[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference 7.286::atarist

Title:Atari ST, TT, & Falcon
Notice:Please read note 1.0 and its replies before posting!
Moderator:FUNYET::ANDERSON
Created:Mon Apr 04 1988
Last Modified:Tue May 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:1433
Total number of notes:10312

60.0. "More Virus News" by CHEST::BADMAN (Laugh? I almost did.) Tue Apr 26 1988 10:17

    I read in ST news last night that a book publisher (German, I think)
    is coming out with "The Large Virus Book" - a book which explains
    what virus' are, the forms they can take and how to write them!
    I find it hard to distinguish this book from a fictitious title
    such as "The Complete Book Of Grievous bodily Harm". This is the
    most irresponsible book ever to be published.
    
    In a similar vein, did you know that there is another virus called
    'the linker' virus, that attaches itself to .PRG's rather than residing
    in the boot sector ?
    
    
    
    				Jamie.
T.RTitleUserPersonal
Name
DateLines
60.1OH NO ......UTROP1::TRAMONTINATue Apr 26 1988 14:449
    
    Nightmare came true. This kind of self attaching virusses are a
    real danger for Public Domain software. We'll have till somebody
    finds something against it. 
    Hopes that  those guys never find out how to ignore the write protect
    nodge on the disk, as they can on the Amiga.
    
    Renato
    
60.2Rumor ControlLEDS::ACCIARDITue Apr 26 1988 14:5525
    Huh?  That's the first I've ever heard about anyone ever learning
    to bypass the write protect notch on the Amiga.  Are you sure you
    have your facts correct?
    
    Before any rumors get blown out of control here, let me state one
    fact...
    
    None of the known Amiga virus strains are capable of erasing or
    formatting a floppy or hard disk, even if the floppy is write-enabled.
    All the Amiga viruses do is lodge themselves in the floppy boot-blocks
    and occasionally print annoying messages on the screen.  The way
    to eliminate the virus is to re-write the boot blocks with the INSTALL
    command and cold reboot the machine.
    
    If a copy protected floppy (one with non-standard boot blocks) becomes
    infected (only possible if the floppy is write-enabled) and
    subsequently INSTALLed, you might munge the copy protection and
    trash the disk.
                     
    Please! be sure of your facts before starting frightening rumors.
    I read over 100 Amiga related messages a day on Plink and USENET
    and have never heard the horror you describe.
    
    Ed.
    
60.3There's really very little protection..BOLT::BAILEYSteph BaileyTue Apr 26 1988 15:147
    I'd be trivial to format the disk, rather than printing a cute message,
    though, n'est-ce pas?           
    
    The write protect on the ST is just a convention obeyed by GEMDOS,
    correct?  The bit appears in one of those registers and if it is
    in a certain state, GEMDOS won't write the disk.  All you have
    to do is make your own write routine, I would imagine.
60.4STOPIT::BADMANLaugh ? I almost did.Tue Apr 26 1988 15:1419
    I don't believe it is possible to write to a write-protected disk
    on the ST. 
    
    With regards to the linker virus, VDU has been upgraded considerably,
    and the new versions are not Public Domain. The VDU program is over
    70K in size now, and deals with the linker virus, and also disposes
    of a particularly nasty virus on the ST that will delete the entire
    FAT of a disk if a file exists with a creation date in 1987. These
    things are getting serious.
    
    I have to admit that the concept is intriguing, and I have experimented
    a little with virus' myself (taking care not to infect any disks
    that I didn't want infected), but to produce a strain as malicious
    as these takes a warped mind. In fact, to release a virus outside
    of your own control at all is a despicable act.
    
    
    
    				Jamie.
60.5Anyone looking for a midnight project?BOLT::MINOWJe suis marxiste, tendance GrouchoTue Apr 26 1988 16:5519
I suspect the only way to "fix" virus programs is to build a program that
maintains a database of files and their signatures.  The signatures must
be build using a sophisticated algorithm (checksum or crc-16 are too
easy to fix).  The program would be kept on a private disk (run by
powering the machin off and booting the disk read-only).  The database
would be maintained by the program on a disk that contained nothing else.

