VIRUS-L Digest Monday, 19 Dec 1988 Volume 1 : Issue 51 Today's Topics: Trapdisk (PC) Re: Write protected disk written, etc. (PC & general) Debrain.C (PC) low level format for PC/XT Confusion about the Brain virus. (PC) Brain Virus (PC) How safe are write-protect tabs? (PC) Common sense re: software suppliers --------------------------------------------------------------------------- Date: Fri, 16 Dec 88 13:59:46 -0800 From: Steve Clancy Subject: Trapdisk (PC) I have used Trapdisk in the past and am very pleased with it. Trapdisk is a newer version of something that used to be called BOMB. I like it because it allows a command line, such as TRAPDISK WF as a command to write protect your disk against a write or format. I also like being able to disable it at will (TRAPDISK U), but I do not like that it remains memory resident. There is also another very good program called HDSENTRY. I'm afraid that I cannot comment on how well either handle sophisticated attempts to get around their protection. - -- Steve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Steve Clancy | WELLSPRING RBBS | | Biomedical Library | 714-856-7996 24 HRS | | P.O. Box 19556 | 300-9600 N,8,1 | | University of California, Irvine | 714-856-5087 nites/wkends | | Irvine, CA 92713 | 300-1200 N,8,1 | | | | | SLCLANCY@UCI | "Are we having fun yet?" | | SLCLANCY@ORION.CF.UCI.EDU | | | | | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------ Date: Fri, 16 Dec 88 21:25:07 EST From: "Homer W. Smith" Subject: Re: Write protected disk written, etc. (PC & general) > I found that if I booted a machine with an infected disk, > and then put a new clean boot disk WITH A WRITE PROTECT > TAB in the same machine and performed a warm boot, the new > disk also became infected. Nothing short of turning the > machine off and then back on was safe enough. How can a disk with a write tab on it become infected? As some of you know I run a small home company called ART MATRIX. We produce and sell many items related to fractals like videos and slide sets etc. We also offer program disk on IBM 5" disks that have nothing but fortran source code, no system, no nothing but ascii files. I presume these disks are ABSOLUTELY SAFE in ALL CIRCUMSTANCES. We have for a long time been considering selling a MAC disk that would introduce the user to fractals that was written in Forth and was highly interactive and very much executable code. With all this virus stuff going around I have had to have second thoughts. For one, ART MATRIX is not a corporation and has no corporate veil to hide behind in case of litigation. We are a partnership and and law suit could ruin me personally. From what I can see, there is no absolutely safe way to guarantee that the disks I send out are virus free, and no safe way to prove they WERE virus free if they should later become infected. Thus what on EARTH would motivate me to produce this disk and risk my LIFE selling it to a world wide audience. We have many people clamoring for this disk, but now with the news that fresh disks from reputable factories have viruses, I just cant see my way to getting into the business. 1.) Who is legally liable for a virus if a new disk bought by a customer has one? How does one prove that one did one's best to insure the disk was virus free? Does it matter that one did one's best or is it always the manufacturer's fault? 2.) Should I produce the disk? 3.) What is going to happen to the software industry as a whole? ------------------------------ Date: Sat, 17 Dec 88 00:03 EDT From: Paul Coen Subject: Debrain.C (PC) I received a copy of debrain.c some time ago, and I finally got around to attempting to compile it (Turbo C). Basically, it wouldn't compile, I was getting syntax errors (particularly on the \ character in the code). I don't know C, so I'm having some trouble figuring out what's wrong. The version of Turbo C I got from our software library is 1.0, could that have something to do with it? Any help would be appreciated. Oh, and just to keep all of you happy....this is for the IBM PC/XT/AT and compatables. With the Brain virus popping up right and left all of a sudden, I'd feel more comfortable with a running copy of this around. Side note: We've got about a 1.1 to 1 computer to student ratio here, and we've yet to get hit with any kind of a virus. I'm keeping my fingers crossed! +----------------------------------------------------------------------------+ | Paul R. Coen Student Operator, Drew University Academic Computer Center | | Bitnet: PCOEN@DRUNIVAC U.S. Snail: Drew University CM Box 392, | | PCOEN@DREW Madison, NJ 07940 | | Disclaimer: I represent my own reality. | +----------------------------------------------------------------------------+ ------------------------------ Date: Sat, 17 Dec 88 06:55:29 EST From: "Homer W. Smith" Subject: low level format for PC/XT Again I want to thank all who offered help on low level formats of my PC/XT hard drive. Nearly everyone mentioned the debug g=c800:5 but on my machine this produces nothing. How do I find the correct starting address for my machine. How do I find out what kind of disk drive is in it? By taking off the cover and looking at it? There seems to be some confusion about what the format command does. Some say it erases only the FAT entries which as good as makes the data on the disk unusable. The manual seems to imply that the data on the disk is actually erased. If it is not erasing the data why does it take so long? What real danger is there to doing just a format in terms of leaving virus remanants behind? ------------------------------ Date: Sat, 17 Dec 88 12:10 EST From: Subject: Confusion about the Brain virus. (PC) This concerns the discussion about the Brain virus in the VIRUS-L digest. > I found that if I booted a machine with an infected disk, > and