Xref: utzoo comp.sys.amiga:27218 comp.sys.amiga.tech:2984 Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ukma!sean From: sean@ms.uky.edu (Sean Casey) Newsgroups: comp.sys.amiga,comp.sys.amiga.tech Subject: IRQ virus (and a personal note to Steve) Message-ID: <10788@s.ms.uky.edu> Date: 1 Jan 89 22:53:13 GMT References: <5601@cbmvax.UUCP> <5602@cbmvax.UUCP> Reply-To: sean@ms.uky.edu (Sean Casey) Organization: The Leaning Tower of Patterson Office @ The Univ. of KY Lines: 41 The IRQ virus is definitely harder to get rid of, but at least it doesn't intentionally try to damage anything. I wonder if it would have been detected so easily if it didn't put that message in the border! [an excerpt from BIX] >One more item on the IRQ virus. If it can't attack your Startup-Sequence >it will home in on C:DIR just to be sure that it gets executed. >This is a benign intruder that can mutate to something real nasty in the >hands of a sicko. We have the start of a real problem here. >Djj This is only the beginning. Look at the IBM PC viruses out there. They do everything from say "hello" to doing a low level hard disk format (bypassing the OS) after a wait period of 3 months. It's really bad. There are now tens of programs that hunt down viruses, and they are constantly out of date. Now consider the complexity and nature of MS-DOS and AmigaDOS, and it's easy to see how much more fun it would be to write viruses for the Amiga. It's going to get a whole lot worse before it gets better. The biggest light at the end of the tunnel is probably a protected mode OS with enforced privileges. Once debugged, at this would at least protect the system files from a user running a virus. STEVE I don't have your address. What I would do about the IRQ virus is patch into the AmigaDOS code that reads in disk hunks to be executed, and scan for any and all known "rider" viruses just before execution is handed off to the hunk. You should realize that sooner or later, one of the viruses is going to attempt to disable virusx! Better make plans for that possibility... Sean -- *** Sean Casey sean@ms.uky.edu, sean@ukma.bitnet *** Who sometimes never learns. {backbone site|rutgers|uunet}!ukma!sean *** U of K, Lexington Kentucky, USA ..where Christian movies are banned. *** ``My name is father. You killed my die. Prepare to Inigo Montoya.''