marge@vu-vlsi.Villanova.EDU (Marge Luecke) (07/22/88)
THIS IS A PLEA FOR HELP!!!!! If anybody has ANY infromation on Computer Viruses, Immunizations, etc., please forward the infromation. I am working on a senior project on computer viruses. I would like to try to write an immunization program, however, I cannot obtain enough information from published literature to do so. How do viruses work inside the computer. What are some present methods of detection? Are there any public domain immunization programs available? Where? Somebody wrote in one article that one could write a virus using the pc-dos appendices as reference...I looked this up and was not too successful... how do I do this?...What was meant by this? What are some infected programs which were available? What is the SCORES virus? How about VirusX?, etc... Thank you, Marge Luecke Senior EE, Villanova University P.S. I can be reached several ways: 1. This computer system. 2. FAX: (609) 723-8461 (USA) 3. Mail: Marge Luecke 980 Wakeling Street or Dept. of EE Philadelphia, PA 19124 Tolentine Hall USA Villanova University Villanova, PA 19085 USA 4. PHONE: (215) 645-4970 Day (215) 537-9633 Evening
avenger@runx.ips.oz (Troy Rollo ) (07/24/88)
I was recently asked to consider this problem. The easiest solu- tion I came up with was to write a Virus Immunisation Program (VIP) which calculated cyclic redundancy check numbers for each file on a given device and stored these numbers on a safe medium prior to backup. Regular checks could be made using the VIP, and if the CRC on any program (exe- cutable, source, object or script) does not match (and should not have been modified) the suspect file should be restored from the backup medium. Precautions: 1) The machine should never automatically boot from the hard disk. The operating system on that disk may be infected, and if you subsequently run your backup program or VIP, they may become infected. 2) The machine should be turned off before running either the backup program or the VIP for much the same reasons as (1). 3) Along the same lines as (1) and (2), the backup program and VIP should be contained on separate floppy disks, each with its own operating system. ---------------------------------------------------------------- Internet: avenger@runx.ips.oz.au UUCP: uunet!runx.ips.oz.au!avenger "Watch out for Gobbledocks - they'll steal all your silicon chippies"
cr1@beach.cis.ufl.edu (Christopher Roth) (01/10/90)
Hi all, Hi there. I'm an ST user who has had his share of viruses. I must say, I am glad for things like Virus Killer 2.2. To get back to the point though, I have heard of things called antibodies, that sit in your boot sector and do something like flash the screen . The idea being that if a virus hits and writes over the antibody, you will notice the screen not flashing. Is there currently a program to install something like this out? What would be nice is a formatter that has this as an option. What would be nicer is if the makers of DCFORMAT would add this as an option... -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= * Christoper Roth * "Machines have no * InterNet : cr1@beach.cis.ufl.edu * Conscience..." =-=-=-=-=-=-=-=-=-=-=-=-=-Post No Bills-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
woodside@ttidca.TTI.COM (George Woodside) (01/11/90)
In article <21702@uflorida.cis.ufl.EDU> cr1@beach.cis.ufl.edu (Chris Roth) writes: ...[edited]... >...I have heard of things called antibodies, that sit in >your boot sector and do something like flash the screen . The idea >being that if a virus hits and writes over the antibody, you will >notice the screen not flashing. Is there currently a program to >install something like this out? There are two such "anti-virus" programs that I have copies of. One spreads itself across disks, just like a virus would. That is, in my opinion, unacceptable. The other can be manually installed on a disk, and will do something like what you ask. I can post it, after I find time to set up a reasonable install program. It will take a little while, though, since I'm a little short on spare time... -- * George R. Woodside - Citicorp/TTI - Santa Monica, CA * * Path: woodside@ttidca * * or: ..!{philabs|csun|psivax}!ttidca!woodside *
ljdickey@water.waterloo.edu (L.J.Dickey) (01/15/90)
In article <21702@uflorida.cis.ufl.EDU> cr1@beach.cis.ufl.edu (Chris Roth) writes: | I have heard of things called antibodies, that sit in | your boot sector and do something like flash the screen . The idea | being that if a virus hits and writes over the antibody, you will | notice the screen not flashing. This is the first I have heard of this idea, and I find it interesting. But I think it would drive me crazy. Does anyone have experience with something like this? -- L. J. Dickey, Faculty of Mathematics, University of Waterloo. ljdickey@water.UWaterloo.ca ljdickey@water.BITNET ljdickey@water.UUCP ..!uunet!watmath!water!ljdickey ljdickey@water.waterloo.edu
steveg@SAIC.COM (Stephen Harold Goldstein) (01/16/90)
The only problem with an 'anti-body' program is that some jerk will no doubt create a virus that 'looks' like an antibody program, flashing the screen, etc, so you think you're safe, when in fact you're being infected. The best defense would be source code to an anti-body program so that you could customize the bootup action. If my disk boots and says "Steve Goldstein, this disk is safe" I can be pretty sure it's MY message, and not a deviant strain of a 'public' anti-body program with a much more generic message.