then put a new clean boot disk WITH A WRITE PROTECT > TAB in the same machine and performed a warm boot, the new > disk also became infected. Nothing short of turning the > machine off and then back on was safe enough. When I found some of my 5.25" floppies infected with the Brain virus, some folks at the labs and computing center told me that a write-protected disk couldn't get infected because the write-protection mechanism was "hardware controlled" and couldn't be circumvented by any software. So I was confused when I read the lines (above) because the information given to me by the lab operators is wrong and it is possible to bypass "write-protection" using software. Could some one please explain 1. Why a warm boot by itself is not enough to prevent the spread of infection 2. How a write-protected boot disk could get infected during warm boot. This could be very helpful to a lot of us (the PC user community at Virginia Tech) who don't know too much about the operation of Viruses. Thanks in advance. - -Mathew Mathai - ---------------------- Virginia Tech | Bitnet : mathai@vtcc1 | - ---------------------- ------------------------------ Date: Sun, 18 Dec 88 12:45:46 EDT From: Subject: Brain Virus (PC) Ok here is what I did. I formatted 7 brand new disks fresh out of the box from a copy of DOS I know is clean and secure. I checked the 0,0 on the disk to be s ure BRAIN WAS NOT HIDING THERE. I then unwrapped the word processing program and follwed the instructions to in stall the program onto the floppy disks. I then checked the 7 disks and found the BRAIN logo on 0,0 which is where it is know to hide, on all of the disks. So, perhaps you can tell me where else it could have come from if not direct fr om the manufacturer's disks? I will not publish the name of the manufacturer (because we know those people in Utah can get testy sometimes) but I have answered all private requests for the companies name. [Ed. Fair enough...] ------------------------------ Date: Sun, 18 Dec 88 15:07:42 EST From: Naama Zahavi-Ely Subject: How safe are write-protect tabs? (PC) Hello! A non-expert question: how secure are write-protect tabs against viruses? Are write-protect tabs based on hardware (ie the drive will not write on a disk with a write-protect tab on, no matter what)? Or is it simply a matter of an error code, which might be disregarded by a clever virus? It is well known that file write-protection is easily circumvented by viruses; it is also well-known that viruses can prevent a write-protection error code from being displayed after trying to write to a tab-write-protected diskette. Can a virus actually write to a tab-write-protected diskette? There has been a report recently on Virus-L of an infection of a write-protected diskette -- unfortunatly without any details. Since I, and I am sure many others, used to regard write-protect tabs as completely secure (as long as they are left on!), I would appreciate very much any information to the contrary. Thanks and have a good holiday period! Naama + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- + | Naama Zahavi-Ely | | Project ELI E-MAIL ELINZE@YALEVM.BITNET | | Yale Computer Center | | 175 Whitney Ave | | New Haven, CT 06520 | | (203) 432-6600 ext. 341 | + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- + ------------------------------ From: portal!cup.portal.com!dan-hankins@Sun.COM Date: Sun, 18-Dec-88 12:49:30 PST Subject: Common sense re: software suppliers In article <16 December 88, 16:46:22> Otto Stolz writes: >You are right insofar that even they are not infallable. However, you >can be sure that they will undertake every possible attempt to >minimize impact on their customers (they will suffer great losses if >they won't succeed). At least you know whom to sue for lost property >:-) First, the number of commercial programs being distributed with viruses (*known viruses* - they could have easily detected and prevented them) is growing weekly. Second, the license agreements of most or all software packages prevent you from suing the distributor or author for lost property. >This kind of malice shakes our society to its very foundations; it >resembles offering toxic or rotten food in a restaurant, or loosening >bolts at the steering assembly of other people's cars. Both of the acts you mention have a very limited scope, and do not affect more than a tiny fraction of the population. I'd think a more accurate comparison would be someone who creates an AIDS vaccine for himself, then infects himself with AIDS and deliberately has sexual contact with as many people as possible. >However, a certain amount of caution can be expected from the customer's >side: you probably would not go out to a dirty restaurant, and you would >ask everybody (even your friends) what they were doing under your car, if >you caught them working there and hadn't asked them for help. My recent >note meant to establish this sort of common sense for receiving and >running programs, now we all have heard of possible virus carriers. Even nice, clean people get AIDS. The untrustworthy person has intercourse with a slightly more trustworthy person, and that person has intercourse with a slightly more trustworthy person, and so on. Or a really trustworthy person suffers a single lapse of judgement. Etc., etc. And software 'condoms' are a lot harder to come by, given the nature of computing devices. >> Sometimes even the people writing the software do not understand all of >> it. > >Then, they'd better attend a course in structured programming or give >up programming, altogether. I personally know of a software project that is in excess of ten million lines of code. I dare anyone to (within ten years) read and understand in detail all of it. Dan Hankins ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253