soo@beach.cis.ufl.edu (Chong L Soo) (01/08/88)
Say, what are the differences between the two strains of SCA virus? I was wondering, since the SCA virus is harmless (sort of), if we let it hang around, wouldn't that stop any future versions of (perhaps harmful) virus that uses the boot block also? I mean, the good (sort of) virus would have the control of the computer on reboot if it got there before the bad virus. (Sorry) -- ------------------------------------------------------------------------------- Chong Soo (Amiga nut) soo@beach.cis.ufl.edu ARPANET/INTERNET soo%ufcsg.ufl.edu@relay.cs.net BITNET soo%ufcsg.ufl.edu%relay.cs.net@wiscvm
bill@cbmvax.UUCP (Bill Koester CATS) (01/09/88)
In article <10081@ufcsv.cis.ufl.EDU> soo@beach.cis.ufl.edu (Chong L Soo) writes: >Say, what are the differences between the two strains of SCA virus? > The second strain of SCA is just the first strain with different text. >I was wondering, since the SCA virus is harmless (sort of), if we let it >hang around, wouldn't that stop any future versions of (perhaps harmful) >virus that uses the boot block also? I mean, the good (sort of) virus >would have the control of the computer on reboot if it got there before >the bad virus. (Sorry) The two known strains of SCA will write over each other. ie infect machine with strain 1 then boot with a disk that has strain 2 on it. Strain 1 will overwrite strain 2 and vice versa. Say you infect the machine with SCA #1 and then warm boot with a disk that has a harmful virus on it (that works the same way). Then concievably SCA #1 would overwrite the nasty virus thereby destroying it. I don't recommend this, however. What about when you boot you game and forget that SCA is in memory? Goodbye game. Your still better off with no virus's. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bill Koester (CATS) >>Commodore Amiga Technical Support<< Commodore International Ltd. UUCP ..{allegra|burdvax|rutgers|ihnp4}!cbmvax!bill PHONE (215) 431-9355
sean@ms.uky.edu (Sean Casey) (01/09/88)
In article <10081@ufcsv.cis.ufl.EDU> soo@beach.cis.ufl.edu (Chong L Soo) writes: >I was wondering, since the SCA virus is harmless (sort of), if we let it >hang around, wouldn't that stop any future versions of (perhaps harmful) >virus that uses the boot block also? I mean, the good (sort of) virus >would have the control of the computer on reboot if it got there before >the bad virus. (Sorry) I love it! Core Wars played out with viruses! The good guys vs the bad guys! Sean -- -- Sean Casey sean@ms.uky.edu, sean@ukma.bitneT -- (the Empire guy) {rutgers,uunet,cbosgd}!ukma!sean -- University of Kentucky in Lexington Kentucky, USA -- "If something can go will, it wrong."
john13@garfield.UUCP (John Russell) (01/10/88)
In article <10081@ufcsv.cis.ufl.EDU> soo@beach.cis.ufl.edu (Chong L Soo) writes: >I was wondering, since the SCA virus is harmless (sort of), if we let it >hang around, wouldn't that stop any future versions of (perhaps harmful) >virus that uses the boot block also? Before anyone flames about that posting, what I think he is suggesting is something like what I hope the VCheck 2.0 will do -- hang around in memory and restore itself after boots, examine the boot block of all bootable disks you insert, warn you of a non-standard one, and ask you if it should re-install that disk. Commercial games would be safe, and you wouldn't keep having to run install yourself. John -- "She's sort of a 'pit baby', with interlocking jaws. We feed her on chicken parts." "But baby-fighting has been outlawed, hasn't it?" -- Tracy Ullman describing her infant daughter to David Letterman
bobb@tekfdi.TEK.COM (Robert Bales) (01/11/88)
In article <10081@ufcsv.cis.ufl.EDU> soo@beach.cis.ufl.edu (Chong L Soo) writes: >I was wondering, since the SCA virus is harmless (sort of), if we let it >hang around, wouldn't that stop any future versions of (perhaps harmful) >virus that uses the boot block also? :-) :-) :-) Sort of like using a dead (harmless) virus in a vaccine to prevent a person from getting a disease? :-) :-) :-) Bob Bales Tektronix, Inc. I help Tektronix make their instruments. They don't help me make my opinions.