In addition to your program files, you would have to build a signature of
the boot block(s) and the "hidden" system files.

There's a new Macintosh program around that does absolutely nothing.
It's only purpose in life is to sit on your system and wait to be
infected.  (It's only 300 bytes long, so a directory listing would detect
an infection.)

I'm afraid that, until we get good signature mechanisms, all we can do
is stay one jump ahead of the slime.

Martin.
60.6BAGELS::BRANNONDave BrannonWed Apr 27 1988 00:056
    think of a computer virus like a real virus - you take precautions, learn
    to recognize the symptoms, try to stay healthy, etc.  Same sort
    of thing.  Eventually you may get one anyway, then you just try
    to minimize the hassle.
    
    -dave
60.7BAGELS::BRANNONDave BrannonWed Apr 27 1988 00:2420
    the write protect notch was discussed at length on Usenet.  The
    conclusion was that there is a physical write protect in the
    disk drive hardware that prevents a write protected disk from being
    written to.
              
    That will protect the disk until you actually want to put something
    on the disk.  Then the lurking virus will jump on the disk as soon
    as you write enable it.
    
    Note that there is no write protect for a hard disk drive.  That
    is what makes running unknown pd software from the hard disk so
    much more fun.  Can you say backup? what backup? that one with
    the virus ticking away on it?
    
    I found a file of the more common viruses in the ibmpc world on
    a bbs, anything they can do to an ibmpc can be done to a ST or
    Amiga.  We've just been lucky that it has taken this long for that
    sort of person to learn how to do it.
                                         
    -dave
60.8medicine for virusDUVEL::SIMONISThu Apr 28 1988 08:1425
    Hello I want to put here some ideas I have thought tonigh ...
    
    1) do you know the story of the King of the Jungle who was a GIANT
    Lion ,the Biggest,the most clever,INDESTRUCTIBLE .He did destroy
    everything and did kill everyone on his way.Nobody found a way to
    kill him,till a mouse came ... She discovers that time to time the
    Lion was loosing some 'fingernails' (Is this the correct word?)
    and that these nails was incredibly hards ,solid and SHARP!This
    was the solution,using one of the nails of Lion self to kill him
    and she succeeded .
    2) In chemestry the specialists use sometimes a virus to kill another
    one .Of course the first one is 'under control'.
    3) and the story of the snake eating himself starting from his opposite
    end ...
    
    Do you see what I mean ?You could perhaps use these ideas during
    your 'midnight work'.Unluckily I'm not a specialist of GEM BIOS
    ... so I shall not be able to help you but good luck to you.
    The signature solution of .5 is also a good idea but how to verify
    the safety of a disk coming from outside with new software?If this
    disk is 'hacked' and if you can't determine this fact you will 
    'secure' an infested disk !
    I hope I was not too boring 
    regards		Vincent
    
60.9Antibiotics ...STOPIT::BADMANLaugh ? I almost did.Thu Apr 28 1988 13:3321
    RE .8
    
    Are you suggesting that a counter virus is created that hangs about
    in RAM until a disk infected by another virus is detected in the
    drive, and then give the disk a shot of anti-biotics by copying
    itself, a harmless virus, onto the disk in the place of the hostile
    virus.
    
    This is a good idea, providing the counter-virus can be sure that
    the dodgy looking piece of code in the boot sector, in the text
    section of a program, etc IS a virus and not a legitimate piece
    of code. This would be hard to do.
    
    
    Or in your way of putting it, the mouse is alright as long as it
    uses one of the lions nails and not one of its own by mistake !
    
