Path: utzoo!attcan!uunet!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: XPUM04@prime-a.central-services.umist.ac.uk (Anthony Appleyard) Newsgroups: comp.virus Subject: Antivirus-viruses Message-ID: <0004.9008021208.AA05484@ubu.cert.sei.cmu.edu> Date: 1 Aug 90 14:41:48 GMT Sender: Virus Discussion List Lines: 53 Approved: krvw@sei.cmu.edu There has been several bouts of discussion on Virus-L on the subject of antivirals that spread like viruses. As far as I can tell from reading back issues of Virus-L, a few antivirus viruses have been released, with varying results:- (1) Mac: The original nVIR deleted a system file, so a new nVIR was released which killed the old one. (2) PC: Den Zuk was released to kill Brain; it also killed obsolete versions of itself. But Den Zuk had a bug, which made it delete data when infecting small disks. (3) Amiga: North Star (I & II), supposed to kill other viruses and nothing else. It works like a normal bootblock virus, with two good exceptions. If it finds a unknown bootblock (normally an auto-loading game), it DOESN'T replace that bootblock, so the game keeps working. If it finds a virus on a write-protected disk, it asks you to remove the write-protection. (4) Amiga: System Z (3.0 & 4.0 & 5.0): boot sector virus, asks the user's permission before infecting anything. The arguments put against them are:- (1) Ethics: System Z handles this point by asking the user's permission before infecting. (2) Risk of them malfunctioning and becoming ordinary harmful viruses: E.g. Den Zuk. This point should be handled by thorough testing and debugging. (3) Risk of them being hacked into harmful viruses: There are enough ordinary harmful viruses about for virus-writers to hack at. Antivirus viruses can be protected by some sort of internal checksum tested by well-encrypted code, to test for unauthorized alteration. The main inaccessible reservoir of virus infection is the many microcomputers in private ownership, often used mainly by children and teenagers, who are often ignorant of viruses, imagining that virus damage is hardware malfunction or software bug or the way of the world, with no hope of access to email or the usual channels of getting virus news and antivirals. There are far too many of these micros for any sort of national register to be kept of where each is kept, for a tester to go round them like in a firm or a university. The only way that I can see of getting some sort of antiviral well distributed among this widely scattered chronically infested population, would be for the antiviral to distribute itself, i.e. to spread like a virus. It is a choice of evils. For example, if Den Zuk hadn't got the bug of malfunctioning on small disks, it would likely have spread largely ignored, and flushed out the harmful Brain from most of the places where it breeds in children's bedrooms among unsupervised IBM PC's and casually-exchanged game floppies, until a Brain-infected videogame gets run on a university or official or school computer and endangers important programs and data. {A.Appleyard} (email: APPLEYARD@UK.AC.UMIST), Wed, 01 Aug 90 14:50:32 BST