--------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00026 Date: 12/25/96 From: THE VISIONARY Time: 04:20pm \/To: RICK COLLINS (Read 3 times) Subj: Re: Macs -=> Quoting Rick Collins to The Visionary <=- tv> You can have a clean system powered on, insert a floppy, and then tv> just type 'dir a:' and infect your system (well, load the virus tv> into memory, which it can then infect from). RC> And how, pray tell, does that stuff loaded in the "read" buffer get RC> executed to "infect from?" RC> There is a _lot_ of misinformation in the echo, and I fear it is RC> about to get _worse_. Why is it that I can take a completely clean hard drive and system, boot it up to the hard drive (after cleaning it with scanner on a "clean" floppy, then insert a disk with NYB on it, read some data from it, copy some data to it, and then boot back to that clean floppy and scan again, and it will detect NYB on the MBR? If you want, I can send you the floppy this happens with. It's 1,000,000% consistant. FP225 can't see it unless you boot to floppy and scan that way. We have people at work with random GPF's and random reboots and worse, and when I hit their machine in person, 99% of the time, it's NYB that's causing the problems. One machine was cleaned the night before, and the user came in the next morning, and installed some software onto the hard drive (AutoSketch) nd infected his system again with NYB (it was put on the floppies when his machine was infected and he copied some drawings to it). -The Visionary visionary@brazerko.com ... A Tagline a day keeps viruses away! --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - #include (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00027 Date: 12/25/96 From: THE VISIONARY Time: 04:21pm \/To: RICK COLLINS (Read 3 times) Subj: Re: PC viruses and Apple -=> Quoting Rick Collins to The Visionary <=- tv> Using the /U switch on an EIDE drive will trash the on-drive BIOS tv> enhancing features, and turn your nice 9ms EIDE drive into a tv> 14ms RC> Tell me you're making this stuff up. Do you know *ANYTHING* of hardware? Have you TALKED to WD about their technology? (I was exaggerating about the 14ms thing, but you absolutely should NOT low level format an EIDE drive). EVERY EIDE manufacturer will tell you this. Why are you attacking me about this? New meat in the echo? -The Visionary visionary@brazerko.com ... *NO* hard drive has enough space! --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - #include (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00028 Date: 12/25/96 From: DAVID DESROSIERS Time: 04:23pm \/To: MICHAEL MUELLER (Read 3 times) Subj: Re: Virus & antivirus future -=> Quoting Michael Mueller to The Visionary <=- TV> I imagine with the advent of HTML and the web that someone will TV> find a way to imbed a virus in an animated .GIF file or something that TV> when you hit their site, it's downloaded into your cache, and your rowse TV> will execute it (the animated file) and infect your system. MM> Don't think this will be happend since there are different types of MM> machines out on the Web and all users want to see animations so you MM> have to offer one aninimation file working for all types of machines. MM> And if code executed from the cache this is a big bug in a viewer and MM> a very large piece of "luck" it catched the entry-point of the code and MM> runs on the right machine. Wouldn't the browser provide that functionality? I mean, it's the browser that displays the image when it's loaded into the cache. With the advant of Netscape and IE, many machines are running a DOS/Winders combination, and this means you can take a large percentage hit if you came p with such a virus that would touch those machines. If you wanted, you could hit all the Linux machines out there too, but there's too many to worry about in that category ;) -The Visionary visionary@brazerko.com ... A friend advises in his interest, not yours. --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - exposing the ignorance (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00029 Date: 12/25/96 From: DAVID DESROSIERS Time: 04:16pm \/To: RICK COLLINS (Read 3 times) Subj: Re: CALLFAST.COM -=> Quoting Rick Collins to The Visionary <=- tv> The MOST IMPORTANT THING to do when you're infected is to BACK UP tv> EVERYTHING to tape or to a ZiP drive or some other device. DO tv> NOT immediately remove the virus. You should find out what it tv> is, and what it does before you remove it. RC> I can think