Msg#: 2473 *Virus Info*
08-19-90 09:46:00 (Read 11 Times)
From: PATRICIA HOFFMAN
To: KEN DORSHIMER
Subj: RE: CRC CHECKING
<KD>the deal is that the invading program would have to know how the CRC
<KD>your
<KD>program uses works. otherwise it would have a (bytes changed!/bytes in
<KD>file!)
<KD>chance of succeeding, or somewhere in that neighborhood...
<KD>
Except in the case of Stealth Viruses....CRC checking doesn't work with them.
Patti
--- msged 1.99S ZTC
* Origin: Sir Dep's Dungeon 714-740-1130 Adult Links Network (1:103/158)
Msg#: 2474 *Virus Info*
08-19-90 09:50:00 (Read 9 Times)
From: PATRICIA HOFFMAN
To: SHEA TISDALE
Subj: FILE ECHO?
<ST>Hey, what happened to connecting my system to the file echo?
<ST>
<ST>I have sent numerous netmail messages to you since you sent the info
<ST>on setting it up and have not had a reply yet.
Recheck your netmail, I sent a reply after receiving the message "What is
Tick?" indicating that you need to be running Tick in order to be able to
participate in the file echo since that is how the files are processed and
extra files go with the .zip files that carry the description. Tick is
available from most SDS nodes.
Patti
--- msged 1.99S ZTC
* Origin: Sir Dep's Dungeon 714-740-1130 Adult Links Network (1:103/158)
Msg#: 2475 *Virus Info*
08-16-90 11:56:00 (Read 8 Times)
From: MIKE DURKIN
To: WARREN ANDERSON
Subj: RE: INTERNET WORM
> I am interested in obtaining the list of passwords used by the
> Internet worm in the US. I am the administrator of several
The list is in the McAfee/Haynes book ("computer viruses,
worms...threats to your system") (pgs 89-91)...
I'll type it in for you if you can't find the book locally...
Mike
--- RBBSMail 17.3A
* Origin: The TeleSoft RBBS (RBBS 1:143/204)
Msg#: 2476 *Virus Info*
08-19-90 14:51:00 (Read 9 Times)
From: MIKE DURKIN
To: JAMES DICK
Subj: REPLY TO MSG# 2473 (RE: CRC CHECKING)
> You might want to take a look at McAfee's FSHLD*.ZIP. This is a new
> anti-virus program from the creator of SCAN that is designed
> specifically for developers. It will build a 'shield' into an
> application such that the application _cannot_ be infected and if it
> does become infected, will remove that infection after execution but
> prior to running. You will find it in the virus scanners area of many
Jim... this is a little mis-leading... all programs will become infected
but FSHLD will remove it for most viruses.. for viruses like 4096, FSHLD
won't remove or even know/announce that the file is infected...
When FSHLD can remove a virus, 'after execution but before running'
really makes no difference since a resident virus will still go TSR and
a direct action virus will still do it's infecting of other programs...
But all things considered... I definately agree that FSHLD is a must
have...
Mike
--- RBBSMail 17.3A
* Origin: The TeleSoft RBBS (RBBS 1:143/204)
Msg#: 2477 *Virus Info*
08-20-90 04:44:00 (Read 8 Times)
From: KEN DORSHIMER
To: PATRICIA HOFFMAN
Subj: RE: SCANV66B RELEASED
On 19-Aug-90 with bulging eyes and flailing arms Patricia Hoffman said:
<KD>>does this mean i should erase the old scanv66 that i just d/l'd from
<KD>>SDN?
<KD>>:-(
<KD>>
PH> Yep, ScanV66 has a bug or two in it involving the validate codes it
PH> can add to the end of files. The validate codes were not being
PH> calculated correctly in
PH>
swell. think i'll wait for the next release.
ps, you have net-mail waiting. :-) BTW why on earth would anyone take time
off from a disneyland vacation to call a bbs? <grin>
...Your attorney is in the mail...
--- ME2
* Origin: Ion Induced Insomnia (Fidonet 1:203/42.753)
Msg#: 2478 *Virus Info*
08-20-90 04:46:00 (Read 9 Times)
From: KEN DORSHIMER
To: PATRICIA HOFFMAN
Subj: REPLY TO MSG# 2476 (RE: CRC CHECKING)
On 19-Aug-90 with bulging eyes and flailing arms Patricia Hoffman said:
<KD>>the deal is that the invading program would have to know how the CRC
<KD>>your
<KD>>program uses works. otherwise it would have a (bytes changed!/bytes in
<KD>>file!)
<KD>>chance of succeeding, or somewhere in that neighborhood...
<KD>>
PH> Except in the case of Stealth Viruses....CRC checking doesn't work
PH> with them.
PH>
i'd have to see that for myself. i think a complex enough algorithm would
keep them at bay. the probability factor is just too low for such a stealth
scheme to work.
...Your attorney is in the mail...
--- ME2
* Origin: Ion Induced Insomnia (Fidonet 1:203/42.753)
Msg#: 2479 *Virus Info*
08-20-90 04:50:00 (Read 9 Times)
From: KEN DORSHIMER
To: MIKE DURKIN
Subj: REPLY TO MSG# 2478 (RE: CRC CHECKING)
On 19-Aug-90 with bulging eyes and flailing arms Mike Durkin said:
>> You might want to take a look at McAfee's FSHLD*.ZIP. This is a new
>> anti-virus program from the creator of SCAN that is designed
>> specifically for developers. It will build a 'shield' into an
>> application such that the application _cannot_ be infected and if it
>> does become infected, will remove that infection after execution but
>> prior to running. You will find it in the virus scanners area of many
MD> Jim... this is a little mis-leading... all programs will become
MD> infected but FSHLD will remove it for most viruses.. for viruses like
MD> 4096, FSHLD won't remove or even know/announce that the file is
MD> infected... When FSHLD can remove a virus, 'after execution but before
i have some misgivings about this particular protection scheme myself. i
don't like embedding someone else's stuff into my executables, partly for
licensing reasons. not to knock what is probably a good idea...
...Your attorney is in the mail...
--- ME2
* Origin: Ion Induced Insomnia (Fidonet 1:203/42.753)
Msg#: 2653 *Virus Info*
08-20-90 17:09:00 (Read 10 Times)
From: TALLEY RAGAN
To: MIKE MCCUNE
Subj: RE: REMOVING JOSHI
In a message to Philip Laird <08-16-90 14:09> Mike Mccune wrote:
MM>> Just be sure to boot off a clean diskette to remove the
MM>>virus from memory, otherwise the virus will not be removed.
MM>> If RMJOSHI is used on an unifected hard drive, it will
MM>>destroy the partition table. This next program, RETURN.COM
MM>>will restore the partition table.
MM>> I will post this program in my next listing...<MM>.
Does this mean that RMJOSHI.COM, if run on an uninfected hard
drive by it self is a virus?
Talley
--- ZAFFER v1.01
--- QuickBBS 2.64 [Reg] Qecho ver 2.62
* Origin: Southern Systems *HST DS* Tampa Fl (813)977-7065 (1:377/9)
Msg#: 2654 *Virus Info*
08-21-90 09:32:00 (Read 10 Times)
From: PATRICK TOULME
To: MIKE MCCUNE
Subj: RE: HAVE ANYONE TRIED SECURE ?
MM> I have tried Secure and have found it to be the only interrupt moniter
MM> that will stop all the known viruses.
Mike perhaps you should add a caveat to that statement. Secure
neither detects, nor does it stop, Virus-101.
--- QM v1.00
* Origin: Excalibur/Virus_Info - Sunnyvale CA - 408-244-0813 (1:204/869.0)
Msg#: 2655 *Virus Info*
08-21-90 12:11:00 (Read 8 Times)
From: PAUL FERGUSON
To: HERB BROWN
Subj: KEYBOARD REMAPPING (AGAIN)...
Herb,
I stand corrected on that last bit of dialogue....You are
correct, indeed.....But, you know what I mean along those lines of
getting what you don't expect, whether damaging or not, NO ONE wants
the unexpected on thier system.....Touche!
-Paul ^@@^........
--- QM v1.00
* Origin: Excalibur/Virus_Info - Sunnyvale CA - 408-244-0813 (1:204/869.0)
Msg#: 2656 *Virus Info*
08-21-90 22:29:00 (Read 10 Times)
From: PATRICIA HOFFMAN
To: YASHA KIDA
Subj: AKA AND BBS HANDLES
YK> What is the rule in this message echo concerning BBS HANDLES?
YK> Would like some clarification, I have users expressing interest in
YK> using bbs handles in this echo, since they are seeing them used .
YK> As you can see I have not allowed this, feeling this echo to be
YK> professial in nature.
YK>
YK> I understand the use of AKA names in this echo maybe needed.
YK>
YK> Example :
YK> After my SITE Manager saw my interest in viruses, I was called in to
YK> his office. After explaining my reseach, was to protect not to infect,
YK> he relaxed.
YK>
[Note: the above quote is muchly editted....]
Yasha, Aliases are ok in this echo, as long as the Sysop of the system where
the messages originate knows who the user is and can contact him if the need
arrises. I fully understand the sitation that you describe about your Site
Manager...which is a fully valid reason to use an alias here. I used to use
the alias of "Merry Hughes" for exactly that reason!