econadm5@watserv1.waterloo.edu (BENTLEY BH - ECONOMICS) (01/16/90)
In article <2900@water.waterloo.edu> ljdickey@water.waterloo.edu (L.J.Dickey) writes: >In article <21702@uflorida.cis.ufl.EDU> cr1@beach.cis.ufl.edu (Chris Roth) writes: > > | I have heard of things called antibodies, that sit in > | your boot sector and do something like flash the screen . The idea > | being that if a virus hits and writes over the antibody, you will > | notice the screen not flashing. > >This is the first I have heard of this idea, and I find it interesting. >But I think it would drive me crazy. > >Does anyone have experience with something like this? > Not yet but an offshoot idea from that one is to make a small accessory that when anything is written to the boot sector of the A or B disk drive the screen flashes and the info or the Sector number can be display momentarily, if this occurs and option to immunize the disk comes up and allows you to clear away a virus. I have started to work on such a program already in a different manor to protect my bbs from Back doors. If you want ill do this simple program on the side as I work on the Back door Killer. Dave Tomesch, Super BBS (519) 749-1206, Kwest Co-Chairman, StarTrak Inc. " Never say Never"
neil@cs.hw.ac.uk (Neil Forsyth) (01/16/90)
In article <2900@water.waterloo.edu> ljdickey@water.waterloo.edu (L.J.Dickey) writes: >In article <21702@uflorida.cis.ufl.EDU> cr1@beach.cis.ufl.edu (Chris Roth) writes: > > | I have heard of things called antibodies, that sit in > | your boot sector and do something like flash the screen . The idea > | being that if a virus hits and writes over the antibody, you will > | notice the screen not flashing. > >This is the first I have heard of this idea, and I find it interesting. >But I think it would drive me crazy. > >Does anyone have experience with something like this? Well not quite. Some time ago I wrote a whole bunch of virus protection programs. Our darling little students keep bringing the little b*gg*rs in on their disks you see. Anyway I haven't touched them in a while but most folk think that they are pretty good so I'll post them to the binaries group. One of them does flash the screen, but only if you run into trouble not the other way around. >-- > L. J. Dickey, Faculty of Mathematics, University of Waterloo. > ljdickey@water.UWaterloo.ca ljdickey@water.BITNET > ljdickey@water.UUCP ..!uunet!watmath!water!ljdickey > ljdickey@water.waterloo.edu +-----------------------------------------------------------------------------+ ! DISCLAIMER: Unless otherwise stated, the above comments are entirely my own ! ! ! ! "I think all right thinking people in this country are sick and tired of ! ! being told that ordinary decent people are fed up in this country with ! ! being sick and tired. I'm certainly not and I'm sick and tired of being ! ! told that I am!" - Monty Python ! ! ! ! Neil Forsyth JANET: neil@uk.ac.hw.cs ! ! Dept. of Computer Science ARPA: neil@cs.hw.ac.uk ! ! Heriot-Watt University UUCP: ..!ukc!cs.hw.ac.uk!neil ! ! Edinburgh, Scotland, UK ! +-----------------------------------------------------------------------------+
neil@cs.hw.ac.uk (Neil Forsyth) (01/17/90)
In article <9001151627.AA03713@CASPIAN.SAIC.COM> steveg@SAIC.COM (Stephen Harold Goldstein) writes: >The only problem with an 'anti-body' program is that some jerk will >no doubt create a virus that 'looks' like an antibody program, >flashing the screen, etc, so you think you're safe, when in fact >you're being infected. The best defense would be source code to >an anti-body program so that you could customize the bootup action. >If my disk boots and says "Steve Goldstein, this disk is safe" >I can be pretty sure it's MY message, and not a deviant strain of a >'public' anti-body program with a much more generic message. Well I just submitted by mail my whole virus protection kaboodle to the address given by Stephen Grimm on the net so hopefully you'll see them in the binaries group soon. If not I'll post them there myself. One of the programs does exactly what you want with the boot sector. +-----------------------------------------------------------------------------+ ! DISCLAIMER: Unless otherwise stated, the above comments are entirely my own ! ! ! ! "I think all right thinking people in this country are sick and tired of ! ! being told that ordinary decent people are fed up in this country with ! ! being sick and tired. I'm certainly not and I'm sick and tired of being ! ! told that I am!" - Monty Python ! ! ! ! Neil Forsyth JANET: neil@uk.ac.hw.cs ! ! Dept. of Computer Science ARPA: neil@cs.hw.ac.uk ! ! Heriot-Watt University UUCP: ..!ukc!cs.hw.ac.uk!neil ! ! Edinburgh, Scotland, UK ! +-----------------------------------------------------------------------------+