ahonen@kullero.uta.fi (Anssi Ahonen) (11/27/90)
Amiga virus situation is getting worse. It seems that after a long break those idiots who program viruses for the amiga are once again creating new diseases for our beloved computer. 1) Bootblock viruses There must be about 30-40 of them nowadays. Not very dangerous, but some of them are very destructive ("The Lamer Exterminator", for example"). Bootblock viruses are easy to catch with every decent virus killer. 2) Disk-validator viruses Under Kickstart 1.2 and 1.3 (don't know about the 2.0?) you can put your own program code into the l:disk-validator. To spread this kind of virus you just insert an infected disk in ANY disk drive ANY time. How many of our current virus killers check the disk validotor? None! And there is already at least one virus written in this fashion around. 3) Link viruses There are new BAD link viruses around (like "The Travelin' Jack"). Current virus killers don't even notice them. We need a new virus killer program. A program designed to check reset-vectors, interrupt-vectors, resident libraries, disk-validator and executables. A program we can TRUST! -- Anssi 'Affe' Ahonen "You're never dead till you're out of quarters"
cmw1725@tamsun.tamu.edu (Christopher Walton) (11/28/90)
Amiga virus situation is getting worse. It seems that after a long break those idiots who program viruses for the amiga are once again creating new diseases for our beloved computer. 1) Bootblock viruses There must be about 30-40 of them nowadays. Not very dangerous, but some of them are very destructive ("The Lamer Exterminator", for example"). Bootblock viruses are easy to catch with every decent virus killer. 2) Disk-validator viruses Under Kickstart 1.2 and 1.3 (don't know about the 2.0?) you can put your own program code into the l:disk-validator. To spread this kind of virus you just insert an infected disk in ANY disk drive ANY time. How many of our current virus killers check the disk validotor? None! And there is already at least one virus written in this fashion around. 3) Link viruses There are new BAD link viruses around (like "The Travelin' Jack"). Current virus killers don't even notice them. We need a new virus killer program. A program designed to check reset-vectors, interrupt-vectors, resident libraries, disk-validator and executables. A program we can TRUST! -- Anssi 'Affe' Ahonen "You're never dead till you're out of quarters" *********** Why don't you get VDK from Chris Hames of Australia, it works quite well on most of the things you metioned. Try it, you will like it. Christopher Walton cmw1725@tamsun.tamu.edu
peterk@cbmger.UUCP (Peter Kittel GERMANY) (11/28/90)
In article <1836@kielo.uta.fi> ahonen@kullero.uta.fi (Anssi Ahonen) writes: > >We need a new virus killer program. A program designed to check reset-vectors, >interrupt-vectors, resident libraries, disk-validator and executables. This is a permanent issue in the war virus programs against anti-virus programs: If we had a STANDARD anti-virus program, then every virus programmer could train his virus to fool this checking program. So you will NEVER have ONE all-purpose and all-time-valid anti-virus program. But most of your wishes can get satisfied already. Every virus that infects an existing file (be it library or executable), is detectable through a good CRC checking program. (There is one on the fish disks, but I haven't own experience with it.) When a virus changed a file, the CRC program should notice that. And a "good" CRC program should add a feature like "configuration" that enables you to choose your own polynome for the CRC computation. Otherwise, if always the same polynome were used, a virus could outperform that by adding some checksum-like bytes to restore the CRC sum to the old value. But if the virus doesn't know about the mechanism details how the CRC is computed, it can't take any actions against it. So my attempt to such a program was to use a PD wordcount program, let it run on EVERY file on my HD (yes, also data files), store this check program and the result (long list of all files with paths included and their wordcount results) on a separate floppy disk, and when running this program again, I got a list of which files were new/deleted since last time and which files changed. So I at least get an alarm, when one of my executables or other system files was changed not intentionally. But this concept suffers from a different caveat that is the reason why I still don't use it regularly: 1. I use a wordcount program, where the checksum is NOT configurable (should code my own one), 2. the data file with the results gets so big it doesn't fit on a single floppy. So I still have to work on a way to compact this file considerably. I already have some ideas, but not the time to put them into code. So this is the way development should take for this kind of virus protection programs. The other kind still should check the system vectors in the Amiga RAM and floppy bootblocks. And there we can achieve some progress, too, sure. -- Best regards, Dr. Peter Kittel // E-Mail to \\ Only my personal opinions... Commodore Frankfurt, Germany \X/ {uunet|pyramid|rutgers}!cbmvax!cbmger!peterk