Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!apple!snorkelwacker!ira.uka.de!fauern!tub!gmdtub!tmh From: tmh@prosun.first.gmd.de (Thomas Hoberg) Newsgroups: comp.unix.i386 Subject: Re: Is DOS under Unix immune? Keywords: sterile environment Message-ID: <277@prosun.first.gmd.de> Date: 13 Aug 90 17:31:56 GMT References: Distribution: comp Organization: GMD-FIRST, D-1000 Berlin 12, Germany (West) Lines: 18 I recently caught a case of Jerusalem-B on my 386 DOS/UNIX box running vanilla DOS and a 'nice' new little game. Since for some reason I can not access the hard disks when I boot DOS off a floppy disk (some weird DOS-BIOS interaction here) VPIX sure came handy as a way to examine the DOS partitions and the reproduction characteristics of the virus without risking further infection. I mounted the DOS partitions read-only and used UNIX tools (find and fgrep) to locate infected files after I had found a substring identifying the virus. I then logged in as super-user and zapped the infected files, which wasn't too careful... Quitting VPIX infected QUIT.COM on the UNIX-filesystem (which can't do any harm--installing the virus is the last thing that DOS task does). I'd say DOS under UNIX can aid somewhat when investigating a virus, but if you use DOS partitions viruses can do anything DOS can do: Whereas you might be protected from those viruses that twiddle the hardware, plenty of damaged can still be done. Running VPIX off a unix file system will give you somewhat more security, depending on the amount of effort you are willing to put into file permissions.