rokicki@rocky.STANFORD.EDU (Tomas Rokicki) (10/08/87)
Because I never boot from anyone else's disks, but rather copy their software onto one of my customized workbench disks, I am quite safe from the virus. I suspect a number of other people work this way too. I am working on a small document indicating ways of using the Amiga effectively. I am mentioning, for instance, FACC, Conman, vd0:, using the ram disk effectively, etc. To help me in this, I would appreciate a note from anyone who has a second to give me the following information: - Their hardware configuration - Utility software they use - The editor they use - Their boot sequence (i.e., I copy an entire standard workbench floppy into VD0:, make all of the assigns point to vd0:, and then use both floppies as working space . . .) including what files they keep in RAM:, if any. - What they do with their machine the most (compile, text processing, etc.) Of course, you only need give me the information you want. I will post the resulting `article' to the net. Thanks! -tom
fgd3@jc3b21.UUCP (Fabbian G. Dufoe) (10/09/87)
In article <650@rocky.STANFORD.EDU>, rokicki@rocky.STANFORD.EDU (Tomas Rokicki) writes: > Because I never boot from anyone else's disks, but rather copy > their software onto one of my customized workbench disks, I am > quite safe from the virus. I suspect a number of other people > work this way too. You might be safe from this particular virus, but that technique certainly won't guarantee safety from any destructive software. Consider how simple it would be to have a program open the boot file on your Workbench disk, install a patch, close the file, and then perform some routine task that makes it look like a normal, healthy program. Then, next time you boot from that Workbench disk you get a "gotcha" message. If you don't know what's in the software you are copying to your customized Workbench disks you are at risk. One approach is a quarantine: use software that might be corrupt with Kickstart and Workbench disks that are never used with any of your good software. Sterilize your system (by cold starting) after every use of suspect software before using the good stuff. Once you have used a suspect program long enough to feel confident it isn't infected you can transfer it to your good stuff, but there is always a slight risk. --Fabbian Dufoe 350 Ling-A-Mor Terrace South St. Petersburg, Florida 33705 813-823-2350 UUCP: ...gatech!codas!usfvax2!jc3b21!fgd3
pes@ux63.bath.ac.uk (Smee) (01/21/88)
(The first bit of this might be of 'world' interest. The last bit may not.)
(From an article in Popular Computing Weekly today, excerpted without
permission.)
The manager of Silica Shop has commented that the situation is very serious,
'Especially for those ... in the retail trade where you're demonstrating
software all the time, and suddenly, Bash, half your stock is gone.' (The
problem, of course, being that even a 'friendly gosh-amn't-I-clever' virus
will completely screw up commercial disks which rely on the boot sector for
protection or startup.) He fears 'the brand new user may be put off buying
programs or even Amigas'.
(Quick mini-flame) -- I think the people who write viruses ought to be
strung up by their (pick a sensitive bit according to the sex of the
perpetrator) and left for the vultures. They don't do anyone any good, and
even the 'fun' ones aren't...
(Useful bit, at least in the UK) -- A 'virus killer' which *should* deal
with both the original 'SCA' and the 'mutated CCW' viruses can be got by
sending a blank 3.5 inch disk, and a stamped address envelope (so they can
return your disk) to:
Amiga Virus Killer
Silica Shop
1-4 The Mews
Hatherly Road
Sidcup, Kent DA14 4DX
(I think someone mentioned a North American source for this. If any other
non-UK folk want to try it, that's in England -- and you'd probably need to
include an addressed envelope and some International Reply Coupons instead
of the stamps.)
Disclaimers: I don't know if the killer works or is safe. I don't use an
Amiga. I have no connection with PCW except as a reader; and I have no
connection with Silica Shop except that I occasionally buy things from them
for my <machine the mere mention of whose name in this newsgroup would set
off another round of flame wars>, and I've always found them helpful and
knowledgeable about that.
