BILLW@DANBURY.EMIS.hac.com (DANBURY -BILLW) (04/18/91)
In reply to the comments concerning mainframe viruses, in particular, viruses infecting IBM VM systems: It would be very difficult for a virus to infect any shared system progam because of the write protection enforced on shared disks. This protection is maintained at the "hypervisor" level and cannot be circumvented by any "ordinary" user. Of course a system type could open the problem up by virtue of having write access to the common disks. With the advent of the new shared file system on VM this protection is more vulnerable but with proper system controls should be manageable. Of course user programs could easily become infected by virtue of the user having write access to his own disks. Viruses for mainframe (again I'm referring to VM/CMS) software are very easy to do. We even employ a program which is a form of virus for our program accounting system. We knowingly infect the accountable programs with this "virus" which then reports (silently) to a central server, the begin and end of execution of each program. This accounting virus even loads and executes other programs without the user having any knowledge of its doing so. We attach this "virus" to other vendor's software completely without any provision being made for its attachment. It simply does what many other PC-style viruses does and inserts itself as the entry point of the program. The reason that I think this hasn't caught on as a malicious virus is because of the above restriction on common programs. Most users don't write their own programs and therefore don't provide a fertile environment for the spread of that sort of virus. And I sure hope it stays that way. Bill Waggoner "Generic cute quote." - Anonymous