news@udenva.cair.du.edu (netnews) (01/04/88)
At this time I would like to make a remark about the current
dangerous virus situation.
CRISIS CRISIS CRISIS CRISIS CRISIS CRISIS
YES, I am absolutely serious. I do not wish to sound unneccesarily
alarmist but the current situation calls for immediate action on the
part of the entire Amiga community and from COMMODORE.
Commodore should recognize this situation as EXTREMELY SERIOUS and
as a situation that could HURT AMIGA SALES, SCARE OFF DEVELOPERS, and
SCARE OFF BUSINESS CUSTOMERS. The previous Amiga virus was mentioned
the influential British business magazine The Economist. Imagine what
will happen in the press when word leaks about a CONFIRMED DANGEROUS
AMIGA VIRUS that has:
DESTROYED BUSINESS RECORDS
COMPLETELY ERASED A YEAR OF A DEVELOPER'S WORK
INFILTRATED SHRINK WRAPPED COMMERCIAL SOFTWARE
INFILTRATED EVERY CORNER OF THE AMIGA COMMUNITY
The Amiga is a sophisticated computer. Kludges like the Apple are less
subject to viruses because they have to be rebooted every time a new
program is used. Even IBMs are less subject to this type of software
virus because they are single tasks, so data disks are isolated. Since
the Amiga is a multi-tasking computer during the course of one session
half a dozen disks containing the the programs and data for as many
programs can be destroyed!
I am calling for ACTION. This means a concerted effort by the Amiga
community to locate and eradicate ALL viruses and find their sources.
This calls for MONEY from Commodore and other 3rd party developers
to organize this effort and to PUNISH to the MAXIMUM EXTENT OF THE LAW
anyone making these viruses. Additionally Commodore should mount a PR
effort to assure potential customers and dealers that the AMIGA is SAFE.
--
I am not speaking as an expert on the Amiga, viruses, or programming or
marketing. I am speaking as a concerned Amiga user who is using a reasonable
line of argument and has come to the conclusion that the Amiga Virus of
any type is seriously damaging to the Amiga.
--
===============================================================================
|| Paul Brody // The above is in no way meant to imply the ||
|| pbrody@udenva \\// opinions of the University of Denver ||
===============================================================================rwa@auvax.UUCP (Ross Alexander) (01/04/88)
In article <9659@udenva.cair.du.edu>, Paul Brody writes: > At this time I would like to make a remark about the current > dangerous virus situation. ... > CRISIS CRISIS CRISIS CRISIS CRISIS CRISIS ... > to organize this effort and to PUNISH to the MAXIMUM EXTENT OF THE LAW > anyone making these viruses. Additionally Commodore should mount a PR > effort to assure potential customers and dealers that the AMIGA is SAFE. Oh, my goodness. To quote Chicken Little, "The sky is falling, the sky is falling!!" All you need is a virus scrubber. CATS ought to be able to build one with their eyes shut. In the Un*x world, these sorts of things have been seen before, and dealt with. I'm sure you clever Amigans can do it as well as anyone else. In the mean time, put your shirt back on and do a little constructive reasoning. This thing can only be spread by receiving and booting an infected flop, right? So DON'T BOOT ANY FOREIGN FLOPS; copy them onto known clean flops, the boot sector isn't copied in a file-system-oriented copy (as opposed to a track-oriented copy). Consider this the software equivalent of condoms ;-). Yes, it is too bad that shareware/freeware/what-have-you-ware is not entirely trustable any more. If it's too much of a risk, do without. Or write it yourself. But _please_, don't panic and then start making demands which will require a police state to enforce. BTW, don't you think that your statement 'PR effort to ... is safe.' is the height of hypocrisy and the kind of disinformation that I, at least, normally associate with government security organizations (CSIS, NSA and the KGB spring unbidden to mind... :-) ? Not to mention that this would be totally counterproductive if, as you otherwise seem to be arguing, you want the Amy community to tighten up on security. I mean, either the amy is safe and you don't need to worry about virii, or it isn't and you do need to worry. PR is not the fix - PR is the _problem_, in this case. mutter grumble panicy users grumble hysteria mutter .... -- Ross Alexander, Sr Systems Programmer & Bottlewasher @ Athabasca University alberta!auvax!rwa PS: flames will be sent to Facilities, it's -35 and we need the heat. rwa
fnf@mcdsun.UUCP (Fred Fish) (01/05/88)
