3 Aug 1989    Volume 2 : Issue 167

Today's Topics:

viruses that reprogram ANSI keys
Re: Computer Condom
Re: Shareware? Hmm... (Mac)
OS/2 and viruses...
Re: Axe by SEA - not an anti-viral
Re: os/2 question (PC)

---------------------------------------------------------------------------

Date:    Wed, 02 Aug 89 07:56:19 -0400
From:    <[email protected]>
Subject: viruses that reprogram ANSI keys

Hi,
    Just a quick note about viruses that reprogram keys to do
nasty things.  Several good terminal emulation packages have a
feature that allows you to 'lock out' any host generated key
redefinitions.  With Persofts Smarterm 220/240 series of programs
you can set the 'User Features Locked' and the program will ignore
all attempts to reprogram the keys with escape sequences.

Andy Wing     [email protected]

[Ed. Not bad, but does MS-DOS's ANSI.SYS allow to lock out these
sequences?  I don't believe that it does.  If not, escape codes
imbedded in documentation, for example, can do a lot...]

------------------------------

Date:    Wed, 02 Aug 89 09:26:00 -0400
From:    <[email protected]>
Subject: Re: Computer Condom

Barry D. Hassler <[email protected]> writes:
>Pardon me for my opinions (and lack of expertise in viral control),  but  I
>think  these  types  of products are dangerous to the purchaser, while most
>likely being especially profitable for the seller. I just  saw  a  copy  of
>this  floating around to some senior management-types after being forwarded
>several times, and dug up this copy to bounce my two cents off.

>First of all, I don't see any method which can  be  guaranteed  to  protect
>against  all  viruses (of course the "when programmed to your requirements"
>pretty well covers all bases, doesn't it?). Naturally, specific viruses  or
>methods   of   attach  can  be  covered  with  various  types  of  watchdog
>software/hardware, but I don't think  it  is  possible  to  cover  all  the
>avenues in any way.

Barry, I think it was supposed to be a joke. I mean, the company president's
name was Rick (or Dick) Cummings... Think about it. It's even better than that
thing by Mike RoChanle (Micro Channel). Remember that?

Damian Hammontree
System Programmer, Johns Hopkins School of Medicine, Baltimore
MANAGER @ JHUIGF

Disclaimer: I wouldn't be suprised if it was on the level and I'm wrong about
this, but I don't think so.... 8^)

------------------------------

Date:    Wed, 02 Aug 89 08:31:05 -0500
From:    Joe McMahon <[email protected]>
Subject: Re: Shareware? Hmm... (Mac)

Here is Jeff Shulman's reply to my letter about VirusDetective.

----------------------------Original message----------------------------
Bob forwarded your letter to me.  I *would* appreciate you sending a followup
letter to the virus list since I feel my reputation is at stake.  I do
empathise with the possible hurt feelings a user may have when seeing a
bill for being honest.  I have since been sending a letter of explanation
as to why the price increased.  I am still sending users what they paid for
at the old price along with the bill (your friend *did* receive a disk if
you recall).  I'm not out to punish my honest users but to inform them that
there has been a price increase and I would appreciate it if they paid the
difference (after all it isn't fair to the new users who *pay* the current
higher price for someone who paid the lower price, at the same time, to get
the same service).

                                                       Jeff
uucp:      ...rutgers!yale!slb-sdr!shulman
CSNet:     [email protected]
AppleLink: KILROY
Delphi:    JEFFS
GEnie:     KILROY
CIS:       76136,667

------------------------------

Date:    Wed, 02 Aug 00 19:89:34 +0000
From:    [email protected]
Subject: OS/2 and viruses...

OS/2 makes some hardware calls for things such as formatting a disk.
It goes around the bios.  As such, none of the monitoring type programs
are gonna stop an OS/2 FORMAT command to trigger.

Found that out the hard way! :-)

Ross

Ross M. Greenberg
UNIX TODAY!             594 Third Avenue   New York   New York  10016
Review Editor           Voice:(212)-889-6431  BBS:(212)-889-6438
uunet!utoday!greenber   BIX: greenber  MCI: greenber   CIS: 72461,3212


------------------------------

Date:    Wed, 02 Aug 00 19:89:13 +0000
From:    [email protected]
Subject: Re: Axe by SEA - not an anti-viral

Programs such as Axe, which are stand alone decompressors, should not
be considered an effective defense by any means angainst virus attacks.

Consider a vanilla program, compressed and wrapped up in a decompress
shell. Fine.  Now, stick a virus around the shell (shell-within-a-shell).
When you execute the program, the virus executes, then the decompressor
starts to work.  The checksum doesn;t match, so the system hangs, or
aborts, or whatever.

However the virus has already run....  (viruses such as the TSR Israeli
Virus may not run, though, since the infected program is never really
run if it crashes....)

Ross
Author, FLU_SHOT+


------------------------------

Date:    03 Aug 89 04:39:10 +0000
From:    [email protected] (Kelly Goen)
Subject: Re: os/2 question (PC)



none of the com infectors I think would presently pass and none of the exe infe
ctors at present for the strains that homebase has gotten samples of could....b
ut exe header info for dos , windows and os2 is in essence somewhat the same(i.
e. exe hdrs for windows and os2 contain extensions to the regular format...) if
the exe file from dos will run unchanged in the compatibility box then I think
you may indeed have a possibility of infection... however os-2 executable woul
d tend to have selective parts of their exe header mashed...ones that I would t
hink would represent a real possibility of infection would be the improved stra
ins of the jerusalem virus(the strains that infects exe hdrs correctly) and oth
er exe infectors that are reasonable well behaved...however the subject of tran
sport viruses has come up before in conversations between john and myself and I
think at least that it represents a real possibility...(also note that lacking
a os-2 system at this time I am essentia!
lly winging it...I did however tak
e a look at the various header formats and various exe infectors that homebase
folks have provided disassemblies of in answering in this fashion). If any of t
he os-2 folks have comments negative or positive out there e-mail me and I will
summarize to the net on this.I am also personally looking into this with respe
ct to 386, Interactives UNIX 5.3 and their DOS under UNIX Option!!
                       cheers
                       kelly

disclaimer: neither AMDAHL Corp. nor ONSITE Consulting take any responsibility
nor  make any warranties for what I say... it is totally and completely the res
ponsibility of Cybernetic Systems Specialists Inc. and myself...
flames>>/dev/nul


------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.