Good luck. I really mean that, even if I do still prefer my <***>...papa@pollux.usc.edu (Marco Papa) (01/24/88)
In article <2104@bath63.ux63.bath.ac.uk> pes@ux63.bath.ac.uk (Smee) writes: >(Useful bit, at least in the UK) -- A 'virus killer' which *should* deal >with both the original 'SCA' and the 'mutated CCW' viruses can be got by >sending a blank 3.5 inch disk, and a stamped address envelope (so they can >return your disk) to: > > Amiga Virus Killer > Silica Shop [address omitted] >Disclaimers: I don't know if the killer works or is safe. I don't use an ^^^^^ ^^^^^^^ >Amiga. I have no connection with PCW except as a reader; and I have no >connection with Silica Shop except that I occasionally buy things from them A word of caution. The Amiga Virus Killer distributed by Silica AND Amiga User International (another UK magazine) is "THE VIRUS PROTECTOR V1.0", Copyright (c) 1987 by the Mega-Mighty Swiss Cracking Association, the same jerks that created the original viruses. I understand that this was the Virus Killer that was sent to Commodore and that Commodore did NOT release to the nets since it came only in binary form. Would you trust the people that broke your disks in the first place, without seeing the source code for the Virus Killer? Not for me, thank you. -- Marco
cthulhu@athena.mit.edu.UUCP (02/11/88)
In article <2650@encore.UUCP> soper@encore.UUCP (Pete Soper) writes: > > Why not have a program that says "insert a known good disk", reads this >disk's boot block, then says "now insert the disk to test", and then >compares this boot block with the known good one. <a> Why bother messing around with reading a good disk, which might even have been corrupted itself -- the war zone of viruses is a dangerous environment, and disks on the front line tend to get hurt. The boot block is sufficiently small that it could just be kept as a part of the virus checker. Or you could simply use a checksum like Vcheck1.9 does. It would be REAL tough to write code that would checksum to the same value as the original code, and virtually impossible to write one that would run through two different checks (check both the sum and a sum of all the bytes exclusive or'd with 27 or shifted left or whatever...) <b> An idea: How about a program which reads boot blocks of disks and saves copies if they are abnormal. A library of as many as 80 boot blocks could be kept on one disk. When the virus strikes and kills a copy protected disk, you could use this utility to restore the boot block. I don't think any copy protection scheme can prevent the copying of the boot block, as the system must be able to read it... am I right? Perhaps this utility could be added to a disk catalogger or something, which would make it doubly useful... -- Jim
soper@encore.UUCP (Pete Soper) (02/12/88)
Why not have a program that says "insert a known good disk", reads this
disk's boot block, then says "now insert the disk to test", and then
compares this boot block with the known good one. If they don't compare,
bingo. This would also handle game disks or whatever that have boot blocks
intentionally modified, since you can get an original (that you've
kept under your bed, from a friend, etc) to run the test with. For all
the rest you would just need a known good vanilla bootable disk.
--
--------------------------------------------------------
Pete Soper, Encore Computer Corp (919) 481-3730)
arpa: soper@multimax.arpa (192.5.63.14)
uucp: {necntc,talcott,ihnp4,decvax,allegra}!encore!soperrwallace@vax1.tcd.ie (04/06/90)
In article <1990Apr3.113209.2051@iesd.auc.dk>, claus@iesd.auc.dk (Claus S. Jensen) writes: > Hello. > > Does anybody out there know, if it is possible to write on > a write-protected disk, and in that way, infect it with a > virus? If it possible, how can it be done ? > > Claus S.Jensen (claus@iesd.auc.dk) It is NOT possible. You can make the operating system think you've written to a write-protected disk but it's physically impossible to alter its contents in any way. "To summarize the summary of the summary: people are a problem" Russell Wallace, Trinity College, Dublin rwallace@vax1.tcd.ie
salan@umn-d-ub.D.UMN.EDU (Salim Alam) (04/07/90)
In article <6368@rouge.usl.edu> wakres01@pa.usl.edu (Stelly John B) writes: > >To the best of my knowledge (as an electrical engineering student who repairs >amigas and C64's) it is impossible to write to a write protected disk using the >amiga's disk controller, and currently there is no way of using the disk drive >on a standard amiga without going through the controller... > I have recently discovered that my old A1010 drive does not care whether the disk is write protected or not -- programs that write to the drive merrily write away even if the write protect tab is set...
md3b+@andrew.cmu.edu (Matthew Donald Drown) (04/08/90)
Whatever happened to the statement "Innocent, until proven guilty?" A guy asks a simple question, and already someone is accusing him of writing a virus. This overblown paranoia is driving me nuts, it is not needed. Please don't continue this arguement publically, because I have already posted my opinion on this subject a couple weeks ago. If you would like to mail me, feel free. Damn, this reminds badly of how QLink kicked me off because they didn't like me. Ex-Qlink handle:Nemesis. Any OLD qlinkers out there? -Matt Drown (md3b+@andrew.cmu.edu)
yorkw@stable.ecn.purdue.edu (Willis F York) (04/08/90)
Well I was reading through the Virusx 4.0 Docs and i was wondering if the "Non-Boot Block Virusexs" could infect a program and then if ya powerpacked the program could the virus "Hide" inside the Packed Code. Could KV (Kill Virus) find the Powerpacked virus code inside a ppak'ed prog? I was wondering this because basicially ALL my programs are Power Packed. Well I was going to mail this to Steve Tibbit but i can't find his address anywhere. Well Just a few thughts.
sam@ms.uky.edu (Michael W. Mills) (04/10/90)
salan@umn-d-ub.D.UMN.EDU (Salim Alam) writes: >In article <6368@rouge.usl.edu> wakres01@pa.usl.edu (Stelly John B) writes: >> >>To the best of my knowledge (as an electrical engineering student who repairs >>amigas and C64's) it is impossible to write to a write protected disk using the >>amiga's disk controller, and currently there is no way of using the disk drive >>on a standard amiga without going through the controller... >> Actually, you CAN write to a write protected disk on a C64 (and 1541 disk drive)...you've got 1K (I think, its been a while) in which you can write a program that calls the write routine (which is in ROM) after it checks for the write protect switch. Well, there's a little more set up to it than that, but it is possible... Ahh, the good old days...
