XPUM04@prime-a.central-services.umist.ac.uk (Anthony Appleyard) (08/01/90)
There has been several bouts of discussion on Virus-L on the subject of antivirals that spread like viruses. As far as I can tell from reading back issues of Virus-L, a few antivirus viruses have been released, with varying results:- (1) Mac: The original nVIR deleted a system file, so a new nVIR was released which killed the old one. (2) PC: Den Zuk was released to kill Brain; it also killed obsolete versions of itself. But Den Zuk had a bug, which made it delete data when infecting small disks. (3) Amiga: North Star (I & II), supposed to kill other viruses and nothing else. It works like a normal bootblock virus, with two good exceptions. If it finds a unknown bootblock (normally an auto-loading game), it DOESN'T replace that bootblock, so the game keeps working. If it finds a virus on a write-protected disk, it asks you to remove the write-protection. (4) Amiga: System Z (3.0 & 4.0 & 5.0): boot sector virus, asks the user's permission before infecting anything. The arguments put against them are:- (1) Ethics: System Z handles this point by asking the user's permission before infecting. (2) Risk of them malfunctioning and becoming ordinary harmful viruses: E.g. Den Zuk. This point should be handled by thorough testing and debugging. (3) Risk of them being hacked into harmful viruses: There are enough ordinary harmful viruses about for virus-writers to hack at. Antivirus viruses can be protected by some sort of internal checksum tested by well-encrypted code, to test for unauthorized alteration. The main inaccessible reservoir of virus infection is the many microcomputers in private ownership, often used mainly by children and teenagers, who are often ignorant of viruses, imagining that virus damage is hardware malfunction or software bug or the way of the world, with no hope of access to email or the usual channels of getting virus news and antivirals. There are far too many of these micros for any sort of national register to be kept of where each is kept, for a tester to go round them like in a firm or a university. The only way that I can see of getting some sort of antiviral well distributed among this widely scattered chronically infested population, would be for the antiviral to distribute itself, i.e. to spread like a virus. It is a choice of evils. For example, if Den Zuk hadn't got the bug of malfunctioning on small disks, it would likely have spread largely ignored, and flushed out the harmful Brain from most of the places where it breeds in children's bedrooms among unsupervised IBM PC's and casually-exchanged game floppies, until a Brain-infected videogame gets run on a university or official or school computer and endangers important programs and data. {A.Appleyard} (email: APPLEYARD@UK.AC.UMIST), Wed, 01 Aug 90 14:50:32 BST
CHESS@YKTVMV.BITNET (David.M.Chess) (08/02/90)
Anthony Appleyard <XPUM04@prime-a.central-services.umist.ac.uk> writes, among other things: > For example, if Den Zuk hadn't got the bug of malfunctioning on > small disks, it would likely have spread largely ignored, and > flushed out the harmful Brain from most of the places where it > breeds... I imagine there will be lots of flames on this, and I don't really want to add to them (on the other hand, I don't want there to be no response to the item, so here I am!). I'm not sure if Mr. Appleyard means to imply that if the Den Zuk had only been less buggy, it would have been a Good Thing; if that's the intent, though, I'd like to disagree strongly! Any virus (with or without the Den Zuk's Brain-removal, "logo" and other side effects) that messes around with my system without my knowledge is a Bad Thing. It will eventually spread to some place where it will do harm (a non-standard disk format that it doesn't notice, but messes up; a new version of the op system that it's not compatible with; or whatever). The only anti-virus virus that would be at all defensible would be one that announced itself in large and unmissable letters when first run, and gave the user the option (which I, personally, would always exercise) to tell it to erase itself completely from the system. Even then, I don't entirely share Mr. Appleyard's confidence that there are already so many sample viruses out there that one more won't provide budding virus writers with extra education. I'm not certain that it would, but I wouldn't want to take the chance... DC
frisk@rhi.hi.is (Fridrik Skulason) (08/09/90)
In addition to the viruses described in the original posting, some of the variants of Yankee Doodle are anti-virus viruses - they modify the Ping-Pong virus, so it will self-destruct. - -frisk - -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |