patth@dasys1.UUCP (Patt Haring) (03/22/88)
ATTENTION
ATTENTION
We have a problem in the Apple computer family. Viruses have begun to
invade our programs.
A little history and background is in order- firstly, what is a virus? A
virus is a small program that is hidden inside any larger program. A virus
acts to create damage to the user's system- it might do this by erasing the
hard drive or by wiping out any data currently in memory. A virus might lie
dormant, hidden inside the parent program for a great period of time but all
of a sudden it might come to life and crash your entire system.
Where do viruses come from? Well, they come from a number of places. The
first place a virus starts is in the mind of a very disturbed person, a person
who wants to do nothing but wreak havoc among many computer systems. This
person sits down and writes a few lines of computer program that does the
necessary damage. He could modify the virus so that it does not activate until
a certain condition has been met- a set number of copies of the master, a set
number of operations in a program, or even set the virus to become active on a
certain date or time. All of these things are easy to do, many other
conditions might be possible as well. Finally, when this condition is met, the
virus wakes up and does it's damage.
How is a virus spread? The most commonn way for a virus to spread is for
it to be tied into a program that is spread about a great deal. Prime targets
are Public Domain and Freeware programs that are easy to upload and download
from
telecommunications services (Genie, The Source, Compuserve) and private
bulletin boards. Every time the infected program is uploaded to another
system, or copied and given to a friend, the virus is spread. Remember, the
virus is small and totally hidden- there is no way to know that you are
passing on the virus.
Just as an aside- if you think that this is a joke- think again. The
action of the computer virus is the same as a virus that infects people-
that's why it's called a virus. Just like the AIDS virus, and the Hepatitis
virus, you can pass it along without even knowing that you have done so.
Why are viruses just entering into the Apple world? The computer virus is
not a new thing. There have been viruses around for IBM and IBM compats for
over a year. There is a simple reason for their spread into the Apple world.
One of the worst things that a virus could do is wipe out a hard drive- on IBM
and compats, if the system has a hard drive, the hard drive is always
connected and turned on- you can't operate the computer without the hard
drive. Therefore, the computer is always open to attack- every time the
computer is turned on, it's a sitting duck. In the Apple II series of
computers, all the hard drives are external and can be turned off. An Apple II
will run without it's hard drive, it's not a sitting duck all of the time.
THIS WILL BE OUR FIRST LINE OF DEFENSE. Also, with the growth of the Apple II
GS, will come an increase in the number of large (20,40 and 60 meg) hard
drives that people will use- these large drives are an inviting target to
these virus writers and I am sure that plenty of shots will be fired. For the
Mac series, several models have internal hard drives- these are just as open
to attack as the IBM systems. As more and more of these systems are put into
use, the number of targets will increase as will virus activity.
How do we protect ourself and our systems?? There are several things that
we can do to try and limit the spread and damage of the viruses.
1) If you are in the habit of downloading software from
telecommunications boards- keep all hard drives turned off during the download
process. I MEAN POWER OFF, NOTHING SPINNING- A WELL WRITTEN VIRUS CAN BREAK
THROUGH MANY THINGS- THE ONLY SURE PROTECTION IS TURN IT OFF. Download into
RAM disks and transfer to 3.5 or 5.25 floppy or download right to floppys.
2) Once you have the program on a floppy disk, I suggest that you run it
from a floppy several times before letting any hard drives come on-line. If
the virus is tied into a set number of boot-ups, you might save your self in
this way. Also, exit the program through the proper channels- a virus counter
could be tied into the quit routines as easily as the boot routines.
3) Backups- there is a possible problem with backups. If the virus is the
type that lies dormant for a long period of time, it might wait until the
backups are infected before becoming active. Then you go to your backups and
everything seems fine but the virus is there, embedded somewhere deep in the
backup disks and sure enough, it will wake up when it's conditions are met and
will cause it's damage. One possible answer is to make frequent backups and
keep the old ones- don't use the same disks over and over. An example- let's
assume that you back up your system twice each week. If you were to save
backups for 4 weeks then you would have 8 sets of backups to fall back on. I
admit that the further back you go, the older the data is but having to
recreate 2 or 3 weeks of data would be better than recreating an entire
database or financial record. The more backups you have to fall back on, the
better off you might be if the virus strikes. Also, if you can separate
volumes on your hard drive- place programs separate from data. When you backup
your system, there will be separate backups sets for each hard drive volume-
if the virus is hidden in the programs, your recent data backups might be
spared. Don't assume that this is the great cure- a creative virus writer can
put tags into data files that are written with the infected program and cause
the data to crash as well. This is just a thought that might help.
