Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!ux1.cso.uiuc.edu!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: krvw@SEI.CMU.EDU (Kenneth R. van Wyk)
Newsgroups: comp.virus
Subject: Re: 80386 and viruses (PC & UNIX)
Message-ID: <0005.8911212031.AA18181@ge.sei.cmu.edu>
Date: 21 Nov 89 18:46:23 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 32
Approved: krvw@sei.cmu.edu

>> Would someone elaborate on this?  Surely a program (virus or otherwise)
>> running under the emulator could do the same things, including deleting all
>> the files it can find, as on DOS.  What protection is provided?  Perhaps
>> not allowing access to the FAT, boot sector, etc.?

At least in the case of VP/ix (which I used on a Zenith 386 SCO Xenix
system when I worked at Lehigh), all DOS calls are subject to
"approval" by Xenix - or UNIX for that matter, on a 386 UNIX system.
All interrupts, etc., are handled by Xenix in the end.  The DOS
session(s) runs as a virtual 8086 on the 386, and is given an image
file which appears to be a physical hard disk to the DOS session.  The
"boot sector" per se is just part of a file on the Xenix file system
(or on a floppy if the VP/ix system is rebooted from floppy).  I would
imagine that this logical physical (?!) drive would be subject to boot
sector infections, but the actual Xenix disk is treated as a network
disk.  If a VP/ix process tries to delete or alter any of the Xenix
files, it would be subject to standard Xenix file protection
mechanisms.  I never did try to perform any direct (via hardware) read
or writes on the hard disk, but I suspect that they would be stopped.
Can anyone confirm this?

One interesting side-effect of the way VP/ix works is that a
(ctrl-alt-del) reboot really works - and can, in fact, be used to
reboot from floppy.  The VP/ix session boot DOS, while leaving the
Xenix system quite in-tact.  Very disconcerting the first time it's
done.

Running a DOS emulator under UNIX (or Xenix), in my opinion, would be
a very expensive anti-virus tool.  To me, there are plenty of other
good reasons to run UNIX on a 386 or 486.

Ken