of no greater waste of time than "backing up" hundreds of RC> megabytes of possibly infected files. Why on earth would you do RC> that? I support 450 users at work, and I am the sole person in charge of he virus and anti-virus policy there at the moment. There are laptops, dial-ups, people on the road, floppies abound, and I have YET to see one single file et infected -- AT ALL. The viruses we encounter are all transmitted either via Word Documents (which I've written some code to eliminate), or floppies. Most large corporations have problems with virii, but they're 99.9% of the time boot sector viruses, and not file infectors. This isn't to say that there aren't file infectors out there in the business world, but it's rare. Visit www.sevenlocks.com and read some of their material (more specifically their page on Virus Myths) and you'll be quite surprised. Our mission statement for the Virus Team is pretty much modeled after those same policies. TV> There are many misnomers regarding viruses, that I'll have to TV> start posting here soon. RC> I'll wait with baited breath. :-) I'm still here... ;) ... It is better to wear out than to rust out. --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - exposing the ignorance (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00030 Date: 12/25/96 From: DAVID DESROSIERS Time: 04:20pm \/To: RICK COLLINS (Read 3 times) Subj: Re: Macs -=> Quoting Rick Collins to The Visionary <=- tv> You can have a clean system powered on, insert a floppy, and then tv> just type 'dir a:' and infect your system (well, load the virus tv> into memory, which it can then infect from). RC> And how, pray tell, does that stuff loaded in the "read" buffer get RC> executed to "infect from?" RC> There is a _lot_ of misinformation in the echo, and I fear it is RC> about to get _worse_. Why is it that I can take a completely clean hard drive and system, boot it up to the hard drive (after cleaning it with scanner on a "clean" floppy, then insert a disk with NYB on it, read some data from it, copy some data to it, and then boot back to that clean floppy and scan again, and it will detect NYB on the MBR? If you want, I can send you the floppy this happens with. It's 1,000,000% consistant. FP225 can't see it unless you boot to floppy and scan that way. We have people at work with random GPF's and random reboots and worse, and when I hit their machine in person, 99% of the time, it's NYB that's causing the problems. One machine was cleaned the night before, and the user came in the next morning, and installed some software onto the hard drive (AutoSketch) nd infected his system again with NYB (it was put on the floppies when his machine was infected and he copied some drawings to it). -The Visionary visionary@brazerko.com ... A Tagline a day keeps viruses away! --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - exposing the ignorance (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00031 Date: 12/25/96 From: DAVID DESROSIERS Time: 04:21pm \/To: RICK COLLINS (Read 3 times) Subj: Re: PC viruses and Apple -=> Quoting Rick Collins to The Visionary <=- tv> Using the /U switch on an EIDE drive will trash the on-drive BIOS tv> enhancing features, and turn your nice 9ms EIDE drive into a tv> 14ms RC> Tell me you're making this stuff up. Do you know *ANYTHING* of hardware? Have you TALKED to WD about their technology? (I was exaggerating about the 14ms thing, but you absolutely should NOT low level format an EIDE drive). EVERY EIDE manufacturer will tell you this. Why are you attacking me about this? New meat in the echo? -The Visionary visionary@brazerko.com ... *NO* hard drive has enough space! --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - exposing the ignorance (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00032 Date: 12/25/96 From: DAVID DESROSIERS Time: 04:33pm \/To: RICK COLLINS (Read 3 times) Subj: Re: Virus scanner -=> Quoting Rick Collins to The Visionary <=- tv> You can't send email to 'JOB@3:14' anyway. You can't send a reply tv> to a Usenet group, and then get a personal reply in your mailbox tv> on your home system. RC> Oh? Why not? RC> Could I not send you email to visionary@brazerko.com as a reply RC> rather than make this post? You go ahead and send me mail to that address, but remember to put a full colon in it somewhere. JOB@3:14.COM and visionary@brazerko.com are vastly different. ^ -The Visionary visionary@brazerko.com ... Avoid junk mail, get an unlisted ZIP