padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) (04/11/91)
>From: sharp@mizar.usc.edu (Malcolm Sharp) >In the April 1, 1991 issue of Infoworld, John Gantz in his column >"Tech Street" warned of a virus called "AF/91"... >In the same issue, columnist Robert Cringely discussed Windows 3.0 >vulnerability to viruses saying it "has lots of holes for custom >viruses to slip through." Of the two, I consider the Cringely article far more dangerous. Mr. Gantz clearly stated at the end that "AF" meant "April Fool" and the concepts were plainly ludicrous. Mr. Cringely, however, is echoing out of context some mythconceptions concerning Windows. Windows is a colletion of programs. It makes use of certain "undocumented" constructs and capabilities in MS-DOS just as NetWare DOS. The error cones in the implication that there is no way to protect against malicious software that exploits these "holes". This is completely erroneous ! The "holes" are simply alternate paths used for disk and OS access that will bypass a conventional Int 13 or Int 21 "trap" that is layered on after DOS has loaded. These are easily plugged by a system that places its "traps" <italics on> before DOS has loaded <italics off> for hardware access, and understands the special hardware where networks are involved. (ROM pointers are still present, the protection software just must know how to find them. To me, this comes under the same heading as last year's reports of the "invisible stealth" viruses that could not be detected. BALDERDASH. For example, many people are surprised to find that their machine has become infected in the partition table from an "accidental" floppy boot. If the partition table (MBR) code just checked three things such infections (like BRAIN & STONED) would have never spread: 1) Can I trust myself 2) Can I trust the disk access 3) Can I trust the MBR on the disk Such checking can be done in about 20 additional bytes. What is needed is a comprehensive integrity management scheme that is invisible to the user but encapsulates the OS. The sooner a vendor comes up with a good mechanism (and it would be easiest for MicroSoft), the sooner the public will quit worrying about hundreds of "unkillable" viruses in PCs. Oh well, the incredible diversity of virus checking programs out there makes it difficult for malicious software to be able to defeat everything. Maybe that is a good. Warmly, Padgett ps I left a similar message on Mr. Cringely's voice mail system. It has not been returned. app
nolan@uunet.UU.NET (Michael Nolan) (04/14/91)
padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) writes: >ps I left a similar message on Mr. Cringely's voice mail system. It > has not been returned. Try cringe@mcimail.com. You're much more likely to get a reply by e-mail.