jmeissen@oregon.oacis.org (John Meissen) (04/11/90)
In article <9004061744.AA13588@jade.berkeley.edu> C503719@UMCVMB.MISSOURI.EDU ("Baird McIntosh") writes: [stuff deleted] >hope that my assessment is incorrect. In any case, I don't think there is a >way in software to write to a write-protected disk; the hardware won't allow >this type of write to occur (which is perfectly reasonable and expected). > Unfortunately, the write protect mechanism involves an optical detector. If the light source is not functioning it is the same as write-enabling the disk. A defective drive will allow writing to a protected disk. Proper fail-safe design would have reversed the modes, so that a closed tab meant write-protect. A failure in that case would mean a default of write-protect.
jmc@inesc.UUCP (Miguel Casteleiro) (04/12/90)
In article <444@oregon.oacis.org>, jmeissen@oregon.oacis.org (John Meissen) writes: < In article <9004061744.AA13588@jade.berkeley.edu> C503719@UMCVMB.MISSOURI.EDU ("Baird McIntosh") writes: < [stuff deleted] < >hope that my assessment is incorrect. In any case, I don't think there is a < >way in software to write to a write-protected disk; the hardware won't allow < >this type of write to occur (which is perfectly reasonable and expected). < > < Unfortunately, the write protect mechanism involves an optical detector. If the < light source is not functioning it is the same as write-enabling the disk. A < defective drive will allow writing to a protected disk. < Proper fail-safe design would have reversed the modes, so that a closed tab < meant write-protect. A failure in that case would mean a default < of write-protect. Yes, indeed. And if you want to take the Amiga to an exposition and you want to jam the drive so nobody can copy software from the hard-disk, it's a mess. It would be much more simple to jam the drive if a closed tab means write-protect. -- __ Miguel Casteleiro at __ /// INESC, Lisboa, Portugal. "A known signal conveys no \\\/// Only UUCP: ...!mcsun!inesc!jmc information." - A. Bruce Carlson \XX/ Amiga
sparks@corpane.UUCP (John Sparks) (04/12/90)
salan@umn-d-ub.D.UMN.EDU (Salim Alam) writes: >In article <6368@rouge.usl.edu> wakres01@pa.usl.edu (Stelly John B) writes: >> >>To the best of my knowledge (as an electrical engineering student who repairs >>amigas and C64's) it is impossible to write to a write protected disk using the >I have recently discovered that my old A1010 drive does not care >whether the disk is write protected or not -- programs that write to >the drive merrily write away even if the write protect tab is set... Sounds like your drive is the culprit here. I think that the amiga drives have a failure mode that makes the drive writable in the event of the write detect failing. In other words, your drive can't tell whether the disk is protected or not anymore so it assumes that it is not protected in order to let you get some use out of it. It should be repaired. My old 1010 drive does work and will not write to a write protected disk. -- John Sparks | D.I.S.K. 24hrs 2400bps. Accessable via Starlink (Louisville KY) sparks@corpane.UUCP | | PH: (502) 968-DISK The future isn't what it used to be.
dueker@xen.arc.nasa.gov (Chris Dueker) (04/14/90)
In article ..., salan@umn-d-ub.D.UMN.EDU (Salim Alam) writes... > >I have recently discovered that my old A1010 drive does not care >whether the disk is write protected or not -- programs that write to >the drive merrily write away even if the write protect tab is set... Last Xmastime, I popped in a disk in df0: of my old A1000 and found out that the info command showed it as being writeable. Turned out that there was enough "fuzz" (cloth fibers, dust, etc) to prevent the little pin that detects read-only disks from working properly. I just reached in there and tried to remove as much as the fuzz as I could. It worked. The drive began recognizing read-only disks. ------------------------------------------------------------------------ "Ah, Benson, you are so mercifully free of the ravages of intellegence!" "Oh, thank you, Master!" - from the movie, TIME BANDITS ------------------------------------------------------------------------ dueker@xenon.arc.nasa.gov | Chris Dueker (The Code Slinger) dueker@krypton.arc.nasa.gov | Computer Sciences Corp. duke@well.sf.ca.us | Mtn. View, CA
FelineGrace@cup.portal.com (Dana B Bourgeois) (04/14/90)
Regarding the talk about whether an open or closed write protect tab should represent "Write Protected": Isn't there an extra gate on the circuit latch circuits inside the drive that could be used to invert the write protect logic signal? That would take care of the problem wouldn't it? And you can just do it to your own computer drives since it won't make your disks incompatible or anything bad like that. How about it hardware gurus, can it be done and if so, exactly how? Dana Bourgeois @ Cup.Portal.Com Better .sigs through electro-chemistry