Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!linus!philabs!ttidca!woodside From: woodside@ttidca.TTI.COM (George Woodside) Newsgroups: comp.sys.atari.st Subject: Re: 'only_ste.lzh' Message-ID: <26587@ttidca.TTI.COM> Date: 3 Jun 91 12:34:11 GMT References: <134302@unix.cis.pitt.edu> <1991May31.150318.20441@lsuc.on.ca> Organization: Citicorp/TTI, Santa Monica Lines: 39 In article <1991May31.150318.20441@lsuc.on.ca> jimomura@lsuc.on.ca (Jim Omura) writes: > While we're on the topic of viruses, I was very impressed with >the "finish" of VKiller. It got me to thinking about such programs. >VKiller identifies ST boot sectors and where possible specifically >identifies viruses. But even the warning about boot sectors is >well done. I was just thinking that many of us use Atari ST's in >"mixed environments" with MS-DOS machines and it would be helpful >if VKiller identified MS-DOS boot sectors as well. I wouldn't go >so far as to try and keep up with the MS-DOS virus situation completely, >but just give a warning like this: > >"MS-DOS Executable boot sector found. If this disk was not supposed >to have one, you might want to discuss this with whomever supplied >the disk." > > That way you could alert an MS-DOS user that s/he might have >a virus. Thank you. I put a lot of effort into the user interface. MS-DOS uses exactly the same technique to identify an executable boot sector as the ST. Well, actually, it's the other way around. GEMDOS was built to MS-DOS compatibility in that way. An MS-DOS executable boot sector will be identified by Vkiller as "executable", but as unrecognized. It would be extremely complex to attempt to look at the code in the boot sector, and attempt to determine if it were MS-DOS code or ST code. The vast majority of MS-DOS viruses, now, are of the link type, which infect files, rather than the boot sector. ST versions of these link viruses are now appearing in Europe infecting ST files. They will be appearing on this side of the Atlantic soon, I expect. I have revieved data on a couple of the ones captured in Europe, and am working on tools for the ST to combat them. -- * George R. Woodside - Citicorp/TTI - Santa Monica, CA * * Path: woodside@ttidca.tti.com * * or: ..!{philabs|csun|psivax}!ttidca!woodside *