4) Protect business data carefully- if you use your computer for both your
business and pleasure try not to mix the two areas. Keep business data on a
separate hard drive and only use it with proven, safe, properly obtained
programs. Let's get right down to it- let the business buy it's own system and
keep it separate from the home- a business expense is deductible through the
business anyway. If you lose the business database because you wanted to try
out that new program that your friend just gave you, won't you feel foolish or
even loose your job??? Keep business and pleasure separated.
5) Be careful of what you download- a virus could be hidden in anything.
Possible targets are:
CDA's, NDA's, and fonts for the Apple II GS
New versions of popular programs and utilities- the only new thing if
the virus that the hacker has added and the change he made to the version
number.
Picture files, song and voice files and other
'execable' files. These are files that you 'run' and they show you a picture
or play a song while they implant themselves into or destroy your system.
Remember that the virus writer is a very smart person. They have advanced
knowledge of machine language programming, disk operating systems, data
manipulation, and a knowledge of where to hide the virus to do the most
damage. The virus will pe placed in the programs that will spread the fastest
across the country and from BBS system to BBS system. Prime targets will also
be hacked versions of games- these move quite quickly as pirates spread them
across systems.
Our best defense is to be smart- try not to use hard drives for downloaded
or other high risk programs. Keep your hard drives off as much as possible.
Make and keep several layers of backups. Test run new versions of programs and
utilities many times before making them an integral part of your system. Be
suspicious of free utilities- GS users watch out for CDA's and NDA's- GS users
are the fastest growing group of hard drive users and these new big drives are
ER
NUMBERS. I JUST HEARD THAT A FRIEND OF MINE LOST A FULL 20 MEG SIDER DRIVE
WITH A HIGHER VERSION OF PROSEL. BE CAREFUL, PLEASE.
It is going to be things like these- common utilities that will be
the infected programs because everyone wants the latest versions and everyone
assumes that the latest versions are from the factory.
Just as an aside- the Department of Defense is spearheading development of
ways to detect, prevent, and limit the spread and damage of viruses. It
appears that many databases- insurance companies, banks, stockmarkets, even
the IRS, have been tampered with. This is being viewed as an issue of national
security. There are several companies that have sprung up to aid industry in
protecting their systems- training all levels of management and production in
the do's and don'ts of computer saftey.
Please feel free to copy and upload this post to any and all systems that
you wish to but please leave in this credit: Courtesy of the Apple
Cider/Computer Corner BBS, Queens, New York. 300-1200-2400 baud 24 hours, DLX
multiuser system, official Apple and IBM users groups, 718-482-0089.
Thank you for your attention and good luck
--
Patt Haring {sun!hoptoad,cmcl2!phri}!dasys1!patth
Big Electric Cat Public Access Unix (212) 879-9031 - System Operator
Three aspects of wisdom: intelligence, justice & kindness.laba-4an@web8b.berkeley.edu (Andy McFadden) (03/23/88)
Anybody out there remember "cancer DOS?" It wrote itself onto DOS 3.3 disks whenever you swapped them, and very carefully made a copy of itself whenever you tried to "PR#6" with a new disk. Never touched a write protected disk, so it never gave itself away until the fatal moment. Every once in a while the disk you were using would erase itself. Without warning of any kind, the disk drive would suddenly scrub the floppy. This kind of virus is like a Terminator with rubber skin - easy to spot. The //gs presents a whole series of interesting problems (especially desk accessories...) Even the stuff posted here may not be safe anymore (disconnect drives while generating fractals unattended!) -- "[the computer]'s dead, Jim!"
gwyn@brl-smoke.ARPA (Doug Gwyn ) (03/23/88)
In article <3493@dasys1.UUCP> patth@dasys1.UUCP (Patt Haring) writes: >Possible targets are: > CDA's, NDA's, and fonts for the Apple II GS How are fonts a problem? You forgot to mention the best defense of all: Insist on source code, not binary, and check it carefully before using it.
neighbor@csd4.milw.wisc.edu (Jeffrey Alan Ding) (03/23/88)
In article <3493@dasys1.UUCP> patth@dasys1.UUCP (Patt Haring) writes: > > ATTENTION > ATTENTION > > > We have a problem in the Apple computer family. Viruses have begun to >invade our programs. ^^^^^^^^^^^^^^^^^^ > Hey! I want to see some PROOF that there are programs with viruses in them. I don't doubt you that programs out there may have viruses, but give the net a list of some programs that you have found these viruses in. If you know of programs that have these viruses, then SHARE the information to everyone. Also tell us WHERE you got the program from so we can avoid the infected programs. Maybe with everyones help we can track down where these programs originate. That would be no easy job for sure. neighbor@csd4.milw.wisc.edu
BHUBER@ECLA.USC.EDU (03/25/88)
I'm sitting here reading your message about computer viruses, just chuckling to myself. How do we protect ourselves and our data from computer viruses? By practicing safe computing, of course, which includes using a condom while modeming.... Have a nice day.