Xref: utzoo comp.binaries.ibm.pc:123 comp.sys.ibm.pc:9656 Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!uw-beaver!uw-june!uw-entropy!dataio!pilchuck!toad!jgray From: jgray@toad.pilchuck.Data-IO.COM (Jerry Late Nite Gray) Newsgroups: comp.binaries.ibm.pc,comp.sys.ibm.pc Subject: Re: PC Aquarium program Summary: "Bombsqad" implies aquarium is ok Message-ID: <780@pilchuck.Data-IO.COM> Date: 18 Dec 87 04:49:34 GMT References: <1070@sjuvax.UUCP> <19637@amdahl.amdahl.com> <451@gethen.UUCP> Sender: news@Data-IO.COM Lines: 29 In article <451@gethen.UUCP>, farren@gethen.UUCP (Michael J. Farren) writes: > In article <19637@amdahl.amdahl.com> littauer@amdahl.amdahl.com (Tom Littauer) writes: > >I've just tried the program aquarium and while it paints a nice picture, itsju > >tries to write to disk on termination. I don't have the time right now > >to see what it's trying to do. It *MIGHT* be innocent and legitimate, > >but I'm a little suspicious... use at your own risk. > > Hmmmmmmm... A while ago, I got AQUARIUM and a couple of other demo-type > things. A little while after I ran 'em, I found that several files on the > disk had been corrupted, weirdly. Take this as a REAL warning - I'm going > to check AQUARIUM out carefully, now. > After using a an anti-trojan program called "Bombsqad" which intercepts disk access interrupts, it seems that the trailing disk accesses after aquarium termination are actually disk reads instead of writes. Reloading of COMMAND.COM as a previous poster suggested is probably most likely. This isn't positive proof however. DOS can be bypassed. Anybody care to take this further? --------------- Jerrold L. Gray UUCP:{ihnp4|caip|tektronix|ucbvax}!uw-beaver!tikal!pilchuck!jgray USNAIL: 10525 Willows Road N.E. /C-46 Redmond, Wa. 98052 (206) 881 - 6444 x470 Telex: 15-2167