ccasttd@pyr.gatech.EDU (Thomas M. Dixon Jr.) (01/13/88)
In article <4361@garfield.UUCP> john13@garfield.UUCP (John Russell) writes: >In article <10081@ufcsv.cis.ufl.EDU> soo@beach.cis.ufl.edu (Chong L Soo) writes: >>I was wondering, since the SCA virus is harmless (sort of), if we let it >>hang around, wouldn't that stop any future versions of (perhaps harmful) >>virus that uses the boot block also? > >... what I think he is suggesting is >something like what I hope the VCheck 2.0 will do -- hang around in memory >and restore itself after boots, examine the boot block of all bootable disks >you insert, warn you of a non-standard one, and ask you if it should re-install >that disk. Commercial games would be safe, and you wouldn't keep having to >run install yourself. > >John YES... If this is not what 2.0 will do, lets get 3.0 out immed with this feature. We need a program that "hangs out" all the time and randomly checks for system corruption. Something that follows certain criterion for check intervals but also checks willy-nilly to make it hard to defeat. This way you all of a sudden get a system window saying "System Corruption Detected: DF0: Boot Block Corruption." or the like. I think this config would be the superior option. Thomas M Dixon Jr. ccasttd @ pyr.gatech.edu
haitex@pnet01.cts.com (Wade Bickel) (01/13/88)
ccasttd@pyr.gatech.EDU (Thomas M. Dixon Jr.) writes: >YES... >If this is not what 2.0 will do, lets get 3.0 out immed with this feature. >We need a program that "hangs out" all the time and randomly checks for >system corruption. Something that follows certain criterion for check >intervals but also checks willy-nilly to make it hard to defeat. This way >you all of a sudden get a system window saying "System Corruption Detected: >DF0: Boot Block Corruption." or the like. I think this config would be the >superior option. I would like to point out that any such program A) Becomes the likely target of a virus. If you can corrupt this program then you've got um. Also, if it runs on "every" system it is a commonality which can probably be exploited. B) Becomes a risk. After all, what happens if the program mutates on its own? All it takes is the wrong bit to be changed (disk error??) and your virus has a side effect. Not much of a risk, but with any program which spreads spores the numbers are bound to catch up with you! So PLEASE do not create any program that propogate themselves in a virus-like manner. Let people install the program, or add it to their start-up sequence, or tie it to a common command, or whatever, but no spores. Thanks, Wade. UUCP: {cbosgd, hplabs!hp-sdd, sdcsvax, nosc}!crash!pnet01!haitex ARPA: crash!pnet01!haitex@nosc.mil INET: haitex@pnet01.CTS.COM
ewhac@well.UUCP (Leo 'Bols Ewhac' Schwab) (01/14/88)
In article <4763@pyr.gatech.EDU> ccasttd@pyr.UUCP (Thomas M. Dixon Jr.) writes: >In article <4361@garfield.UUCP> john13@garfield.UUCP (John Russell) writes: >>something like what I hope the VCheck 2.0 will do -- hang around in memory >>and restore itself after boots, examine the boot block of all bootable disks >>you insert, warn you of a non-standard one, and ask you if it should >>re-install that disk. [ ... ] > >YES... >If this is not what 2.0 will do, lets get 3.0 out immed with this feature. >We need a program that "hangs out" all the time and randomly checks for >system corruption. [ ... ] I *REALLY* hate to contribute to this, but.... This is a bad idea. VCheck should most definitely not hang around in memory. If you want it available all the time, then put it in your startup-sequence. Not even VD0: automagically survives reboots (it has to be specifically re-mounted), and *it* has a legitimate excuse to do so. In my humble opinion, the *only* things that should be surviving reboots are resident libraries (those that have been RamKick'ed). Anything else hanging around would make me nervous. Besides, all some socially maladjusted ninny has to do is create a virus that survives reboots, and he calls it "VCheck 3.1". Ugh.... _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Leo L. Schwab -- The Guy in The Cape ihnp4!ptsfa -\ \_ -_ Recumbent Bikes: dual ---> !{well,unicom}!ewhac O----^o The Only Way To Fly. hplabs / (pronounced "AE-wack") "Work FOR? I don't work FOR anybody! I'm just having fun." -- The Doctor
bishop@skat.usc.edu (Brian Bishop) (01/22/88)
In article <4763@pyr.gatech.EDU> ccasttd@pyr.UUCP (Thomas M. Dixon Jr.) writes: >We need a program that "hangs out" all the time and randomly checks for >system corruption. Something that follows certain criterion for check >intervals but also checks willy-nilly to make it hard to defeat. This way >you all of a sudden get a system window saying "System Corruption Detected: >DF0: Boot Block Corruption." or the like. I think this config would be the >superior option. While I applaud the idea of virus-detectors, I think this idea is akin to taking a certain antibiotic once a day that kills a known (flu) bug. If you put it into general distributioon you will just be that much more susceptible to the next generation. The more 'automatic' we make these innoculations, the less prepared we will be. I think the parallels to human virii are very strong. brian bishop ---> bishop@usc-ecl.ARPA (uscvax,sdcvdef,engvax,scgvaxd,smeagol) ---> usc-skat!bishop.UUCP "You will be required to do wrong no matter where you go. It is the basic condition of life, to be required to violate your own identity. At some time, every creature that lives must do so. It is the ultimate shadow, the defeat of creation; this is the curse at work, the curse that feeds on all life. Everywhere in the universe." - Wilbur Mercer, founder of Mercerism have a nice day fnord.