GA.NES@ISUMVS.BITNET (SCHUESSLER) (04/05/88)
Well, folks, I am totally confused about this virus stuff. In reading
about them in a local paper (Today section DesMoines Register) about
monitors exploding, and hard disks crashing, I don't see how anybody
could possibly write a virus that would get by enough people to become
dangerous. Please examine my reasoning, and point out where I missed
something.
----------------------------------------------------------------
Suppose I wish to write a virus. I have read that the operating
system is the place where they're supposed to be put. Here are some
problems:
1. How do I add routines to prodos w/o changing the block length?
I don't know about anyone else, but I think I would
probably notice that Prodos would take longer to boot, or
that it was 32 blocks instead of 31.
2. Viruses are supposed to "spread" themselves. Spreading implies
(to me at least) saving themselves on other disks in other drives,
which would be extremely obvious if you did a catalog of drive1
and it went to drive2, or it would suddenly start working on the
disk w/o direct commands from the keyboard. Equally suspicious
would be a slow catalog listing (with a virus 'spreading' itself
sometime during the execution of the command).
3. The next thing in question is the delayed effect, which no doubt
is done by incrementing a counter each time it is executed. In
order to retain this value, it must be stored back on the disk
which causes another timing problem as far as working with the
disk is concerned.
4. To spread itself, it must know the volumes on line, which
have prodos copies that are not infected already (which will
take a bit of code to check for) and then probably set some
flags to point to the clean copies so that when executed next
it can spread itself.
5. Finally, there is the problem of doing all the things viruses
are famous for in 200 bytes or less. I don't know about anyone
else....maybe it's just me, but I can't do all that fancy I/O
in 200 bytes or less ( which is supposed to be the optimum length).
That's w/o the fancy routine to time the spreading with save/bsave
load/bload's which would be a nightmare in itself.
With all that to worry about, why would anyone go through all the trouble?
Maybe I could see it possible for someone who just uses the software, and
doesn't do the programming/doodling around with operating systems to miss
the differences, but I hardly think that it would result in a major crisis
to society.
Also--Is it legal to create a 'harmless' virus to see if it works
and you supply an antidote?
/---------------------------\
| /-----------------------\ |
| | Niko Schuessler | |
| | GA.NES@ISUMVS | |
| | Iowa State University | |
| | | |
| \-----------------------/ |
\___________________________/
\ ^ 1 2 3 4 5 6 7 8 9 0 - +\
\ Q W E R T Y U I O P [ ] \
\ A S D F G H J K L ; ' \
\ < Z X C V B N M , . / \
\__________________________\