71435.1777@CompuServe.COM (Bob Bosen) (10/23/90)
In Volume 3 Issue # 172, Michael Kessler writes: >An aside: one LAN manager on this campus swears by 3Com for the MAC, >stating that one big advantage is that an individual's account may be >infected, but the virus cannot travel to other files on the disk >because Mac viruses cannot travel in a DOS environment. Anyone care >to comment? If I understand the environment about which you are speaking, then I do not think this is a reliable defense mechanism. The environment sounds familiar because several of my clients have asked me similar questions along this line: "Suppose I have several MS-DOS workstations on a LAN. Suppose that the LAN includes one or more shared file systems running on separate file server machines of dissimilar types, like Novell, 3-COM, DECNET-DOS, etc. If MS-DOS workstation "A" is infected by a virus, is it possible for it to infect files on these servers? Is it further possible for that infection to spread to the other MS-DOS workstations?...." In most cases, the answer to the above question is YES, since each workstation gets a "DOS-like" view of the shared file system. Infected applications on MS-DOS workstations can probably access shared files as if they were local files, and many viruses can spread by this means. Even if the shared file system is administered by "foreign" hardware such as a Mac or a VMS machine under DECNET-DOS, applications on the local MS-DOS workstation still view the file system as if it were a collection of local files which could be infected. Other workstations accessing shared files that have been infected may well drag the infection onto their local disks and subsequently infect other shared files too... It is interesting to note that programs on the servers that are native to "foreign" (non MS-DOS) environments are probably safe from infection by the typical MS-DOS based virus. In the above example, although it would be easy to imagine severe infections of MS-DOS files made available to a LAN from a VAX running DECNET-DOS, it would be very unlikely for VMS itself, or any "native" VMS applications to be infected without a specially targetted attack that was aware of the configuration and exploited some bug in the server's architecture. For the same reasons, viruses in VMS applications would be unlikely to spread to MS-DOS files. If your server is a Mac, it is unlikely that Mac viruses will spread to MS-DOS files, but MS-DOS viruses will be generally unimpeded. In view of the general disregard of security issues demonstrated by most LAN vendors so far, it will not be surprising if viruses develop that can cross these server-operating system boundaries by exploiting known bugs or by deceiving system operators into granting executable control to decoy programs. But so far, I have heard of no such thing. Bob Bosen Enigma Logic Inc. Concord, CA USA Internet: 71435.1777@COMPUSERVE.COM Tel: (415) 827-5707 FAX: (415) 827-2593