vrm@blackwater.cerc.wvu.wvnet.edu (Vasile R. Montan) (04/11/91)
I heard a disturbing rumor today: someone told me that there is a new Mac virus that somehow physically damages the hard drive, requiring that it be sent back to the manufacturer for a costly repair. Is this true? If so, how does the virus work, and how can I protect myself from it? Will Disinfect catch it? --Kurisuto un020070@vaxa.wvnet.edu
time@ice.com (Tim Endres) (04/11/91)
In article <1573@babcock.cerc.wvu.wvnet.edu>, vrm@blackwater.cerc.wvu.wvnet.edu (Vasile R. Montan) writes: > I heard a disturbing rumor today: someone told me that there is > a new Mac virus that somehow physically damages the hard drive, > requiring that it be sent back to the manufacturer for a costly > repair. > > Is this true? If so, how does the virus work, and how can I > protect myself from it? Will Disinfect catch it? People who start these rumors are as bad as the people who write viruses! I know of no way for a piece of software to *physically* damage a generic drive. There may be some unfortunate drive someplace that can be physically damaged by some sequence of requests, but I seriously doubt it!!! It may be possible to do a low level format of the medium making it unusable, BUT this would vary from drive to drive and not work on many of them, so the probability of this is about zero. I would recommend a trip to 714 and a warm calming bath. tim. ------------------------------------------------------------- Tim Endres | time@ice.com ICE Engineering | uupsi!ice.com!time 8840 Main Street | Voice FAX Whitmore Lake MI. 48189 | (313) 449 8288 (313) 449 9208
bin@primate.wisc.edu (Brain in Neutral) (04/12/91)
From article <1CE00001.cjpdlcx@tbomb.ice.com>, by time@ice.com (Tim Endres): > I know of no way for a piece of software to *physically* damage a > generic drive. There may be some unfortunate drive someplace that > can be physically damaged by some sequence of requests, but I seriously > doubt it!!! It may be possible to do a low level format of the medium > making it unusable, BUT this would vary from drive to drive and not > work on many of them, so the probability of this is about zero. One certainly hopes this is not true. On the other hand there is a way, in software, to burn out certain IBM PC monitors. So perhaps it is possible. Of course, that was with PC's. :-) -- Paul DuBois "The 'C' shell usually doesn't dubois@primate.wisc.edu have job control." -- LAN TIMES
kent@visix.com (Ken Turner) (04/12/91)
In article <1CE00001.cjpdlcx@tbomb.ice.com>, time@ice.com (Tim Endres) writes: > > In article <1573@babcock.cerc.wvu.wvnet.edu>, vrm@blackwater.cerc.wvu.wvnet.edu (Vasile R. Montan) writes: > > I heard a disturbing rumor today: someone told me that there is > > a new Mac virus that somehow physically damages the hard drive, > > requiring that it be sent back to the manufacturer for a costly > > repair. > > [...worrying deleted] > > People who start these rumors are as bad as the people who write viruses! > > I know of no way for a piece of software to *physically* damage a > generic drive. There may be some unfortunate drive someplace that > can be physically damaged by some sequence of requests, but I seriously > doubt it!!! It may be possible to do a low level format of the medium > making it unusable, BUT this would vary from drive to drive and not > work on many of them, so the probability of this is about zero. > It is possible that someone, with enough SCSI knowledge, could screw up any hard drive enough (though not physically damaged) to be complete useless and unfixable for the average user. However, it's more likely that your hard drive will become completely useless and unfixable all on its own! :~) People who make regular back-ups sleep better at night. Ken Turner Visix Software Inc.
