Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!plx!slvblc!dick
From: dick@slvblc.UUCP (Dick Flanagan)
Newsgroups: comp.sys.ibm.pc
Subject: Re: FLUSHOT+ Bug
Message-ID: <1400@slvblc.UUCP>
Date: 19 Apr 88 00:16:13 GMT
References: <8855@agate.BERKELEY.EDU> <129@atpal.UUCP>
Sender: uupc@slvblc.UUCP
Reply-To: slvblc!dick@ucscc.UCSC.EDU (Dick Flanagan)
Organization: SLV Systems Group, Ben Lomond, California
Lines: 29
Keywords: flushot, virus, trojan horse
Summary: VERY big limitation
Disclaimer: none


In article <129@atpal.UUCP> tneff@atpal.UUCP (Tom Neff) writes:
> In article <8855@agate.BERKELEY.EDU> laba-5ac@widow.berkeley.edu () writes:
> >  I have found a bug in FLUSHOT+ which may be a fairly serious limitation
> >with the software...  ... From
> >XTree, you can delete any file on your hard drive, even if it is protected
> >by FLUSHOT, and FLUSHOT won't even tell you about it.
> 
> Yup, this is a limitation on FLUSHOT.  *NOT* a bug.  (It would be a bug
> if FLUSHOT claimed to handle XTree and other Norton-type utilities, which
> it doesn't.)

I don't know if I would classify the popular BRIEF editor as being a
"Norton-type" utility, but it can read files that FLUSHOT+ is trying
to read-protect, and it can write files that FLUSHOT+ is trying to
write-protect, all without FLUSHOT+ ever saying a word.

Even though I'm a regi$tered user of FLUSHOT, it looks like it's not
good for much more than keeping an occasional eye on my CMOS and for
checksumming system files.  Any virus worthy of its slimy name would
certainly use whatever file handling mechanism BRIEF does and simply
leave FLUSHOT+ guarding an infected or empty disk.

Dick

--
Dick Flanagan, W6OLD                         GEnie: FLANAGAN
UUCP: ...!ucbvax!ucscc!slvblc!dick           Voice: +1 408 336 3481
Internet: slvblc!dick@ucscc.UCSC.EDU         LORAN: N037 04.7 W122 04.6
USPS: PO Box 155, Ben Lomond, CA 95005