JSP105@PSUVM.PSU.EDU (Jeff Payne) (02/27/91)
I was curious if there was a Windows 3.0 version (or even aware) of any anti virus software? I am currently evaluating F-Prot and Norton's virus software for use on a large scale at the company I work for, as well as Penn State's Ogontz campus. What kind of result should I expect if I were to pick up a virus? My experience with Character-based TSR's has shown that most will either be ignored or cause an UAE (the Microsoft user friendly "Unrecoverable Application Error" - about as Intelligent as "Abort, Retry, Ignore?") Does F-prot get around this? I think there would be a serious demand for a windows-based anti-virus program or even just a win front end (in the spirit of Zip Manager) for F-Prot. Although I don't claim to be a programmer, windows "TSR's" should probably be easier to write than a standard TSR, because they are actually seperate processes, running in the background. Also, has anyone tested F-Net with 3Com or Microsoft LanManager networks? I've loaded it and it didn't crash, but without a virus to test it, I can't really tell... Which brings me to my last question, Is there a "harmless" virus that I could use to test my configurations (in an isolated environment) ? If so, where could I get it and how would you recommend I do this testing? Please mail or post... Jeff Payne JSP105@psuvm.psu.edu
frisk@rhi.hi.is (Fridrik Skulason) (03/01/91)
JSP105@PSUVM.PSU.EDU (Jeff Payne) writes: >I was curious if there was a Windows 3.0 version (or even aware) of >any anti virus software? I do not (yet) offer a Windows version of my programs, but I seem to recall that Ross Greenberg is working on that (sorry, Ross if I'm not right). There is not very serious pressure to develop a Windows-specific anti-virus package - there are no Windows-specific viruses yet, and many current anti-virus products do work quite well with Windows. In the case of my own program, I do not recommend using F-LOCK/F-POPUP with Windows - they are just character-based TSR, and may cause problems. The F-DRIVER program works without problems, however, and should provide sufficient protection from known viruses. I am looking into the possibility of developing a Windows anti-virus program, but I think that is 8-12 months away. >Also, has anyone tested F-Net with 3Com or Microsoft LanManager >networks? I've loaded it and it didn't crash, but without a virus to >test it, I can't really tell... You may have to run the F-NET program after you run the network programs, to redirect some interrupts back to F-DRIVER, baut as you said, it is difficult to determine whether is is necessary without a virus. In version 1.15 of F-PROT (almost finished now), I will include a small TESTVIR.COM program, which can be run to determine if the package is working correctly. F-DRIVER should stop the program, and report it to be infected with the "Test" virus, but if F-DRIVER is not installed, or not working, a warning message will be displayed. >Which brings me to my last question, Is there a "harmless" virus that >I could use to test my configurations (in an isolated environment) ? I would recommend the Cascade virus - it is widely available, well known and all anti-virus programs should be able to detect it. The "standard" variant is also one of the most harmless viruses around. - -frisk
c-rossgr@uunet.uu.net (03/07/91)
>JSP105@PSUVM.PSU.EDU (Jeff Payne) writes: >>I was curious if there was a Windows 3.0 version (or even aware) of >>any anti virus software? > >I do not (yet) offer a Windows version of my programs, but I seem to recall >that Ross Greenberg is working on that (sorry, Ross if I'm not right). Oy, you wouldn't believe what a mess Windows internals are! I'm starting to come to the conclusion that the only thing worse than viruses is Windows. All a new virus has to do to spread is be marketed as some GUI. Make it big, stick it on a few disks, and spend lotsa bucks marketing: Voila! Seriously, though: I'm just a few days away from going beta on a full Windows compliant anti-virus version of Virex-PC -- unless I get hit with Still-Yet-Another-Undoc'ed-Whoops-We-Were-Just-Kidding Microsoft internal inconsistancy -- something I've learned to expect. Learning WIN on a crash course in order to produce this code, I gotta tell ya: WIN has *lots* of holes that a specially tailored virus will easily slip through. Taking a "regular" anti-virus program and making it work under Windows is fine to keep any of the discovered viruses to date from infecting machines -- and even that entails a great deal of work, playing lots of funky games because of missing components to Windows. When a true "Windows Virus" comes out, it will slice through all of the current Win anti-virus programs like a red hot knife through butter: it scares me to realize what Win does and how and what holes it leaves for the bad guys. I'm sorta pleased that my code will fill those holes in advance, but I do find it a tad depressing: the amount of time spent trying to fight a probable future infection is certainly taking away from time better spent doing other things -- things not virus related at all! >In the case of my own program, I do not recommend using F-LOCK/F-POPUP >with Windows - they are just character-based TSR, and may cause problems. >The F-DRIVER program works without problems, however, and should provide >sufficient protection from known viruses. I agree with you on the F-Driver code, by the way (although networking through Win leaves other holes, too!) In the case of many of the TSR variety of programs (including my own FLU_SHOT+), they work properly to avoid infections, but the required keystroke to cause a pop-up to go away is simply not getting through. >I am looking into the possibility of developing a Windows anti-virus program, >but I think that is 8-12 months away. I would think that our own development of the Win anti-virus code for Virex-PC is about 6 person months of work to date, by the way.. Ross M. Greenberg Author, Virex-PC, FLU_SHOT+ Disclaimer: this account is merely on a Microsoft machine and my viewpoints are my own.