jamesth@microsoft.UUCP (James THIELE) (04/13/91)
In article <1CE00001.cjpdlcx@tbomb.ice.com> time@ice.com writes: > >I know of no way for a piece of software to *physically* damage a >generic drive. There may be some unfortunate drive someplace that >can be physically damaged by some sequence of requests, but I seriously >doubt it!!! Perhaps not for a Mac, but back in those bygone days when men were men, women were women, and disk drives were as big as washing machines (say, the '60s and '70s), lots of mainframe computers were able to make their disk drives walk across the machine room ("Machine *room*?? You mean that they built computers that didn't fit on a desktop?" "Yep."). Sometimes they did a lot of damage, including damaging themselves. Perhaps this still happens - lately I've been trying to avoid mainframes. :-) James Thiele microsoft!jamesth
ts@cup.portal.com (Tim W Smith) (04/16/91)
Here are several ideas as to how one might do something to a disk drive that will either break it, or convince the average user that it is broken. 1. It is possible that some drives have commands meant for use only in the factory that can overwrite various internal data structures such that the drive must be sent back to the factory to be revived. At one time there was a proposal before the SCSI-2 committee to standardize various diagnostic commands, and I believe such dangerous commands were included. These were not put in the standard, but the fact that someone proposed them indicates that there is someone out there who thinks this kind of command is OK. It would not surprise me if these people include such commands as vendor unique commands in their drives. 2. It is possible that some virus author has found a firmware bug in some drive that lets the drive be screwed up. There are bugs in drive firmware. For example, the Sony 40 meg drive that Apple sells violates the SCSI standard in certain areas of message handling (I don't remember the exact sequence that causes this - sorry). 3. Most likely, it just plays around with the mode select command. SCSI-1 specified almost nothing about what this command actually did. The CCS specifed many of the mode select options, I believe, but there are a lot of things that go beyond CCS that drive vendors implemented. When one develops a SCSI disk installer for the Mac, one can build in knowledge of the particular drives that one is selling, and thus know how to set up all the mode select options the way one wants. However, programs that are willing to work with "generic" drives might not be able to set such a drive to a reasonable state if a virus that knew about that drive went out and diddled it. For example, some drives have an option to not spin up until the host sends a START UNIT command. I believe that some drives allow this option to be selected by software. If a virus set this option, that drive would look broken to a lot of software. If this option is in a mode select page your installer does not know about, you are screwed. 4. Some drives let you set the SCSI ID in software. If the virus set the ID to 7, it would look like a dead drive. I've never experimented with drives that allow this, so I don't know how permanent it would be (e.g., would the drive notice a change in the jumper settings and interpret this as meaning you now want to get the ID from the jumpers instead of from the saved value?), but this could be real nasty. 5. Some drives have command that let you read and write extra data. You get the sector you asked for PLUS the ECC data. Writing bad ECC data to random sectors could convince a user that the drive has hardware problems. 6. Some drives let you change the block size without reformatting. Changing the block size to 1K would screw up a lot of software. Most installers would probably decide that the drive is broke. 7. Issue a bunch of commands to remap bad blocks until the bad block table in the drive is full. Now wait till the user gets a new bad block and runs the installation software to deal with it. When the installation sofware encounters a full bad block table, it is likely to report that the drive is in the process of dying. To summarize, it is remotely possible that a virus is screwing disks sufficiently to require them to be sent back to the manufacturer. It is more likely, in my opinion, that it is simply doing something that confuses the Mac so that the user thinks that something is wrong, and confuses the installation software from the drive vendor, so that the user decides that the problem is a hardware error. Tim Smith
ksand@Apple.COM (Kent Sandvik, 120dB or more) (04/24/91)
In article <71828@microsoft.UUCP> jamesth@microsoft.UUCP (James THIELE) writes: >Perhaps not for a Mac, but back in those bygone days when men were men, >women were women, and disk drives were as big as washing machines (say, >the '60s and '70s), lots of mainframe computers were able to make their >disk drives walk across the machine room ("Machine *room*?? You mean that >they built computers that didn't fit on a desktop?" "Yep."). Sometimes >they did a lot of damage, including damaging themselves. > >Perhaps this still happens - lately I've been trying to avoid >mainframes. :-) "Devouring Fungus" by Jennings contains a lot of this computereese folklore. Kent -- Kent Sandvik, DTS junkie