alanjsh@ibmpcug.co.uk (Alan Jay) (01/26/90)
One of the problems of anti-virus software is the false alarm. I have recently come across an anti-virus program that in its self- unarcing state was reported to be a virus by two other virus checking programs. This week a disk went out with PC-Plus (the UK Computer magazine) it contained a 5 byte program called 'coldboot' which reboots your PC. Unfortunately one of the virus checking programs checks the first 5 bytes of a program to see if they initiate a cold boot. This is one of the symptoms of the 648 virus in its field form (one in eight infections lead to the newly infected program having the first five bytes being overwritten by the reboot sequence). Therefore in a number of large companies this week, when the disk arrived the standard anti-virus measures were run a virus alert was sounded. The program on this disk (coldboot) is not a virus and it does exactly what it is expected to do reboot your computer. What can we learn from this? Firstly use more than one virus checking program (remember to use them to check each other). If you get a virus warning from one program but not the other then you need to investigate further before shouting fire. The one thing that is going to worse than not using anti-virus software is using it and creating false alarms. When the real thing comes along we will have become blase. Alan Jay -- Automatic Disclaimer: The views expressed above are those of the author alone and may not represent the views of the IBM PC User Group. -- Alan Jay - Editor Connectivity The IBM PC User Group, PO Box 360, Tel. 01-863 1191 Fax: 01-863 6095 Harrow HA1 4LQ, ENGLAND Email: alanj@ibmpcug.CO.UK Path: ..!ukc!ibmpcug!alanj *** For all users of IBM PC & ALL Compatibles *** (+ Standard Disclaimer)