In article <9659@udenva.cair.du.edu> news@udenva.cair.du.edu (netnews) writes: >I am calling for ACTION. This means a concerted effort by the Amiga >community to locate and eradicate ALL viruses and find their sources. >This calls for MONEY from Commodore and other 3rd party developers >to organize this effort and to PUNISH to the MAXIMUM EXTENT OF THE LAW >anyone making these viruses. Additionally Commodore should mount a PR >effort to assure potential customers and dealers that the AMIGA is SAFE. This exact sentiment has recently been expressed on BIX, in the Amiga forum, with various people and organizations "pledging" various amounts of money towards a fund to provide rewards for information leading to the source of virus, and to cover legal expenses of initiating prosecution of those creating viruses. At last count, this was already at $1100 with only 3 pledges. Think what kind of numbers we would be talking about if every responsible Amigan pledged only $5 or $10. If it became standard knowledge in the Amiga community that a minimum reward of $10,000 was available for information leading to the arrest and conviction of these computer vandals, I bet they would have second thoughts about their hobby. The biggest problem with such an organized effort against virus creators is that nobody has yet stepped forward and offered to head up such an effort. I'd volunteer, but I simply don't have the time now. I will be willing to collect and forward pledges (the pledge, NOT the actual funds; send no money at this time) to whoever ends up heading up the antiviral effort. So send in those email pledges and postcards... Fred Fish 1346 W. 10th Place Tempe, Arizona 85281 -Fred ><> -- # Fred Fish hao!noao!mcdsun!fnf (602) 438-3614 # Motorola Computer Division, 2900 S. Diablo Way, Tempe, Az 85282 USA
sean@ms.uky.edu (Sean Casey) (01/05/88)
In article <9659@udenva.cair.du.edu> news@udenva.cair.du.edu (netnews) rants and raves: >I am calling for ACTION. This means a concerted effort by the Amiga >community to locate and eradicate ALL viruses and find their sources. >This calls for MONEY from Commodore and other 3rd party developers >to organize this effort and to PUNISH to the MAXIMUM EXTENT OF THE LAW >anyone making these viruses. Additionally Commodore should mount a PR >effort to assure potential customers and dealers that the AMIGA is SAFE. Boy this stuff has all the quality of USA Today. Commodore doesn't have a responsibility to prosecute the virus criminals any more than Chicago Cutlery has a responsibility to prosecute knife murderers. On the other hand, as I said before, what they *could* do was modify Kickstart so that the machine was less vulnerable. Are the 1.2 roms socketed? I hope so. Finally, would you or anyone else believe it if Commoore came out with a news release that said the Amiga was now safe? I think it would hurt their credibility more than help. Heck, I'd probably try to find ways to prove them wrong. Sean -- -- Sean Casey sean@ms.uky.edu, sean@UKMA.BITNET -- (the Empire guy) {rutgers,uunet,cbosgd}!ukma!sean -- University of Kentucky in Lexington Kentucky, USA -- "My feet are wet."
fiddler%concertina@Sun.COM (Steve Hix) (01/05/88)
In article <9659@udenva.cair.du.edu>, Paul Brody (pbrody@udenva) writes: > Kludges like the Apple are less subject to viruses because they > have to be rebooted every time a new program is used. Sigh. This hasn't necessarily been true at least as far back as the first Disk][ drive. Certainly not since hard disks became available to just plain folks... There's no need to reboot (excepting for initial startup) unless you're forced to run &^^$%#$ copy-protected software from its own disk, rather than a legitimate copy from a subdirectory of your hard disk. Let's not weaken arguments by using examples without basis in history or fact. > Even IBMs are less subject to this type of software virus because > they are single tasks, so data disks are isolated. You meant to say "single-tasking", and even with IBM machines, there are any number of programs that read/write data from/to other programs' output. (Amazing True Fact: There are some IBM personal computers that have had hard disks attached that have actually been seen to work! Some even have more than one program loaded and executable from the disk!) > Since the Amiga is a multi-tasking computer during the course of one > session half a dozen disks containing the the programs and data for > as many programs can be destroyed! If memory serves, I did the same sort of thing (admittedly sans multitasking!) in the normal course of events years ago on the Apple//s and Apple///s I used at worked in an earlier incarnation. Fortunately, no infected disks passed through my drives, as far as I know. > I am not speaking as an expert on the Amiga, viruses, or programming or > marketing. I am speaking as a concerned Amiga user who is using a reasonable > line of argument and has come to the conclusion that the Amiga Virus of > any type is seriously damaging to the Amiga. As such a virus would be damaging to any other machine (even though such lesser machines are understandably of less concern to this group). Virus distributors are, in any environment, inconsiderate, asocial (is that redundant?) entities. While shhoting them on sight might be a little extreme, perhaps the rack, or thumbscrews, could be profitably returned to service. seh
lishka@uwslh.UUCP (Christopher Lishka) (01/05/88)