code! --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - #include (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00033 Date: 12/25/96 From: DAVID DESROSIERS Time: 04:36pm \/To: RICK COLLINS (Read 3 times) Subj: Re: Virus infect picture' -=> Quoting Rick Collins to The Visionary <=- tv> A virus can and does spread through your system when it's active tv> in memory. It will spread when you traverse directories (which tv> is why it is bad to scan in this manner), and infect files along tv> the way. Each access to an executable file is like putting food tv> in front of it, and it uses that as it's new 'host'. RC> DOS is a single-process system. When it's executing the program that RC> reads directories, it doesn't execute anything else. DOS is a single process operating system (in most cases), but if I am running a scanner that loads signatures into memory (rather than locking out memory access during the scan) *IT* will traverse the directory structure, nd if a virus happens to be in memory while it's opening and closing all those file handles, you're more prone to infection than if it was only doing one directory, or just the MBR/Partition table. I didn't say that just running DOS would have this affect, I said SCANNING in this manner would have this effect. -The Visionary visionary@brazerko.com ... Difference between a virus & windows? Viruses never fail. --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - #include (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00034 Date: 12/25/96 From: DAVID DESROSIERS Time: 04:39pm \/To: RICK COLLINS (Read 3 times) Subj: Re: Virus infect picture -=> Quoting Rick Collins to The Visionary <=- tv> What if you store viral code in an image, and then that code is tv> executed by the image VIEWER you use to look at it? Wouldn't tv> that be the same as a macro virus -- dormant until Word executes tv> it? RC> The image viewer doesn't _execute_ the image data. It's _data_, not RC> code. And, no, it's not the same thing as a "macro virus". Macros RC> _are_ expected to be executed. Macros are INTERPRETED, not executed. The macros are interpreted by MS-Word. The images could also be INTERPRETED in the same manner. What about reading a binary newsgroup where there are MIME-encoded images in the group. Netscape Mail (or whatever reader you're using) has the ability to decode the files on the fly so you can view them. If the MIME-encoded portion had some viral code in it, it would also be possible to have Netscape act as the infector, by decoding and interpreting what it saw. If you knew enough of the Netscape API, you could tailor a nasty virus that worked in this fashion. (This isn't limited to images, since Netscape has hundreds of built-in interpretors and more plug-ins than I can count). -The Visionary visionary@brazerko.com ... "Apple" (c) Copyright 1767, Sir Issac Newton. --- WtrGate+ 0.93.PRE1 beta sn 116 * Origin: hacker heaven bbs - #include (1:320/2600) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGW00035 Date: 12/26/96 From: CHRIS MADDOCK Time: 09:05am \/To: GORDON FREY (Read 3 times) Subj: Macs On 24 Dec at 18:52, Gordon Frey of 1:105/55.42 wrote to Chris Maddock: GF> On (24 Dec 96) Chris Maddock wrote to Jonathan Gobin... CM>> On 18 Dec at 04:34, Jonathan Gobin of 3:800/3 wrote to Geoff White: CM>> [......] JG>> As I said to someone else, IBM clones are a heap of shit. You can't expect GF> clip........ CM>> After how many years after the "PowerMac" came out has it been missing CM>> a (excluding NT) proper native Mac operating system ? GF> For your information there is a PORT of Linux for the Power Mac. Thanks for that Gordon. Interesting. A =real= operating system for a box that held so much promise and was compromised by the lack of a native operating system for so many years. Blasted shame it is. Whilst I am a IBM PC Compat user, I appreciate other boxes and operating sytems and the benefits (and otherwise) that are on offer. I feel that Apple have shot themselves in the foot big time with their stranglehold on the Mac PC and this will eventually mean their demise. I hope that I am wrong. We need them. What has this got to do with Viruses etc ?? Very little except that these platforms need support in here as well, and the users of these systems should be free to post here without fear of stupid ridicule by ignorant short sighted people. Thanks again. Gordon. Regards, Chris Maddock chrism@softtech.brisnet.org.au --- Msged/386 4.00 * Origin: Diagnostic CBBS - DownUnder - (3:640/302)