Path: utzoo!utgpu!watmath!iuvax!rutgers!njin!hubey From: hubey@pilot.njin.net (Hubey) Newsgroups: comp.sys.amiga Subject: Re: "xeno" virus Message-ID:Date: 10 Aug 89 22:58:48 GMT References: <21fB02Wm49np01@amdahl.uts.amdahl.com> Organization: NJ InterCampus Network, New Brunswick, N.J. Lines: 75 In article <21fB02Wm49np01@amdahl.uts.amdahl.com> dwl10@uts.amdahl.com (Dave Lowrey) writes: > Does anyone know anything about the Xeno virus? IS there any programs > out there that will detect or kill it? 69th Street BBS is down do to > this fiendish bug that writes to any program which is run or executed. > It spreads through the hard drives and looks for FastFileSystem. With > TxEd you can look at programs and see the words "Greetings Amiga users > from the Xeno virus!" It also writes 1124 bytes to each program that is > run. Other than that, I don't know anything about it like how it spreads > and how to rid the universe of it! VirusX3.2, kv, NoVirus1.54 does not > detect it. Any help would be appreciated! How about a regular program of testing and inoculation. ?? I have thought about this for a while (not the Xeno but viruses in general) and wondered what would happen if CA (or any other interested third party) wrote a CRC program which would contain --internally--a table of CRC values for the most commonly run programs i.e. commands and utilities. This program could be periodically run (or whenever a virus was suspected) and would point out potentially corrupt programs i.e. those whose CRC did not check out! I realize (at least some of) the pitfalls :-).. It might take a long time to check out all the commands and utilities. It would also require that before the user did anything, he would have to run this program. And of course there is always the possibility that the virus would infect this program. However, if the user diligently checked out every PD software first --This would necessitate that the writers would have to provide CRC's for their programs--it might be more difficult for viruses (or is it virii :-) ) to spread. I am sorry that this is still a half-baked idea but I think that some of the techniques which have proven their value in computer communications might eventually make their way into OS design. Who knows , if it turns out to be very useful, CRC fields might even be provided on files. I am not sure how one would go about getting the CRC for a file+CRC into the file without first knowing the CRC ?? Nice problem ??--The chicken-or-egg problem of Comp Sci ?? :-). If it were possible to solve this problem only via brute force computing, then it would necessarily take out of action many would be virus-generators. However if there is a neat trick, then all is lost. At this point it seems that if the CRC were 32 bits, trial and error would necessitate approximately 10^10 tries ( ~ 2^32). I am not aware of any use of checking of data more advanced than simple parity checking in computer architecture. If I recall correctly, parity checking (on the bus) is not even done on the Amiga . (I am not trying to say that it should be done. It probably is not necessary). In the last issue of IEEE Spectrum, there is(are) (an) article(s) on Computer Security--p. 22.. The gist of the article is that very often, very simple precautions are all that is necessary to keep intruders out. From p. 24; "Some believe that only a few safeguards will do the trick. 'I can't think of a single instance when a hacker penetrated a system that had modest protection', said Courtney. He defines modest protection as denial of acess after three unsuccesful attempts, and on dial-up lines, placement of the access barrier in front of the modem instead of behind it....." etc etc I wonder if some 'modest protection' of this type can be added to Operating Systems ???? mark -- hubey@OSultrix.montclair.edu hubey@pilot.njin.net hubey@apollo.montclair.edu VOICE: 201-893-5269 ...!rutgers!njin!hubey