Patti
--- QM v1.00
* Origin: Excalibur/Virus_Info - Sunnyvale CA - 408-244-0813 (1:204/869.0)
Msg#: 2657 *Virus Info*
08-21-90 22:32:00 (Read 9 Times)
From: PATRICIA HOFFMAN
To: KEN DORSHIMER
Subj: REPLY TO MSG# 2477 (RE: SCANV66B RELEASED)
KD> swell. think i'll wait for the next release.
KD> ps, you have net-mail waiting. :-) BTW why on earth would anyone take
KD> time
KD> off from a disneyland vacation to call a bbs? <grin>
<laughing> I was eating dinner or lunch while entering those messages, then we
went back to Dizzyland and Knott's. Besides, I had to see what you guys were
up to while I was gone.....Mom instinct....what can I say?
Patti
--- QM v1.00
* Origin: Excalibur/Virus_Info - Sunnyvale CA - 408-244-0813 (1:204/869.0)
Msg#: 2658 *Virus Info*
08-22-90 18:21:00 (Read 8 Times)
From: HERB BROWN
To: PAUL FERGUSON
Subj: REPLY TO MSG# 2655 (KEYBOARD REMAPPING (AGAIN)...)
With a sharp eye <Aug 21 12:11>, Paul Ferguson (1:204/869) noted:
PF>Herb,
PF> I stand corrected on that last bit of dialogue....You are
PF>correct, indeed.....But, you know what I mean along those lines of
PF>getting what you don't expect, whether damaging or not, NO ONE wants
PF>the unexpected on thier system.....Touche!
PF>-Paul ^@@^........
I knew what you meant. Glad to know you do too. :-) ( No flame intended )
--- QM v1.00
* Origin: Delta Point (1:396/5.11)
Msg#: 2659 *Virus Info*
08-22-90 05:37:00 (Read 8 Times)
From: KEN DORSHIMER
To: PATRICIA HOFFMAN
Subj: REPLY TO MSG# 2657 (RE: SCANV66B RELEASED)
On 21-Aug-90 with bulging eyes and flailing arms Patricia Hoffman said:
KD>> swell. think i'll wait for the next release.
KD>> ps, you have net-mail waiting. :-) BTW why on earth would anyone take
KD>> time
KD>> off from a disneyland vacation to call a bbs? <grin>
PH> <laughing> I was eating dinner or lunch while entering those
PH> messages, then we went back to Dizzyland and Knott's. Besides, I had
PH> to see what you guys were up to while I was gone.....Mom
PH> instinct....what can I say?
PH>
did you go on the roller coaster at Knotts that looks like a corkscrew? my
personal favorite after a big dinner. <erp!>
in other news there was a report <<unconfirmed>> that there is a hack of
lharc floating around called lharc190. might want to keep an eyeball open for
it. what am i doing up at this hour? just got thru writting the docs for a
program <yawn>. as usual, the program looks better than the docs. have fun,
see ya.
...All of my dreams are in COBOL...
--- ME2
* Origin: Ion Induced Insomnia (Fidonet 1:203/42.753)
Msg#: 2660 *Virus Info*
08-20-90 15:40:00 (Read 9 Times)
From: RON LAUZON
To: PAUL FERGUSON
Subj: RE: KEYBOARD REMAPPING....
yes, it is possible to re-map the keyboard from a remote system. However, most
people are protected by this because the term program rather than ANSI.SYS is
handling the ANSI escape sequences.
If you are using a "dumb" terminal that has no terminal emulation and allowing
ANSI.SYS to handle your screen formatting, you may be in trouble.
--- Telegard v2.5i Standard
* Origin: The Flight of the Raven (313)-232-7815 (1:2200/107.0)
Msg#: 2661 *Virus Info*
08-21-90 20:29:00 (Read 8 Times)
From: MARTIN NICHOL
To: MICHAEL TUNN
Subj: WHAT'S THE SOLUTION?
mt said => It seems to me our Virus checking programs will just
mt said => get bigger and bigger as more viruses and strains of
mt said => the same viruses are discovered. If so (and if their
mt said => development is excelerating) then we may find in the
mt said => near future that it has become impossiable to deal
mt said => with the outbreaks!
mt said => Do we do develop new Operating Systems which are far
mt said => more secure!
Develope different virus scanning programs. Make them more generic where virus
signatures/characteristics can be kept in a seperate file and the virus scanner
just reads the file and interprets it accordingly.
---
* Origin: JoJac BBS - (416) 841-3701. HST Kettleby, ON (1:250/910)
Msg#: 2683 *Virus Info*
08-22-90 22:55:00 (Read 8 Times)
From: FRED ENNIS
To: ALL
Subj: VIRUS-486COMP.*
FORWARDED BY James Dick of 1:163/118
QUOTE ON
I've been informed by "reliable sources" that there's a file floating around
called 486COMP.* (select your favourite packing method) which claims to "show
you the difference between your machine and a 486".