Path: utzoo!attcan!uunet!samsung!know!zaphod.mps.ohio-state.edu!ub!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: eli@smectos.gang.umass.edu (Eli Brandt) Newsgroups: comp.virus Subject: Re: OS/2 Viruses (OS/2) Message-ID: <0004.9009181331.AA11189@ubu.cert.sei.cmu.edu> Date: 17 Sep 90 18:18:18 GMT Sender: Virus Discussion List Lines: 37 Approved: krvw@sei.cmu.edu 0003158580@mcimail.com (William Hugh Murray) writes: >>Does anybody know something about OS/2 viruses ? > >I hope that there is nothing to know. I suspect that the population >of instances of OS/2 is still far too small to support sucessful >viruses. > >>Will there be new possibilities to transport and/or hide >>viruses? > >In all likelyhood. OS/2 is significantly richer and more complex >than DOS. For the moment it is also much more obscure. > >>Has anybody already proved that there are new mechanisms >>possible, > >Not to my knowledge, but nothing would surprise me. > >>and if so: What can be done against them ? > >A great deal. The 80386, which OS/2 requires, provides multiple >states of privilege. Thus, there can be mechanisms for fighting the >virus which the virus cannot see. Such mechanisms can be much more >effective than those that we have in the 808X based systems. The protection of "protected mode" could cut both ways, however. Although it would be harder for a virus to gain access to a system, it would also be harder to detect and kill. You can't scan memory for a virus if you get nailed by a segment violation whenever you look outside your own data. The only way to look for a virus would be to ask the OS about it, and if a virus has tinkered with the OS, you're in trouble. Hopefully manufacturers will make incompatible machines which look the same to legitimate programs (because the OS handles everything) and viruses will die out of sheer UN*X-style hardware-base fragmentation. [ sig deleted ]