Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: frisk@rhi.hi.is (Fridrik Skulason)
Newsgroups: comp.virus
Subject: Re: Preventing virus attacks (PC)
Message-ID: <0004.8909281133.AA14331@ge.sei.cmu.edu>
Date: 27 Sep 89 13:40:46 GMT
Sender: Virus Discussion List 
Lines: 34
Approved: krvw@sei.cmu.edu

> Will changeing a file attribute to READ ONLY stop or slow down a virus?
> What about write locking a whole Directory?
> Does hiding a file or directory have any effect???

This is a very common question, but in general the answer is NO.

Boot sector viruses are of course not affected by the read-only
protection, since they do not infect files.

Some viruses can be stopped my making program files read-only, but
right now I can only think of two such viruses:

    South African "Friday 13."  (and the related VIRUS-B)
    Lehigh

However, those two viruses are very rare. The rest of the PC viruses
remove the read-only attribute from files, before infecting them. Most
of them restore it later ("Icelandic" does not).

So - making files read-only will not provide any protection from
viruses like:

    Jerusalem (Israeli Friday 13.) and relatives (Fu Manchu)
    Vienna (DOS-62)
    Traceback
    DataCrime
    Icelandic and relatives (MIX1 and Saratoga)

The main use of read-only protecting .EXE and .COM files is really to
protect the user from his own mistakes.

Hiding a file is equally ineffective.

                                --- frisk