ahonen@kullero.uta.fi (Anssi Ahonen) (11/27/90)
Amiga virus situation is getting worse. It seems that after a long break
those idiots who program viruses for the amiga are once again creating
new diseases for our beloved computer.
1) Bootblock viruses
There must be about 30-40 of them nowadays. Not very dangerous, but some of them
are very destructive ("The Lamer Exterminator", for example"). Bootblock viruses
are easy to catch with every decent virus killer.
2) Disk-validator viruses
Under Kickstart 1.2 and 1.3 (don't know about the 2.0?) you can put your
own program code into the l:disk-validator. To spread this kind of virus you
just insert an infected disk in ANY disk drive ANY time. How many of our
current virus killers check the disk validotor? None! And there is already at least
one virus written in this fashion around.
3) Link viruses
There are new BAD link viruses around (like "The Travelin' Jack"). Current virus
killers don't even notice them.
We need a new virus killer program. A program designed to check reset-vectors,
interrupt-vectors, resident libraries, disk-validator and executables.
A program we can TRUST!
--
Anssi 'Affe' Ahonen
"You're never dead till you're out of quarters"cmw1725@tamsun.tamu.edu (Christopher Walton) (11/28/90)
Amiga virus situation is getting worse. It seems that after a long break
those idiots who program viruses for the amiga are once again creating
new diseases for our beloved computer.
1) Bootblock viruses
There must be about 30-40 of them nowadays. Not very dangerous, but some of them
are very destructive ("The Lamer Exterminator", for example"). Bootblock viruses
are easy to catch with every decent virus killer.
2) Disk-validator viruses
Under Kickstart 1.2 and 1.3 (don't know about the 2.0?) you can put your
own program code into the l:disk-validator. To spread this kind of virus you
just insert an infected disk in ANY disk drive ANY time. How many of our
current virus killers check the disk validotor? None! And there is already at least
one virus written in this fashion around.
3) Link viruses
There are new BAD link viruses around (like "The Travelin' Jack"). Current virus
killers don't even notice them.
We need a new virus killer program. A program designed to check reset-vectors,
interrupt-vectors, resident libraries, disk-validator and executables.
A program we can TRUST!
--
Anssi 'Affe' Ahonen
"You're never dead till you're out of quarters"
***********
Why don't you get VDK from Chris Hames of Australia, it works quite well
on most of the things you metioned. Try it, you will like it.
Christopher Walton
cmw1725@tamsun.tamu.edupeterk@cbmger.UUCP (Peter Kittel GERMANY) (11/28/90)
In article <1836@kielo.uta.fi> ahonen@kullero.uta.fi (Anssi Ahonen) writes: > >We need a new virus killer program. A program designed to check reset-vectors, >interrupt-vectors, resident libraries, disk-validator and executables. This is a permanent issue in the war virus programs against anti-virus programs: If we had a STANDARD anti-virus program, then every virus programmer could train his virus to fool this checking program. So you will NEVER have ONE all-purpose and all-time-valid anti-virus program. But most of your wishes can get satisfied already. Every virus that infects an existing file (be it library or executable), is detectable through a good CRC checking program. (There is one on the fish disks, but I haven't own experience with it.) When a virus changed a file, the CRC program should notice that. And a "good" CRC program should add a feature like "configuration" that enables you to choose your own polynome for the CRC computation. Otherwise, if always the same polynome were used, a virus could outperform that by adding some checksum-like bytes to restore the CRC sum to the old value. But if the virus doesn't know about the mechanism details how the CRC is computed, it can't take any actions against it. So my attempt to such a program was to use a PD wordcount program, let it run on EVERY file on my HD (yes, also data files), store this check program and the result (long list of all files with paths included and their wordcount results) on a separate floppy disk, and when running this program again, I got a list of which files were new/deleted since last time and which files changed. So I at least get an alarm, when one of my executables or other system files was changed not intentionally. But this concept suffers from a different caveat that is the reason why I still don't use it regularly: 1. I use a wordcount program, where the checksum is NOT configurable (should code my own one), 2. the data file with the results gets so big it doesn't fit on a single floppy. So I still have to work on a way to compact this file considerably. I already have some ideas, but not the time to put them into code. So this is the way development should take for this kind of virus protection programs. The other kind still should check the system vectors in the Amiga RAM and floppy bootblocks. And there we can achieve some progress, too, sure. -- Best regards, Dr. Peter Kittel // E-Mail to \\ Only my personal opinions... Commodore Frankfurt, Germany \X/ {uunet|pyramid|rutgers}!cbmvax!cbmger!peterk