ford@crash.CTS.COM (Michael Ditto) (10/05/87)
In article <15589@amdahl.amdahl.com> kim@amdahl.amdahl.com (Kim DeVaughn) writes: [ quote from CI$: ] >>Fm: Bill Leach 71330,2621 >>To: Larry Phillips/SYSOP 76703,4322 >> >>Larry: >> >> I would have to be safe. Write protection is a hardware function >>of the disk drive. >> Just a warning: Write protection is REPORTED by the drive, NOT ENFORCED by it. the trackdisk.device does enforce it, though, and I doubt there's enough space in the boot block for low-level disk I/O routines. So, write- protected disks are PROBABLY safe. It would be nice if someone verified this, though. -- Michael "Ford" Ditto -=] Ford [=- P.O. Box 1721 ford@crash.CTS.COM Bonita, CA 92002 ford%oz@prep.mit.ai.edu
bryce@hoser.berkeley.edu (Bryce Nesbitt) (10/06/87)
In article <1818@crash.CTS.COM> ford@crash.CTS.COM (Michael Ditto) writes: >In article <15589@amdahl.amdahl.com> kim@amdahl.amdahl.com (Kim DeVaughn) writes: >>> I would have to be safe. Write protection is a hardware function >>>of the disk drive. > >Just a warning: >Write protection is REPORTED by the drive, NOT ENFORCED by it. the >trackdisk.device does enforce it, though... Write protect >is< ENFORCED by the drive, and checked by trackdisk. "Every" is such a strong word, but I'm brave: Every floppy disk drive ever sold for the Amiga enforces write protect internally. Except for bare drive units without any electronics, I don't think it is possible to purchase a drive that does not. (Without some special order). (What? A standard? Among bickering drive manufacturers?) Write-protect your disks and feel safe. Wish that hard drive manufacturers had also considered this feature. Or add it yourself. |\ /| . Ack! (NAK, ENQ, SYN) {o O} . (") bryce@hoser.berkeley.EDU -or- ucbvax!hoser!bryce U How can you go back if you have not yet gone forth?
richc@vaxwaller.UUCP (Rich Commins) (10/06/87)
In article <4163@zen.berkeley.edu>, bryce@hoser.berkeley.edu (Bryce Nesbitt) writes: > Write-protect your disks and feel safe. Wish that hard drive manufacturers > had also considered this feature. Or add it yourself. ^^^^^^^^^^^^^^^^^^ I own a Xebec 20 Meg hard disk and would love to have a write protection feature. This dirve is SCSI and doesn't support write protect for my partitions. My question: Is it possible to write a software write protection program that would stay in the background and write protect my 4 partitions? -- -- Rich Commins (415)939-2400 \ /\ Varian Instruments, 2700 Mitchell Drive, Walnut Creek, CA 94598 \/--\ {ptsfa,lll-crg,zehntel,dual,amd,fortune,ista,rtech,csi,normac}varian!richc
blgardne@esunix.UUCP (Blaine Gardner) (10/07/87)
in article <15589@amdahl.amdahl.com>, kim@amdahl.amdahl.com (Kim DeVaughn) says: > The following was downloaded from the FAUG (First Amiga Users Group) BBS. > Seems like we've been spared such crap until now, but this highly disturbing > notice shows we are not immune to attacks on our machines by the "Dark Side > of the Force"! > Any further information on this (or other such nastiness) would be greatly > appreciated! > A local user has taken a strong interest in this virus, here is what he has told me about it. It is located in the boot blocks as mentioned, and INSTALL will kill it. The only way to be sure you've eradicated the virus is to examine ALL the floppies you may have had in the machine when they were write-enabled. If they show the smart-aleck message, install them. The easier approach may be to just run install on all your suspect disks. The virus loads itself into the reset handler, and when you do a warm boot (Ctrl-A-A) it writes itself into the boot block of all the disks available in drives. If the disk is write-protected, the virus puts up a phony recoverable alert (guru). I guess this might be to persuade you to remove the write-protect, so that it can spread itself further. He says that the virus has several stages: first it quietly spreads itself onto as many of your disks as possible. On every reset it increments a counter, and when it reaches a limit (10 or 20?) it puts up the "gotcha" message. The counter continues to increment, and then engages the final stage which is trapping the Ctrl-A-A reset. Once it does this you have to shut the machine down and re-Kickstart since Ctrl-A-A no longer returns you to the Workbench prompt. As far as he has been able to determine, the virus does not engage in any disk destruction or other really nasty stuff. However I would consider losing my VD0: contents to a cold boot pretty hostile action. The above comments about incrementing the booby-trap timer apply to EVERY disk infected by the virus of course, so it's important to kill every occurance of it, or you'll soon be re-infected. Install is a pretty simple way to solve this program, but he was thinking of writing a little program to automatically look for and kill the virus. Should I encourage him to do so? I almost seems that we got lucky this time, and that the virus isn't as bad as some of the IBM-PC trojans that I've heard about. Maybe I'm a bit paranoid, but how many of you read the EXECUTE.ME files that often accompany .ARC files? All it would take is for some sick soul to add a little "delete...." to an ordinary rename script. Since this possiblity occured to me (prompted by a discussion in Risks several months ago), I've made it a point to read all EXECUTE.ME's before executing them. Maybe a little extra trouble, but I like to know what's going on in my machine. The big question is: does anyone know how this virus got into the country? -- Blaine Gardner @ Evans & Sutherland 540 Arapeen Drive, SLC, Utah 84108 UUCP Address: {ihnp4,ucbvax,decvax,allegra}!decwrl!esunix!blgardne {ihnp4,seismo}!utah-cs!utah-gr!uplherc!esunix!blgardne "I don't see no points on your ears boy, but you sound like a Vulcan!"
keithd@cadovax.UUCP (Keith Doyle) (10/13/87)
In article <515@esunix.UUCP> blgardne@esunix.UUCP (Blaine Gardner) writes: >The big question is: does anyone know how this virus got into the >country? Another big question is, is what is the virus generator program masquerading as? Some kind of utility or killer demo program I expect. Anyone know which one so I can treat any such programs on BBS's with an extra level of scrutiny? Keith Doyle # {ucbvax,decvax}!trwrb!cadovax!keithd Contel Business Systems 213-323-8170
haitex@pnet01.cts.com (Wade Bickel) (10/21/87)
Would you please explain what this "virus" thing is? I keep
reading these messages and am confused.
Wade.
UUCP: {cbosgd, hplabs!hp-sdd, sdcsvax, nosc}!crash!pnet01!haitex
ARPA: crash!pnet01!haitex@nosc.mil
INET: haitex@pnet01.CTS.COM