In article <483@auvax.UUCP> rwa@auvax.UUCP (Ross Alexander) writes: >All you need is a virus scrubber. CATS ought to be able to build one >with their eyes shut. In the Un*x world, these sorts of things have >been seen before, and dealt with. I'm sure you clever Amigans can >do it as well as anyone else. > >In the mean time, put your shirt back on and do a little constructive >reasoning. This thing can only be spread by receiving and booting an >infected flop, right? So DON'T BOOT ANY FOREIGN FLOPS; copy them >onto known clean flops, the boot sector isn't copied in a >file-system-oriented copy (as opposed to a track-oriented copy). >Consider this the software equivalent of condoms ;-). I've got a question at this point. Can't one thwart the virus in the following manner? 1) Never NEVER boot from anything but an uninfected disk that has its write-switch on the "can't-write-to-this-disk" position. 2) When one gets a new non-commercial disk, *always* use INSTALL to overwrite anything in the boot-block, thereby killing off the virus. I may be missing something here...I am not sure. I haven't personally been infected YET, but then again I've only had my Amiga for a week now! >-- >Ross Alexander, >Sr Systems Programmer & Bottlewasher @ Athabasca University >alberta!auvax!rwa -Chris -- Chris Lishka /lishka@uwslh.uucp Wisconsin State Lab of Hygiene <-lishka%uwslh.uucp@rsch.wisc.edu "What, me, serious? Get real!" \{seismo, harvard,topaz,...}!uwvax!uwslh!lishka
holloway@drivax.UUCP (Bruce Holloway) (01/06/88)
In article <483@auvax.UUCP> rwa@auvax.UUCP (Ross Alexander) writes: >Oh, my goodness. To quote Chicken Little, > "The sky is falling, the sky is falling!!" You know, of course, that Chicken Little was actually falling off a barn, headfirst, and it wasn't the SKY that was FALLING.... (Relevance? You want RELEVANCE???)
rap@dana.UUCP (Rob Peck) (01/06/88)
In article <483@auvax.UUCP>, rwa@auvax.UUCP (Ross Alexander) writes: > > All you need is a virus scrubber. CATS ought to be able to build one > with their eyes shut. In the Un*x world, these sorts of things have > In the mean time, put your shirt back on and do a little constructive > reasoning. This thing can only be spread by receiving and booting an ?????? ^^^^ ?????????????????????????????????? > infected flop, right? So DON'T BOOT ANY FOREIGN FLOPS; copy them > onto known clean flops, the boot sector isn't copied in a > file-system-oriented copy (as opposed to a track-oriented copy). > Consider this the software equivalent of condoms ;-). As has been pointed out by others, though, the virus CAN be carried as a piggyback along with existing software, so YES, don't boot foreign flops, but maybe you might want to power down and reboot with your own clean floppy after running any software whose source might be suspect. (sigh - just realized I've contributed toward keeping the subject alive). But here are some more suggestions that I believe are valid, towards creating a virus eliminator - the system libraries are partially RAM resident when the system finally completes its boot up. After booting with a clean floppy, the system library list could be checked or checksummed perhaps to see if anything had left a patch behind, particularly in the cold capture or warm capture vectors. Sure, because of dynamic loading, the contents of the libraries might differ from boot to boot, but the places to which the vectors would point in ROM or Kickstart would still be the same. It seems that the things we have to worry about most are those that modify the system functions - since the kickstart and ROM memory areas cannot be written to, it is the RAM resident part that could be checked. Yes, it happens that some programs do not clean up after themselves properly, and even Intuition can cause memory fragmentation if you don't respond quickly to all messages it sends, but if a library checker program were to be created, it could be run as part of the startup-sequence perhaps (from that clean floppy, that is) and detect that there were some (perhaps unintentional) tracks left over from the previous program. Programs that write directly to physical memory as a means of hiding virus code could still do that, but if there is no link to the code through the system library entry points that we can check, it is just like any other dirty memory that a program used and then discarded. It'll get reused later on. Looking forward to a resolution of this topic - I would dislike having to take all of the steps necessary to protect myself - would hate to lose a bunch of work because of something I could have prevented. Maybe if this program does get created, I'd run it after any program that I myself did not compile, rather than power off. (sigh). Rob Peck ...ihnp4!hplabs!dana!rap
papa@pollux.usc.edu (Marco Papa) (01/06/88)
> I've got a question at this point. Can't one thwart the virus >in the following manner? > > 1) Never NEVER boot from anything but an uninfected disk that >has its write-switch on the "can't-write-to-this-disk" position. > > 2) When one gets a new non-commercial disk, *always* use >INSTALL to overwrite anything in the boot-block, thereby killing off >the virus. > >I may be missing something here...I am not sure. I haven't personally >been infected YET, but then again I've only had my Amiga for a week now! Yes, the above process will do it for the CURRENT crop of viruses, which started with the SCA virus. It won't do it the minute a virus is "attached" to a seemingly innocent PD program on a NON-bootable disk. When you run the program, the virus will become active, and will try to infect all the disks it can (All the ones without write protect). Besides infecting, it can also do other nasty things (like delete ALL your files on a hard disk, which normally does NOT have a hardware