jbn@glacier.STANFORD.EDU (John B. Nagle) (01/03/88)
Clearly one of the major priorities is to protect original copies of software from corruption. In the 5.25" market, much software is distributed on disks that have no write-protect notch and thus cannot be overwritten on ordinary disk drives. (Production disk copiers, the big machines which feed disks from a hopper, will write on "write-protected" disks.) The 3.5" market needs to go in this direction. One could certainly get disks without write-permit sliders if you ordered a large enough quantity. This is "tamper-resistant packaging" for software. That's a first step. Software vendors must be very careful to avoid the distribution of contaminated disks. Any vendor that lets a product out with a virus in it will face litigation and major adverse publicity. Thorough and prolonged beta testing of new products will be necessary. This may slow down the product release cycle. Over the next few years, we may expect to see more virus programs. But in the future, they may be introduced with more deliberate intent and more precise targeting. Imagine, for example, a virus that does damage only to large spreadsheet data files, changing only a few bits here and there. Such a virus could pass invisibly through the hobbyist community and developers, who are generally not heavy spreadsheet users. It might find its way into various commercial products without being detected. Once inside a big company, it would eventually be noticed that the numbers in spreadsheets were sometimes wrong, but it could be some time before the cause was deduced. The end result might be a general conclusion that some software package or computer system was unreliable. Some group such as the Greens (the European environmental/antitechnology movement) might get into virus programs; they're already into minor sabotage. This has the potential to become a minor weapon of international terrorism. From the terrorist's point of view, the risks are low, the damage is to large institutions, and the amount of effort required to mount a defense is much larger than that required to mount an attack. In addition, such attacks will not produce the degree of public opposition and police activity that physical terrorism does. It's not clear how severe the problem will get. But it will probably get worse before it gets better. John Nagle
brianr@tekig4.TEK.COM (Brian Rhodefer) (01/05/88)
Many posters have recommended the practice of keeping one's bootable disks write-protected. It is my understanding though, that the sensor switch for the "write protect" tab does nothing more than "advise" the Amiga's software that it oughtn't write to the disks. With the ability to replace seemingly any OS firmware one wishes (e.g. warm-reset code) with virus code, how much protection does "write-protect" really afford? Could it deter a program which instructed the hardware to: "Turn motor ON. Load Heads. Turn Write Current ON. Repeat: (Delay, Step Heads)" ? Perhaps someone from Commodore could allay these fears. If they're legitimate, however, perhaps C-A could advise how the drives might be modified so that their write-protect switches WORK IN HARDWARE BY DEFEATING THE WRITE-CURRENT TO THE LOVEMAKING HEADS, as W-P SWITCHES OUGHT. A concerned novice, Brian Rhodefer
page@ulowell.cs.ulowell.edu (Bob Page) (01/05/88)
The only way to stop virus programs is to compile every program you use from source, and have faith in your compiler supplier. Having source to the compiler doesn't help, since something has to compile that. Since recompiling everything isn't possible, the hacker community needs to determine the KINDS of germs possible, and ways to stop them. The first line of defense is to write protect all your disks. Doing this from a hard disk isn't usually easy. Even if you can write protect everything, you need to un-protect something once in a while, to save your letter, your game's high score, download from a BBS, etc. You'll need a daemon to catch disk writes and allow you to examine the request before the write is attempted. Such a scheme is not foolproof - even if you can tell the user "program 'foo', task number 3, wants to write 128 bytes to 'Game2:' block 16, here is the data, OK to write?" the user can't always tell what the hex dump means. Asking for verification for each write is pretty time consuming; the user will stop looking at the requester after a while. A similar but more do-able scheme is to incorporate a super Virus Check program to wedge itself into the background and look for particular write requests. I'll call it vcheckd, for Virus Check Daemon. When it sees requests matching a particular pattern (some data pattern, some physical block number, etc) it THEN asks for confirmation. Users never see the requester unless there is a possible problem. The Amiga community is pretty well-connected, so tell-tale patterns of new viruses can be added to vcheckd quickly .. say by editing a data file or recompiling the program. We'll then have to watch out for vcheckd killers. Vcheckd has to disguise itself; it's not easy but it can be done. Changing port names and task names is easy, but there are more subtle things a germ can look for, like text size, stack size, a pattern of instructions, etc. Lastly, these germs can re-vector the code vcheckd is watching, so vcheckd will ALSO have to watch for attempts to SetFunction and otherwise generally try to arm itself as well as possible. Of course, anything that attempts to kill vcheckd AND spread a virus will take some time, and should be detected quickly. Is vcheckd a formidable task? Maybe. It depends on how nasty the germs and germ-writers get. But let me point out that you don't need to write to a boot block or warm-start vector to be a virus, and I think the next couple of generations of germs will be nasty. The Amiga camp is not alone in fighting viruses. There are a couple of viruses on the PC right now, one of my friends tells me. A few years ago grad students at some University were studying viruses, worms and other germs ... there should be more suggestions, more things to watch for, more defenses, etc. out there if we can find them. jbn@glacier.STANFORD.EDU (John B. Nagle) wrote: >Some group such as the Greens (the European environmental/antitechnology >movement) might get into virus programs; they're already into minor sabotage. I wouldn't get so paranoid about it. Think about defeating viruses like you think about defeating copy-protection. Viruses can do more damage, but they're only in software, so they're easier to defeat, once detected. Unfortunately new viruses will emerge and spread for a while until they can be detected and treated, but if detected early enough, the damage they do to the Amiga community will be minimal. In the meantime, the BEST prevention against the spread of any virus is EDUCATION. All Amiga owners must be made aware of what a virus is, how it infects the system and what can be done about it, if anything. And back up your important files. ..Bob -- Bob Page, U of Lowell CS Dept. page@ulowell.edu ulowell!page "I've never liked reality all that much, but I haven't found a better solution." --Dave Haynie, Commodore-Amiga