    
    
    
    				Jamie.
60.10standard way of thinking ...DUVEL::SIMONISFri Apr 29 1988 07:4216
	Hi Jamie,
	you are right but the difference seems obvious between
	a mouse nail and a lion one ? no ?
	So if everybody making software and writing disk did use 
	the same 'standard' it would be easy to recognize an 
	infested disk or software and then kill him.Imagine to 
	start a 'International Anti-Virus Club' where every member
	use the same 'standard' then the only way to infest disk
	would be to make a 'true' software containing the virus but
	which would not 'disturb' the standard used .This would be
	more difficult to build no?
	bye 		Vincent

	P.S. Of course protection of software would be more difficult
	     also ...
60.11Some general thoughts.UTROP1::TRAMONTINAWed May 04 1988 14:4131
    re .2
    	OOps, sorry for taking rumors for granted.
    
    
    Viruses are easy to make!!!!
    As they are 'normal' 68000 code it is not possible to detect wether
    a program is virus or not. A program becomes virus because of the
    actions of the program. The only way to test that is to use the
    program.....
    
    The best possible protection is general knowledge about the virusses.
    If everybody knows how to recognize them, the problem is half way
    solved. With the boot sector virus it very easy, test every unkown
    disk before putting it in your collection. 
    For the attaching ones, wich are simple to write, it is more difficult.
    Think of a virus wich puts itself over the beginning code of a program.
    The orginal program never works again, but the size is the same,
    even the CRC could be made the same. The virus does some nasty things,
    like installing itself on the ST and displays some idiotic message
    like 'Not enough memory to run' ect.
    Try finding that one in your 100+ disk collection.
    
    Something to think about:
    
    The virus is invented by a great software firm to kill the illegal
    copiing circuit.
    
    Greetings,
    
    Renato
                                               
60.12Time ArticleEXPRES::FISTERWed Sep 28 1988 10:5810
                        -<  Those Interested >-
    
    	   Yes, this virus deal is both interesting and scary as hell.
    	I've gotten some of the virus detector/killers off of GEnie
        Compuserve, but I still don't feel safe.
    	   Anyone who has read this week's Time magazine about such
    	nastiness and are interested in the 'core wars' idea can find
    	the original articles reprinted in a book called 'The Armchair
    	Universe', available at your local bookstore. 
    
60.13From one of the local BBS' down herePNO::SANDERSBa belaganaWed Sep 28 1988 13:1110
        There is supposed to be a version of EXPRESS, V5.0 that is
        floating around.  This version will produce an unreadable sector
        on your harddisk.  According to Kieth Ledbetter the last released
        version of EXPRESS was v3.0b.
        
        This is unconfirmned from the a fellow up in Washington or Oregan
        on the IBBS.
        
        Bob
60.14FOOT::BADMANI owe, I owe, so off to work I go ...Wed Oct 12 1988 13:014
    Who is the author of "An Armchair Universe" ???
    
    
    				Jamie.
60.15Armchair authorWSE071::ANDERSENWed Oct 12 1988 20:106
    "An Armchair Universe"  was written by A. K. Dewdney who
    
    also writes the Computer Recreation column in Scientific 
    
    American.
    
60.16Author! Author!EXPRES::FISTERFri Oct 14 1988 10:128
    
    	   "An Armchair Universe" was written by A.K. Dewdney. The book
    	is a series of articles originally published for Scientific
    	American.
    
    						Les
    						 \8^)
    
60.17core warsDISCVR::FISTERTue Nov 08 1988 15:316
    
    	   Also...anyone interested in core wars? Apparently so...there
    is a note file for it. It's CVG::COREWARS.
    
    				Les
    				 \8^)
60.18New?DISCVR::FISTERBe all, and you'll be the end allTue Apr 25 1989 19:0618
    
    	I've been out of this conference for awhile now, and i've got
    a question...
    
    	A couple days ago, after a one-month period of dormancy, I booted
    the Mega2 up. I had no problem in opening my database with the mouse,
    but I couldn't enter any information by the keyboard.
    	I wiggled the connectors. I rebooted. Same thing. So I, being
    human, do a mad typing spree which consists of hitting all keys
    at once.
    	Then this window pops up, and says "Does your mother know you
    bang on your computer like that?"
    	I rebooted, and everything's fine!
    	Is this something new? Will it happen again? Has anyone seen
    this? It was kind of funny, but could become annoying real fast...
    
    						Les