Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!rutgers!husc6!bloom-beacon!oberon!pollux.usc.edu!papa From: papa@pollux.usc.edu (Marco Papa) Newsgroups: comp.sys.amiga Subject: Viruses are here to stay (long) Message-ID: <5996@oberon.USC.EDU> Date: 3 Jan 88 20:34:34 GMT Sender: nobody@oberon.USC.EDU Reply-To: papa@pollux.usc.edu () Organization: Felsina Software, Los Angeles Lines: 101 I'd like to add my token to the "virus discussion". One thing that struck me is the statement that software pirates are the one that will get hit the most. I you think just a bit you'll see that indeed being a "software pirate" will increase your chances of getting the virus :-) The reason is simple, the virus works only when installed on bootable disks. Which disks are bootable? Workbench, commercial software that includes Workbench and bootable games (which do NOT use Workbench). Fish Disks and AMICUS disks are much less prone to problems, since they are not bootable. Even if a virus copied itself on it, it would not become active, since you cannot boot te disk. A Fish disk could become active ONLY if you had ISTALLED it and then the virus had copied itself onto it. A perpetrator could have just done this, and then distribute the disk at the monthly Amiga User Group Meeting. What can you do? Just use the DOS COPY command instead of DISKCOPY: COPY df0: to df1: ALL and then reformat the original. The COPY command will only copy files and not the boot block. I have been getting Fred's disks for two years now and had absolutely no problem. I ALWAYS got them directly from him, never from a User's Group. About Workbench. Somebody pointed out that it should be good practice to ALWAYS boot with the SAME Workbench disk, a direct copy of Commodore's Workbench. This is definitely good advice. While lots of companies (including Felsina Software) include Workbench on the disk, I have NEVER booted with their Workbench, always with mine. The fact that I also own a rather small number of commercial software (MANX C, Lattice C, PowerWindows, Deluxe Paint II, Maxiplai Plus and all my competitors), helps to keep things under control. About pirating software. As I said, this will increase your chances of getting the virus, especially copy protected software. Marauder and Mirror will try to make an EXACT copy of the original, which will include the virus if the disk is infected. Non-copy protected programs are less prone to this, since they can be copied with the DOS COPY command. I am also especially suspicious of BINARY-ONLY programs, which include (unfortunately) a whole lot of SHAREWARE/FREEWARE programs. These can be found on BBSs, comp.binaries.amiga and the Fish and AMICUS disks. A bad guy, could very easily add the virus install code at the end of a legal shareware program, and put a jump to it before executing the original program. This has become an almost "standard" way to install viruses. For this reason, I throw away stuff from comp.binaries.amiga. I will only use my OWN compiled version from comp.sources.amiga. Again, I am playing safe. I understand that Fred compiles himself most of the sources he gets. When I do use a binary-only from the Fish disks, I make sure that all my disks have write protect tabs on them, and shut off the machine afterwards. Again, this limits the programs that I can run, but that's life in the fast lane of viruses :-) Playing it safe, has paid off for me. I have NO viruses in over 500 disks that my company owns (all checked out fine). Another thing that has to be clarified is that viruses are no new thing and definitely not limited to the Amiga. In fact, I was surprised that it took THEM over two years to get one on it. It took much less on the IBM or Mac worlds. People get PhDs on viruses. Fred Cohen got one at USC over 3 years ago. I installed a variety of viruses as part of a graduate course on computer security at USC over 4 years ago. One was a spoofing program that would simulate a UNIX login prompt, and would be left running on a shared terminal, for the casual user to log on and get his password. Another one was to let everybody know of a wonderful new program that would "improve" the UNIX "ls" command by copying his shell (with his protections) in my own area, so I could execute it and gain his protections. Bill Landreth (the guy was found recently, he's not dead), used a similar scheme when he gained access to almost all of ARPAnet a few years back. His book (I forget the title, the publisher is Microsoft Press) is good reading for anybody interested in the subject. Viruses for the IBM PC have usually consisted of modified shareware programs that were "improved" by the virus code. One nasty one was a modified version of the ARC program that would erase all the files on a hard disk. It became a nightmare for BBS sysops. The idea that the the Amiga is flawed because it permits this is pure bull*?%#. One could do it on ANY currently available micro/mini/mainframe. If you just didn't know, IBM's VNET worldwide network was put to a halt for almost two weeks just before Christmas, when a "virus Christmas card" was sent out over it. The virus would spread by remailing itself to everybody in your VNET mailing lists, generating "billions and billions" of messages. I believe the net totally crashed at least twice and more at various locations. The perpetrator was never found, and worse of all there seem to be no quick answer/change that will avoid this in the near future. Until more secure systems are developed, viruses are here to stay. Protect yourself by being a little more careful with what you run. The idea that Jim Sachs lost a year's work because his few backups were also infected, while makes me feel sad about it, also tells me that he definitely was not that careful. Why did he take the write protect tab off the backups? That's definitely a NO-NO. Why did he have so FEW backups? I have 1 year worth of backups, one set every two weeks and routinely take them to my bank safe (LA is earthquake land, and who knows when the big one will hit). Happy New Year! -- Marco Papa Felsina Software