VIRUS-L Digest Wednesday, 10 May 1989 Volume 2 : Issue 112 Today's Topics: Yet more on SYS (PC) Biological analogues More on SecureINIT (Mac) More caveats on SecureInit (Mac) --------------------------------------------------------------------------- Date: Tue, 9-May-89 08:50:39 PDT From: portal!cup.portal.com!Alan_J_Roberts@Sun.COM Subject: Yet more on SYS (PC) Original-From: Lynn Marsh (HomeBase) In reference to the SYS command, I'd like to point out that for some boot viruses we have to precede the use of SYS with the Norton Disk Doctor 4.5 "Make Disk Bootable" option. Notably some versions of the Ping Pong virus will not succumb to SYS alone. The instruction list we provide to infected sites is very long and it's difficult to encapsulate it into a message for a forum such as this, so it is easy for people to misunderstand or misinterpret global statements that Mr. McAfee is prone to make. He is correct that the SYS always works. He did not go into detail on preparations for its use. ------------------------------ Date: Tue, 9 May 89 12:28:41 pdt From: atari!apratt@ames.arc.nasa.gov (Allan Pratt) Subject: Biological analogues I don't read this list much, so this might have been mentioned already... Somebody suggested the possibility of a "useful" virus, which could go around and destroy other, harmful viruses, but which itself has no negative effects. These are used in the real world, but one objection is the worry that a programmer who "thinks" there are no harmful effects might be wrong, and once the genie is out of the bottle, there's no putting it back. Well, there is. Biological types often "key" their creations with certain properties specifically for identification and eventual destruction. For instance, a virus might be created which can only survive in a potassium-rich environment. The idea is that if it ever gets out of the test tube, it'll die before it can do any damage. Another property you can give a virus is a sort of "back door" to killing it -- squirt manganese at it or something. This is especially applicable to benevolent computer creations: you can deliberately code in an easy way to kill the thing, such as the presence of a file with a certain name, or a certain magic number in a cookie someplace in RAM. My point is that there *are* safeguards against accidental contamination and ways to make a program deliberately killable. ============================================ Opinions expressed above do not necessarily -- Allan Pratt, Atari Corp. reflect those of Atari Corp. or anyone else. ...ames!atari!apratt [Ed. As Dr. Murray will remind us - be careful what you ask for, you may get it.] ------------------------------ Date: Tue, 09 May 89 17:55:36 EDT From: Joe McMahon Subject: More on SecureINIT (Mac) >From Zig Fiedorowicz's review of SecureINIT (I've paraphrased it a little for the VIRUS-L digest):Clicking "Install in System" crashes the machine. >Checking the combination of "Refresh system files", "Kill system aliens", >"protect drive after use", "close all windows at startup", "eject alien >system disks" causes SecureINIT to delete the Finder upon startup! You must >press the List button in that row and specifically ask to keep the Finder... >In the previous version of the program, SecureINIT on one occasion deleted >all applications on the startup disk and then put a software lock on the disk! > >...It appears to me that the only countermeasure SecureINIT has >against viruses is locking the System file. This is much more >easily and safely accomplished with ResEdit. If you unlock the System, >reboot and run an application infected with nVIR A, the System is infected >and the infection spreads to other applications, with no warning from >SecureINIT... The slightly more sophisticated nVIR type B unlocks the >System file by itself before trying to infect the System. No matter what >options were checked in SecureINIT, SecureINIT seemed to be completely >helpless against this virus. There was not the slightest warning that >anything was wrong. > >Lastly, I should point out that SecureINIT uses up a lot of disk space. >It makes copies of the System file and Finder, and presumably of other >files in the System Folder. However it doesn't seem to do anything with >these copies. As I noted in the preceding paragraph, Secure Init apparently >does not notice the difference between an infected System and the duplicate >copy ... > Sincerely, > Zig Fiedorowicz > 73407,1521 (CompuServe) Summary: Do NOT use this program. It is buggy, does things you would not expect a "nice" program to do, and despite the claims in the documentation, provides NO protection against viruses. --- Joe M. ------------------------------ Date: Tue, 9 May 89 19:04 GMT From: "Frank O'Dwyer, Computer Science, TCD, Dublin 2, IRELAND" Subject: More caveats on SecureInit (Mac) Recently there was a message on this list concerning 'SecureInit' for the Mac, which stated: >SecureInit installs some invisible inits in my >System Folder. Why not make them visible, and let the user decide on >visibility/invisibilty (there are a wide variety of utilities that let >you do this). I thought that the Mac OS never runs invisible INITs? In any case, why have them invisible since the INITs are only hidden from the user, not other programs! All in all, this behaviour sounds more like that of a virus than a security program! - ---- Frank O'Dwyer, e-mail: FMODWYER@cs.tcd.ie Dept. of Computer Science, Trinity College Dublin, IRELAND. "Notice all the computations, theoretical scribblings, and Lab equipment, Norm... Yes, curiosity killed these cats." ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253