Path: utzoo!mnetor!uunet!husc6!mit-eddie!ll-xn!ames!oliveb!sun!pepper!cmcmanis From: cmcmanis%pepper@Sun.COM (Chuck McManis) Newsgroups: comp.sys.amiga Subject: Re: The REAL virus problem Message-ID: <37834@sun.uucp> Date: 5 Jan 88 01:01:37 GMT References: <7967@g.ms.uky.edu> Sender: news@sun.uucp Reply-To: cmcmanis@sun.UUCP (Chuck McManis) Organization: Sun Microsystems, Mountain View Lines: 40 In article <7967@g.ms.uky.edu> sean@ms.uky.edu (Sean Casey) writes: >The designers at Commodore Amiga should have never made it possible to >install a virus in such a way. One *cannot* rely on ignorance as >protection against programmers with bad intentions. Sean, let's not cut off our nose to spite our face shall we? The 'features' that make viruses possible are the same ones that make it possible to run MINIX on your Amiga, notably, when you have a ROM based OS and want to boot something different than what is in the ROM. This also makes disk based updates to the ROM software possible. I think the features of this system far outweigh the potential for abuse. The solution to the whole thing is fairly simple and has other benefits as well... First, rewrite install (or get Bryce's for free) so that it writes predictable data to the boot blocks. Then calculate the appropriate CRC for that data and make it available too. Then write a simple program that runs at boot time that checks the CRC of the bootblock before booting, it should also check the Read() and Write() addresses for the trackdisk.device (their in ROM so they shouldn't change until a new release comes out.) Finally, the program should check the CoolCapture vectors and see if they have changed (again they normally point to ROM so they too are constant). Finally, if any of these three checks fail you should put up either a system requester (or better an Alert) and warn the user but give them the option of continuing or aborting the boot. (You probably want to check the SysRequest Vectors as well. Note that they could be hard coded because they are in ROM again. This is very bad programming (using hard numbers like this) but could be modified for new ROM releases easily (hell it could read in a text file for each ROM release) and would be a pretty effective cure for the lingering virus. >I suggest that people stop flaming the virus people. It's a waste of >bandwidth, and it makes them happy because they know they did their job >right. It's not going to help one bit. As a matter of fact, it's just >showing potential virus writers how infamous their programs can be. This is very true. --Chuck McManis uucp: {anywhere}!sun!cmcmanis BIX: cmcmanis ARPAnet: cmcmanis@sun.com These opinions are my own and no one elses, but you knew that didn't you.