User`s guide
VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139.
/90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted
by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
VIRUS BULLETINPage 16 August 1991
Program 2
VirusCarrier program
Program 3
DE132{+as$5\%6
DEYu*&81lp[@#Program 1
Figure 4 - Three programs infected with an identical encrypted virus
their presence by intercepting about fifteen different interrupt
services, including file-open and file-close. The virus disin-
fects each file on opening it and re-infects it on closing, which
means that any software checking for the virus’ presence will
not discover it if the virus is active in memory at the time of
checking.
PRACTICAL ANTI-VIRUS MEASURES FOR
NETWARE 3.11 NETWORK ADMINISTRATORS
Diskless Workstations
Diskless workstations are PCs in their own right, sometimes
equipped with hard disks, but without any floppy disks. The
security reasons for equipping users with diskless worksta-
tions include the hope that if the user has no means of
introducing floppy disks into the PC, he will also have no
opportunity to introduce a virus. This ‘no-floppies no-virus’
reasoning holds only up to a certain extent. It is quite true that
diskless workstations will help prevent accidental introduc-
tions of viruses onto the network. However, the prevention of
malicious introduction of viruses is not guaranteed, as the
virus code can still be input through the keyboard using the
DOS COPY command. The technique is described in Burger’s
Computer Viruses - A High Tech Disease. Likewise, diskless
workstations can still have modem connections over which
software can be downloaded from BBSs.
The major disadvantage of diskless workstations is that the
transfer of data by users is made much more difficult.
Moreover, users have no means of taking backups locally at
workstations. The decision to use diskless workstations is a
major one. Associated implications for the efficiency of the
organisation should be carefully assessed.
Remote Bootstrap ROMs
Most network cards can be fitted with a special Read Only
Memory (ROM) chip which maps into the PC memory space
and when executed on boot-up, reads the operating system and
other associated files from the file-server, instead of from the
local disk.
There are several advantages in using remote bootstrap
ROMs. Firstly, the technique eliminates the danger from boot
sector virus infection.
Secondly, any updates to the operating system used are made
much easier, since they can be done on the file-server. The use
of remote bootstrap ROMs is recommended for bootstrapping
both diskless workstations and individual PCs connected to
the network.
Enhanced Access Control
NetWare 3.11 provides very good access control features and
utilities for the administration of users. A number of access
control packages are available which front-end NetWare 3.11,
providing even more sophisticated access control features and,
perhaps, easier administration of users.
DE!"334%^dfs6456