laba-5ac@web7f.berkeley.edu (04/18/88)
I have found a bug in FLUSHOT+ which may be a fairly serious limitation with the software. After installing it and setting the P=c:command.com to stop writing to my command.com files, I decided to try it out. I did an erase command.com from DOS and it worked. I was fairly impressed (this is the first of the FLUSHOT programs I have tried to run). Then, I loaded XTree Professional and deleted the file. No complaint from FLUSHOT. From XTree, you can delete any file on your hard drive, even if it is protected by FLUSHOT, and FLUSHOT won't even tell you about it. It seems like a virus could be then be written that could wipe out all the files on your hard drive by erasing them in the same way that Xtree does. I don't know how to contact the author of FLUSHOT directly without calling his BBS, so I'm posting this message in the hope that he will eventually receive it. --------------------------------------------------- Erik Talvola laba-5ac@widow.berkeley.edu "I don't impress easy." -- Jesse "The Body" Ventura ---------------------------------------------------
W8SDZ@SIMTEL20.ARPA (Keith Petersen) (04/18/88)
Erik, you can send mail to the author of FLUSHOT+, Ross Greenberg, via
netmail. His address is:
Arpa: ditka!ramnet!flushot@BELLCORE.ARPA
Uucp: bellcore!ditka!ramnet!flushot
--Keith Petersen
Arpa: W8SDZ@SIMTEL20.ARPA
Uucp: {decwrl,harvard,lll-crg,ucbvax,uunet,uw-beaver}!simtel20.arpa!w8sdz
GEnie: W8SDZtneff@atpal.UUCP (Tom Neff) (04/19/88)
In article <8855@agate.BERKELEY.EDU> laba-5ac@widow.berkeley.edu () writes: > > I have found a bug in FLUSHOT+ which may be a fairly serious limitation >with the software... > ... From >XTree, you can delete any file on your hard drive, even if it is protected >by FLUSHOT, and FLUSHOT won't even tell you about it. Yup, this is a limitation on FLUSHOT. *NOT* a bug. (It would be a bug if FLUSHOT claimed to handle XTree and other Norton-type utilities, which it doesn't.) I'm sure the FLUSHOT author is acutely aware that if you don't use the DOS file-handling services to manipulate COMMAND.COM and other protected files, he doesn't catch you. After all, he wrote the code. So yes, a trojan/virus could be written that circumvents FLUSHOT. That's one reason you should back up your system regularly and not run unexamined software you get from others, rather than relying on "vaccines" and other such nostrums. -- Tom Neff UUCP: ...uunet!pwcmrd!skipnyc!atpal!tneff "None of your toys CIS: 76556,2536 MCI: TNEFF will function..." GEnie: TOMNEFF BIX: are you kidding?
dick@slvblc.UUCP (Dick Flanagan) (04/19/88)
In article <129@atpal.UUCP> tneff@atpal.UUCP (Tom Neff) writes: > In article <8855@agate.BERKELEY.EDU> laba-5ac@widow.berkeley.edu () writes: > > I have found a bug in FLUSHOT+ which may be a fairly serious limitation > >with the software... ... From > >XTree, you can delete any file on your hard drive, even if it is protected > >by FLUSHOT, and FLUSHOT won't even tell you about it. > > Yup, this is a limitation on FLUSHOT. *NOT* a bug. (It would be a bug > if FLUSHOT claimed to handle XTree and other Norton-type utilities, which > it doesn't.) I don't know if I would classify the popular BRIEF editor as being a "Norton-type" utility, but it can read files that FLUSHOT+ is trying to read-protect, and it can write files that FLUSHOT+ is trying to write-protect, all without FLUSHOT+ ever saying a word. Even though I'm a regi$tered user of FLUSHOT, it looks like it's not good for much more than keeping an occasional eye on my CMOS and for checksumming system files. Any virus worthy of its slimy name would certainly use whatever file handling mechanism BRIEF does and simply leave FLUSHOT+ guarding an infected or empty disk. Dick -- Dick Flanagan, W6OLD GEnie: FLANAGAN UUCP: ...!ucbvax!ucscc!slvblc!dick Voice: +1 408 336 3481 Internet: slvblc!dick@ucscc.UCSC.EDU LORAN: N037 04.7 W122 04.6 USPS: PO Box 155, Ben Lomond, CA 95005