Virus: Some program which attaches itself to other programs
generally to do some sort of damage later on. Its a
program which replicates itself.
Trojan Horse: A program which pretends to have some useful
function, and usually just destroys your hard drive
or files somehow.
Time Bomb: A program which runs several times before "blowing
up" and taking something with it.
Although these are simple definitions, for people who didn't understand,
I think they are necessary.
Commercially available anti-viral programs: There are MANY!
The problem is that most of the public domain programs are very
limited in ability and aren't going to protect your files against
all of the present damaging viruses. Flushot is not bad, but
it does not take care of most viruses. It does a nice job wiping
the Lehigh Virus and several others, but I don't believe it is
general enough to take care of most viruses. Testing it, I've
found a few problems. There are two public domain programs
being circulated called Vaccine. One of them isn't bad. The
name is in trouble though. A company called "FoundationWare" out
of Ohio has the name Trademarked.
There are a few good packages for sale. The aforementioned
Vaccine package by FoundationWare is quite good. I would never
use it however. It is indicative of most anti-viral packages.
What they do is lock up the system so that no executable or
command file can change. Whether they do it by CRC check or
some other check, they keep the user from editing programs.
You cannot write programs in such an environment. Although
this is great for businesses.
We of Lehigh Valley Innovative Technologies have been working for
several months on the 'perfect' anti-virus design. We should
be releasing it in the next 2 - 3 weeks. We would like feedback
on it when it is released. We will have versions for MS-DOS
and Macintosh's as well.
I'd like to explain the quote of Fred Cohen made by Ken. Fred,
incidently, is the premier name in viruses. He has fashioned
his career on working on them. I knew him when he used to teach
at Lehigh University. A brilliant man, although I never got
along with him. What he was saying was that you may be able
to create a package which wipes out all present viruses, but someone
will always be able to find a way around it if they spend enough
time working on it.
That brings my next point up. Its our job to create a virus
busting program which will stop every currently known virus, AND
be as hard as possible to crack or to find a way around.
Which brings up my third point: I read your comment, Ken, about
ten times, and I still don't understand it. I don't believe
public domain programs are the answer at all. I believe we should
use commercially available fixes. But, likewise, you mention
that public domain virus-fixes should be given with source code.
If we want to make the perfect fix... one that will take the
virus writer infinitely long to break, then we do NOT want source
code EVER given out, or even the details of how the system works!
Let me go over some existing viruses, so people know what to watch
Lehigh Virus: The Lehigh Virus injects itself into MS-DOS Command.Com.
I, along with Chris Bracy, Joe Sieczkowski, and Mitchel Ludwig solved
this particular virus for Lehigh University. The virus will copy
itself 4 times into other command.com files, and after the fourth,
will explode, taking with it any files on any disks in the drives and
your hard disk too. What to watch for? Watch the write date on
command.com, it changes when the Lehigh Virus goes. To protect against
it, attrib +r your command files, and you won't have a problem.
Israeli Virus: Not much is known. It apparently attaches itself
to all executable files, appending itself to the end of the file.
Watch for growing files.
Brain Virus: The brain virus has hit everywhere. We have seen
examples of it out at UCSF and UCB, as well as the east coast.
All the brain virus does is change the label of the disk to (C)
Brain, and mark floppy sectors as bad (unused sectors). It is
not incredibly destructive but very annoying.
PKArc: There is a bad version of PKArc floating around that
wipes your hard disk.
MacKiller: Is a nasty little virus that was apparently written
by an MS-DOS lover. The problem isn't yet widespread, but its
a Mac virus we have now encountered.
And many others. BE CAREFUL!
Loren K Keim
Marko, Suomen Atari-sivut / ArkiSTo 2003