Xref: utzoo comp.binaries.ibm.pc:123 comp.sys.ibm.pc:9656
Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!uw-beaver!uw-june!uw-entropy!dataio!pilchuck!toad!jgray
From: jgray@toad.pilchuck.Data-IO.COM (Jerry Late Nite Gray)
Newsgroups: comp.binaries.ibm.pc,comp.sys.ibm.pc
Subject: Re: PC Aquarium program
Summary: "Bombsqad" implies aquarium is ok
Message-ID: <780@pilchuck.Data-IO.COM>
Date: 18 Dec 87 04:49:34 GMT
References: <1070@sjuvax.UUCP> <19637@amdahl.amdahl.com> <451@gethen.UUCP>
Sender: news@Data-IO.COM
Lines: 29

In article <451@gethen.UUCP>, farren@gethen.UUCP (Michael J. Farren) writes:
> In article <19637@amdahl.amdahl.com> littauer@amdahl.amdahl.com (Tom Littauer) writes:
> >I've just tried the program aquarium and while it paints a nice picture, itsju
> >tries to write to disk on termination. I don't have the time right now
> >to see what it's trying to do. It *MIGHT* be innocent and legitimate,
> >but I'm a little suspicious... use at your own risk.
> 
> Hmmmmmmm...  A while ago, I got AQUARIUM and a couple of other demo-type
> things.  A little while after I ran 'em, I found that several files on the
> disk had been corrupted, weirdly.  Take this as a REAL warning - I'm going
> to check AQUARIUM out carefully, now.
> 
After using a an anti-trojan program called "Bombsqad" which intercepts disk
access interrupts, it seems that the trailing disk accesses after aquarium
termination are actually disk reads instead of writes. Reloading of 
COMMAND.COM as a previous poster suggested is probably most likely. This
isn't positive proof however. DOS can be bypassed. Anybody care to take this
further?

---------------
					Jerrold L. Gray

UUCP:{ihnp4|caip|tektronix|ucbvax}!uw-beaver!tikal!pilchuck!jgray

USNAIL:	10525 Willows Road N.E. /C-46
	Redmond, Wa.  98052
	(206) 881 - 6444 x470

Telex:  15-2167