TMPLee@DOCKMASTER.ARPA (03/11/89)
As a professional in the computer security game I'd like to publicly complement Morgan Davis on his article in the recent A+ on viruses. It is both well-written and technically accurate. I do not believe it over-sensationalizes the problem or the risks. (The situation is actually somewhat worse than the tone of his article, despite the closing paragraph, would lead you to believe -- NONE of the existing defensive programs would be a match for any reasonbly clever person seriously intent on doing as much damage as he could.) (I have one minor quibble about the article: it says that an Applesoft program can't be the source of a virus. Not true -- who knows what's buried in the machine code most complex Applesoft programs poke into memory from DATA statements? And, for that matter, if I even just had a 20,000 line applesoft program in front of me I wouldn't know what it was doing anyway, DATA statements, peeks and pokes or not.) Given the situation it bothers me tremendously that there still isn't a good hard disk backup program for ProDos. Neither the package in ProSel nor the one from Quality Computers (I forget the title) does incremental backups, which is the only feasible way to deal with a reasonable size hard drive, and BackUpII from Apple seems to have some fatal bugs that make it impossible (for me at least) to use. TMPLee@Dockmaster.arpa
ART100@PSUVM.BITNET ("Andy Tefft 862-6728", 814) (03/12/89)
Original note: > >As a professional in the computer security game I'd like to publicly >complement Morgan Davis on his article in the recent A+ on viruses. It >(I have one minor quibble about the article: it says that an Applesoft >program can't be the source of a virus. Not true -- who knows what's >buried in the machine code most complex Applesoft programs poke into >memory from DATA statements? And, for that matter, if I even just had a >20,000 line applesoft program in front of me I wouldn't know what it was >doing anyway, DATA statements, peeks and pokes or not.) > >TMPLee@Dockmaster.arpa Well, how about embedding machine language (relocatable of course) at the end of an Applesoft program, then moving the program end pointer back to accomodate the extra bytes? It would be invisible to the LIST command. Apple used to do this an awful lot, actually it was more common in Integer BASIC programs. Nice way to make sure your machine code stays with the program, and if you make the code relocatable, you can even modify the Applesoft and still have it work (you just CALL xxx bytes back from the program end pointer, xxx stays constant...) Yes, Applesoft can transmit viruses. Andy art100@psuvm.bitnet / a1t@ecl.psu.edu PS - I just rented a 2400 baud modem for a month... should have bought one long ago! This is niiiiiice...
ALBRO@NIEHS.BITNET (03/13/89)
art100@psuvm.bitnet / alt@ecl.psu.edu wrote about the possibility of putting a virus in machine language attached at the end of a BASIC program and therefore invisible to the LIST command. Quite possible, but somewhere in the program there will have to be a CALL to somewhere you didn't load any code, which would be a dead give-away. All you have to do is list the BASIC program into a text file and EXEC it back, then resave it and you get rid of appended, unlistable code (assuming it isn't perfectly innocent and required for the program.)
JDA@NIHCU.BITNET (Doug Ashbrook) (03/13/89)
> Given the situation it bothers me tremendously that there still isn't a > good hard disk backup program for ProDos. Neither the package in ProSel > nor the one from Quality Computers (I forget the title) does incremental > backups, which is the only feasible way to deal with a reasonable size > hard drive, and BackUpII from Apple seems to have some fatal bugs that > make it impossible (for me at least) to use. ProSel-16 does incremental backups. The cost of the package is $60; updates to ProSel-16 for current owners of ProSel-8 is $20. It is only available directly from the author: Glen E. Bredon 521 State Road Princeton, NJ 08540 ------------------------------------------------------------------- J. Douglas Ashbrook (301) 496-5181 BITNET: JDA@NIHCU ARPA: jda%nihcu.bitnet@cunyvm.cuny.edu National Institutes of Health, Computer Center, Bethesda, MD 20892
mdavis@pro-sol.cts.com (Morgan Davis) (03/14/89)
Simply stated, an Applesoft BASIC program (BAS file) cannot be infected by a propogating virus (at least none of the current strains) because only SYStem applications are targetted. So BAS files are safe from infection. Now, (jeez) this doesn't mean that somebody cannot write a BASIC program that pokes dangerous machine code into memory. What the article stated was that tokenized Applesoft files are safe from infection because the BASIC interpreter in ROM only knows how to parse the tokens and execute the proper subroutines that are burned into the Applesoft ROM code. If, say, Festering Hate were attached to the end of a BASIC program, you could "RUN" it without any fear of catastrophe. This also includes the old trick of appending machine code to the end of a BASIC program. Unless there is a command (CALL whatever) in the BASIC program itself to jump-start that appended code, you're safe. Since BASIC programs include both their own source and runtime code, you're advised to LIST any program you download to see if it does something nasty or mysterious. Besides, it doesn't take machine code and viruses to endanger your computer. All someone has to do is write a routine in Applesoft that opens up your volume directory (good old "OPEN" and "READ" commands in BASIC) and then proceed to delete your files with DELETE. --Morgan Davis UUCP: crash!pnet01!pro-sol!mdavis ProLine: mdavis@pro-sol ARPA: crash!pnet01!pro-sol!mdavis@nosc.mil MCI Mail: 137-6036 INET: mdavis@pro-sol.cts.com APE, BIX: mdavis