0003158580@mcimail.com (William Hugh Murray) (09/16/90)
>Does anybody know something about OS/2 viruses ? I hope that there is nothing to know. I suspect that the population of instances of OS/2 is still far too small to support sucessful viruses. >Will there be new possibilities to transport and/or hide >viruses? In all likelyhood. OS/2 is significantly richer and more complex than DOS. For the moment it is also much more obscure. >Has anybody already proved that there are new mechanisms >possible, Not to my knowledge, but nothing would surprise me. >and if so: What can be done against them ? A great deal. The 80386, which OS/2 requires, provides multiple states of privilege. Thus, there can be mechanisms for fighting the virus which the virus cannot see. Such mechanisms can be much more effective than those that we have in the 808X based systems. >Did OS/2-Viruses already appear somewhere ? I have not heard reports of any. That may be evidence that there are no reports, that no such viruses have been successful, or that none have been attempted. ____________________________________________________________________ William Hugh Murray 203-966-4769 Information System Security 203-326-1833 (CELLULAR) Consultant to Deloitte & Touche 203-761-3088 Wilton, Connecticut email: 315-8580@MCIMAIL.COM WHMurray@DOCKMASTER.NCSC.MIL MCI-Mail: 315-8580 TELEX: 6503158580 FAX: 203-966-8612 Compu-Serve: 75126,1722 21 Locust Avenue, Suite 2D DASnet: [DCM1WM]WMURRAY New Canaan, Connecticut 06840 PRODIGY: DXBM57A
eli@smectos.gang.umass.edu (Eli Brandt) (09/18/90)
0003158580@mcimail.com (William Hugh Murray) writes: >>Does anybody know something about OS/2 viruses ? > >I hope that there is nothing to know. I suspect that the population >of instances of OS/2 is still far too small to support sucessful >viruses. > >>Will there be new possibilities to transport and/or hide >>viruses? > >In all likelyhood. OS/2 is significantly richer and more complex >than DOS. For the moment it is also much more obscure. > >>Has anybody already proved that there are new mechanisms >>possible, > >Not to my knowledge, but nothing would surprise me. > >>and if so: What can be done against them ? > >A great deal. The 80386, which OS/2 requires, provides multiple >states of privilege. Thus, there can be mechanisms for fighting the >virus which the virus cannot see. Such mechanisms can be much more >effective than those that we have in the 808X based systems. The protection of "protected mode" could cut both ways, however. Although it would be harder for a virus to gain access to a system, it would also be harder to detect and kill. You can't scan memory for a virus if you get nailed by a segment violation whenever you look outside your own data. The only way to look for a virus would be to ask the OS about it, and if a virus has tinkered with the OS, you're in trouble. Hopefully manufacturers will make incompatible machines which look the same to legitimate programs (because the OS handles everything) and viruses will die out of sheer UN*X-style hardware-base fragmentation. [ sig deleted ]
Kevin_Haney@NIHDCRT (11/16/90)
I am doing research for a paper on viruses in OS/2 systems. I will be covering OS/2-specific viruses (only theoretically at this point) as well as DOS viruses on mixed DOS and OS/2 systems. If anyone has any information on this topic (real life experiences, references, etc.) I would very much appreciate it if you could e-mail it to me at khv@nihdcrt on Bitnet. Questions of interest concern the possibility of DOS viruses infecting and corrupting a system when an infected program is run in the DOS box of OS/2. Are only some types of DOS viruses capable of doing this? Is the damage different from what would occur on a DOS machine. Is it possible for DOS memory-resident viruses to activate in the DOS box? Thanks in advance!
c-rossgr@uunet.uu.net (11/20/90)
>From: Kevin_Haney@NIHDCRT > >I am doing research for a paper on viruses in OS/2 systems. I will be >covering OS/2-specific viruses (only theoretically at this point) as >well as DOS viruses on mixed DOS and OS/2 systems. <enter tongue in check mode> Gee, Kevin: one can look upon viruses as the most efficient means to spread data amoung a population of users. It is well known that the most efficient means for a spread of data amoungst the OS/2 population would be for one user of OS/2 to hand the data disk to the other OS/2 user. <enter normal mode> - Oh no! Ross M. Greenberg - - representing self