write protect). This type of virus/trojan horse/masquerader is hell for SYSOPS, which usually have 100+ Meg disks. In that case the usual recommendation is to try the program the first time on a michine NOT attached to the hard disk (for example without installing hddisk.device). It will also help to use TYPE file OPT h to inspect any instance of DH0:, DH1:, etc...). And of course this is nowhere close to take into account all possible cases. If you think that this is being paranoid, ask anyone of the major PC-DOS BBS Sysops. It has taken over two years for these things to start happening on the Amiga. The stated 500 thousands machines sold make it finally a mass market product, with all the good and bad things (i.e. viruses, widespread piracy) that come with that. The important thing here is to make people informed. Talking about these items at User Group meetings and make them understand the implications is a good start. In my opinion, Commodore has been extremely quick in the response (Vcheck1.0 was out just a few days after the SCA virus was reported). -- Marco
schein@cbmvax.UUCP (Dan Schein CATS) (01/06/88)
In article <297@uwslh.UUCP> lishka@uwslh.UUCP (Christopher Lishka) writes: > > I've got a question at this point. Can't one thwart the virus >in the following manner? > > 1) Never NEVER boot from anything but an uninfected disk that >has its write-switch on the "can't-write-to-this-disk" position. > > 2) When one gets a new non-commercial disk, *always* use >INSTALL to overwrite anything in the boot-block, thereby killing off >the virus. > >I may be missing something here...I am not sure. I haven't personally >been infected YET, but then again I've only had my Amiga for a week now! > I would not bet that the above methods will prevent you from getting a virus (because we have no idea of the evil still awating us), but I would place a bet that the above will prevent you from getting the currently known (to CBM anyway) virus strains that are out there. > -Chris -- Dan Schein uucp: {ihnp4|allegra|burdvax|rutgers}!cbmvax!schein Commodore AMIGA ARPANET: cbmvax!schein@uunet.uu.net 1200 Wilson Drive Bix: dschein Plink: Dan*CATS West Chester PA 19380 phone: (215) 431-9100 ext. 9542 +----------------------------------------------------------------------------+ All spelling mistakes are a result of my efforts to avoid education :-) +----------------------------------------------------------------------------+ I help Commodore by supporting the AMIGA. Commodore supports me by allowing me to form my own suggestions and comments.
jim@coplex.UUCP (Jim Sewell) (01/08/88)
In article <9659@udenva.cair.du.edu>, news@udenva.cair.du.edu (netnews) writes: > I am calling for ACTION. This means a concerted effort by the Amiga > community to locate and eradicate ALL viruses and find their sources. > This calls for MONEY from Commodore and other 3rd party developers > to organize this effort and to PUNISH to the MAXIMUM EXTENT OF THE LAW > anyone making these viruses. Additionally Commodore should mount a PR > effort to assure potential customers and dealers that the AMIGA is SAFE. > ============================================================================== > || Paul Brody // The above is in no way meant to imply the || > || pbrody@udenva \\// opinions of the University of Denver || > ============================================================================== I agree with your concern. These viruses are a problem to both the health of our systems and to our community as a whole. I do think, however, that the "excessive force" you suggest to stop these immaturish and dangerous pranks may tend to force them to increase their activity. First of all, until you can convince the virus writers they CAN be caught (of which I am unsure) they will not fear the penalty. Secondly, considering their mentality, they may consider it a game of Blind-Man's-Bluff. Commodore is blind folded and they run around taking pot shots at it while staying safely out of both its sight and reach. ================================================================================ Jim Sewell "Make knowledge free!" {husc6 | mit-eddie}!bloom-beacon!coplex!jim "Just let me get my hands on him!"
amiguy@pnet01.cts.com (Sean Wolfe) (01/08/88)
"A little extra protection...."
A friend suggests putting "Install DF0:" in the startup sequence of
your important boot disks. Of course you have to leave them unprotected....
.Just a thought...
AmiGuybill@cbmvax.UUCP (Bill Koester CATS) (01/09/88)
In article <2305@crash.cts.com> amiguy@pnet01.cts.com (Sean Wolfe) writes: >"A little extra protection...." > A friend suggests putting "Install DF0:" in the startup sequence of >your important boot disks. Of course you have to leave them unprotected.... > I did this back when I was investigating the original SCA virus. Even if the virus is in memory and infects your disk the disk will be cleaned when startup-sequence executes. This way you know your disk will be clean when you power down. Just don't try it on any commercial products or games!!!! -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bill Koester (CATS) >>Commodore Amiga Technical Support<< Commodore International Ltd. UUCP ..{allegra|burdvax|rutgers|ihnp4}!cbmvax!bill PHONE (215) 431-9355