VIRUS-L Digest Thursday, 3 Aug 1989 Volume 2 : Issue 167 Today's Topics: viruses that reprogram ANSI keys Re: Computer Condom Re: Shareware? Hmm... (Mac) OS/2 and viruses... Re: Axe by SEA - not an anti-viral Re: os/2 question (PC) --------------------------------------------------------------------------- Date: Wed, 02 Aug 89 07:56:19 -0400 From: Subject: viruses that reprogram ANSI keys Hi, Just a quick note about viruses that reprogram keys to do nasty things. Several good terminal emulation packages have a feature that allows you to 'lock out' any host generated key redefinitions. With Persofts Smarterm 220/240 series of programs you can set the 'User Features Locked' and the program will ignore all attempts to reprogram the keys with escape sequences. Andy Wing V2002A@TEMPLEVM.BITNET [Ed. Not bad, but does MS-DOS's ANSI.SYS allow to lock out these sequences? I don't believe that it does. If not, escape codes imbedded in documentation, for example, can do a lot...] ------------------------------ Date: Wed, 02 Aug 89 09:26:00 -0400 From: Subject: Re: Computer Condom Barry D. Hassler writes: >Pardon me for my opinions (and lack of expertise in viral control), but I >think these types of products are dangerous to the purchaser, while most >likely being especially profitable for the seller. I just saw a copy of >this floating around to some senior management-types after being forwarded >several times, and dug up this copy to bounce my two cents off. >First of all, I don't see any method which can be guaranteed to protect >against all viruses (of course the "when programmed to your requirements" >pretty well covers all bases, doesn't it?). Naturally, specific viruses or >methods of attach can be covered with various types of watchdog >software/hardware, but I don't think it is possible to cover all the >avenues in any way. Barry, I think it was supposed to be a joke. I mean, the company president's name was Rick (or Dick) Cummings... Think about it. It's even better than that thing by Mike RoChanle (Micro Channel). Remember that? Damian Hammontree System Programmer, Johns Hopkins School of Medicine, Baltimore MANAGER @ JHUIGF Disclaimer: I wouldn't be suprised if it was on the level and I'm wrong about this, but I don't think so.... 8^) ------------------------------ Date: Wed, 02 Aug 89 08:31:05 -0500 From: Joe McMahon Subject: Re: Shareware? Hmm... (Mac) Here is Jeff Shulman's reply to my letter about VirusDetective. ----------------------------Original message---------------------------- Bob forwarded your letter to me. I *would* appreciate you sending a followup letter to the virus list since I feel my reputation is at stake. I do empathise with the possible hurt feelings a user may have when seeing a bill for being honest. I have since been sending a letter of explanation as to why the price increased. I am still sending users what they paid for at the old price along with the bill (your friend *did* receive a disk if you recall). I'm not out to punish my honest users but to inform them that there has been a price increase and I would appreciate it if they paid the difference (after all it isn't fair to the new users who *pay* the current higher price for someone who paid the lower price, at the same time, to get the same service). Jeff uucp: ...rutgers!yale!slb-sdr!shulman CSNet: SHULMAN@SDR.SLB.COM AppleLink: KILROY Delphi: JEFFS GEnie: KILROY CIS: 76136,667 ------------------------------ Date: Wed, 02 Aug 00 19:89:34 +0000 From: utoday!greenber@uunet.uu.net Subject: OS/2 and viruses... OS/2 makes some hardware calls for things such as formatting a disk. It goes around the bios. As such, none of the monitoring type programs are gonna stop an OS/2 FORMAT command to trigger. Found that out the hard way! :-) Ross Ross M. Greenberg UNIX TODAY! 594 Third Avenue New York New York 10016 Review Editor Voice:(212)-889-6431 BBS:(212)-889-6438 uunet!utoday!greenber BIX: greenber MCI: greenber CIS: 72461,3212 ------------------------------ Date: Wed, 02 Aug 00 19:89:13 +0000 From: utoday!greenber@uunet.uu.net Subject: Re: Axe by SEA - not an anti-viral Programs such as Axe, which are stand alone decompressors, should not be considered an effective defense by any means angainst virus attacks. Consider a vanilla program, compressed and wrapped up in a decompress shell. Fine. Now, stick a virus around the shell (shell-within-a-shell). When you execute the program, the virus executes, then the decompressor starts to work. The checksum doesn;t match, so the system hangs, or aborts, or whatever. However the virus has already run.... (viruses such as the TSR Israeli Virus may not run, though, since the infected program is never really run if it crashes....) Ross Author, FLU_SHOT+ ------------------------------ Date: 03 Aug 89 04:39:10 +0000 From: kelly@uts.amdahl.com (Kelly Goen) Subject: Re: os/2 question (PC) none of the com infectors I think would presently pass and none of the exe infe ctors at present for the strains that homebase has gotten samples of could....b ut exe header info for dos , windows and os2 is in essence somewhat the same(i. e. exe hdrs for windows and os2 contain extensions to the regular format...) if the exe file from dos will run unchanged in the compatibility box then I think you may indeed have a possibility of infection... however os-2 executable woul d tend to have selective parts of their exe header mashed...ones that I would t hink would represent a real possibility of infection would be the improved stra ins of the jerusalem virus(the strains that infects exe hdrs correctly) and oth er exe infectors that are reasonable well behaved...however the subject of tran sport viruses has come up before in conversations between john and myself and I think at least that it represents a real possibility...(also note that lacking a os-2 system at this time I am essentia! lly winging it...I did however tak e a look at the various header formats and various exe infectors that homebase folks have provided disassemblies of in answering in this fashion). If any of t he os-2 folks have comments negative or positive out there e-mail me and I will summarize to the net on this.I am also personally looking into this with respe ct to 386, Interactives UNIX 5.3 and their DOS under UNIX Option!! cheers kelly disclaimer: neither AMDAHL Corp. nor ONSITE Consulting take any responsibility nor make any warranties for what I say... it is totally and completely the res ponsibility of Cybernetic Systems Specialists Inc. and myself... flames>>/dev/nul ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253