Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!wuarchive!uwm.edu!ux1.cso.uiuc.edu!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: peter%ficc@uunet.UU.NET (Peter da Silva) Newsgroups: comp.virus Subject: Re: 80386 and viruses (PC and UNIX) Message-ID: <0009.8911271233.AA05551@ge.sei.cmu.edu> Date: 22 Nov 89 19:02:18 GMT Sender: Virus Discussion List Lines: 35 Approved: krvw@sei.cmu.edu In article <0004.8911212031.AA18181@ge.sei.cmu.edu> you write: > peter%ficc@uunet.UU.NET (Peter da Silva) writes... > >It's called "Merge 386" or "Vp/IX". > >[Ed. These products, by the way, are DOS emulation boxes for i386 > >based UNIX and XENIX products.] > Would someone elaborate on this? Surely a program (virus or otherwise) > running under the emulator could do the same things, including deleting all > the files it can find, as on DOS. What protection is provided? DOS runs as a UNIX task subject to the UNIX protection mechanisms. In particular, it does not have direct access to the hardware unless deliberately configured that way, and it does not have permission to write any files that a normal UNIX task could not write. There is also no backdoor to the file system via any BIOS. So it's not subject to infection by standard DOS virus techniques, and even if the DOS emulator becomes infected the damage would be limited to the DOS-accesible files in a single user's account. It's also not possible to directly read or write the configuration files from DOS, because they're owned by the superuser and protected from writing. Now it should be possible to write a virus that would deliberately infect DOS under UNIX systems (by setting up a trojan horse, for example), but this would be a second-level effect... and the number of such systems is much smaller than pure-DOS systems (a 386 box costs something like 5 times an XT) that it's not a very tempting target. `-_-' Peter da Silva . 'U` -------------- +1 713 274 5180. "The basic notion underlying USENET is the flame." -- Chuq Von Rospach, chuq@Apple.COM Brought to you by Super Global Mega Corp .com