How Can You Stop a Trojan Horse?
by the Disk Doctor



--------------------------------------------
Copyright (C) 1987,  the Disk Doctor.

First published in the Rochester (PC)^3 News:
  Picture City PC Programming Club
  PO BOX 20342
  Rochester, NY 14602
The Disk Doctor may be contacted at this
address, or via CIS [73147,414].

This material may be reproduced for internal
use by other not-for-profit groups, provided
this copyright notice is included.
----------------------------------------------


I enjoy writing my Case Histories column,
and I have several humorous new episodes
in the works.  I'll be back next month
with the funny stuff.  This month, I
decided to discuss a serious topic.  The
truth is, I couldn't think of anything
funny to say about trojan horse programs.


A Trojan Horse is software that you think
is useful, but once it gets inside your
computer, it maliciously erases your
disk(s) or worse.  People who download
software off Bulletin Board Systems (BBSs)
are most vunerable.  A trojan program
usually has a normal title, an interesting
description, and may appear to do
something useful.  But while it runs, it
erases or formats all disk drives on your
system or worse!  (It is possible to
execute low level commands that physically
and irreparably damage your computer
system.)  We're talking about disk
terrorism, conducted on your very desktop!

Who knows what twisted minds would take
such a despicable action.  Probably the
same creeps who put razor blades in
Halloween candy, or cyanide in Tylenol.




What can you do to protect yourself?
There are utilities that will write-
protect your hard drive.  As mentioned at
the last meeting, this offers some
protection, but anything set in software
can be defeated in software.

Other utilities will print out all ASCII
text strings that appear within an .EXE or
COM program.  This will clue you ahead of
time of programs which contain messages
like "Arf. Arf. Got you!".  Of course,
this will not protect you unless the jerk
delights in taunting the victim.

Actually,
the only safe solution is to pull the hard
disk controller card before you
experiment with new software.  Or don't
experiment.

------------------------------------------

If you want to experiment anyways, you can
rely on common sense and cooperation.
Watch for these warning signs:

> no documentation other than a brief
 description.
> a program you never heard of before
> a renamed, "enhanced" version of a
 program you have heard of before
> no author's name, or anyone claiming
 credit for uploading it
> outrageous claims, like doubling the
 speed of your PC, or emulating an EGA on
 a CGA monitor
> ridiculous file size - no word processor
 worth anything has a file size of a few
 thousand bytes
> a BASIC program which is stored in
 "protected" mode so you can't LIST it



Now for the cooperation part of it:

> only use software from BBS's or a
 library where the sysop tests programs
 before making them public.
> only download software from a BBS where
 users must register before uploading
 files, the sysop verifies that no phoney
 names are used, and the individual who
 uploaded each file is traceable.
> if you discover a trojan, report it
 immediately to all local BBS's.
> watch for the "Dirty Dozen" list (which
 is now several dozen long) which is
 updated periodically and found on BBS's
 across the country.  It lists trojans
 and pirated software.  Pirated software
 may not ruin you, but it is illegal.
 Rumors have it that software companies
 put trojan versions of their programs on
 BBS's to "discourage" piracy.  In any
 case, you are advised to pay for the
 software you use, including shareware.


There is a lot of excellent public domain
software out there.  Let's work together.
Don't let these crumbs spoil our fun.


------------------------------------------

What do you do after you run a trojan
horse?  The remedy depends on the type of
damage done.  Norton Utilities and other
undelete utilities will do no good against
certain types of disk damage.

It is possible to restore a high-level
formatted disk, but the process is so
tedious and time-consuming, it may be
not practical to retrieve more than a
small number of files.

There are utilities to recover from a
scrambled FAT or a high-level format, but
these only work when some backup is done
ahead of time (either manually or by
installing an automatic memory-resident
routine.)

For low-level formats, or overwritten
sectors, there is no remedy beyond a
recent backup.  The single best prevention
remains regular back-ups.  This is true
regardless of how your disk gets damaged.

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.