Manualshelf

User`s guide

ManualsBrandsAMSTRAD ManualsComputer equipmentPC-ECD
12345678910
VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139.
/90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted
by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
VIRUS BULLETINPage 4 August 1991
disabled. As some of them are smaller and faster than
ANSI.SYS, they might be a better choice in most cases. Most
applications today do not use ANSI.SYS escape sequences to
output to screen but call the BIOS routines directly.
Unfortunately, a new way to abuse ANSI.SYS has now been
discovered, which makes it possible to execute a program on a
diskette, just by issuing the DIR command. This method could
be used to activate a virus, but so far it has not been used for a
malicious purpose.
The Useless Virus Simulation Program
The purpose of a virus simulator is, quite naturally, to
simulate a virus in some way. A few simulators have an
educational purpose and may even be quite entertaining. They
simulate some of the effects of viruses, such as playing tunes
or producing visual effects such as the falling letters display
of the Cascade virus or the bouncing ball display of the Italian
virus. The only problem with this type of virus simulator is
that it may give the impression that all viruses are harmless -
they only produce strange effects on the screen or strange
sounds coming from the speaker, which is far from the truth.
Recently a virus simulator with a different purpose turned up.
The shareware program (available for US$15.00 by Darian
Rosenthal, Rosenthal Engineering, 3737 Sequioa, San Luis
Obispo, CA 93401, USA) generates a set of other programs
(boot sectors, COM and EXE files), which contain bits and
pieces from actual viruses, but are harmless in themselves.
These viral fragments are obtained from published virus
identification strings, including those from the Virus Bulletin,
from IBM’s VIRSCAN, and from various other products. The
intention of the author is to provide a method for comparing
the detection capabilities of virus scanners, which would not
require access to live viruses.
There are some fundamental flaws in Rosenthal’s approach.
The most serious flaw is its inability to judge the performance
of any non-signature-based virus scanner, or a scanner which
uses a set of signatures to which Rosenthal does not have
access. The most secure scanners use proprietary search data
and only employ published search strings as supplementary
search data. Moreover, different virus scanners often use
different but equally valid hexadecimal strings. Even if a
scanner did recognise one of the identification strings
included in the file, it might not identify the file as being
infected - for example because the string was located in an
obviously incorrect position in the file.
Rosenthal’s virus simulator is of no use whatsoever, and may
do more harm than good - for example by resulting in the
selection of an inferior virus scanner - simply because its
signatures were included in Rosenthal’s database. There are
immense commercial pressures on software developers to
submit their search data for inclusion in such a simulator
despite the fact that its conception is completely misguided.
VIRUS BULLETIN
EDUCATION, TRAINING
AND
AWARENESS PRESENTATIONS
Education training and awareness are essential as
part of an integrated campaign to minimise the
threat of computer viruses and malicious soft-
ware.
Virus Bulletin has prepared a presentation de-
signed to inform users and/or line management
about this threat and the measures necessary to
minimise it. The standard presentation consists of
a ninety minute lecture supported by 35mm
slides, followed by a question and answer ses-
sion. Throughout the presentation, technical
jargon is kept to a minimum and key concepts are
explained in accurate but easily understood
language. However, a familiarity with basic MS-
DOS functions is assumed. The presentation can
be tailored to comply with individual company
requirements and ranges from a basic introduc-
tion to the subject (suitable for relatively inexpe-
rienced users) to a more detailed examination of
technical developments and available counter-
measures (suitable for MIS departments).
The aim of the basic course is to increase user
awareness about computer viruses and other
malicious software without inducing counterpro-
ductive ‘paranoia’. The threat is explained in
comprehensible terms and straightforward,
proven and easily-implemented countermeasures
are demonstrated. An advanced course, to assist
line management and DP staff, outlines various
procedural and software approaches to virus
prevention, detection and recovery.
The presentations are offered free of charge
except for reimbursement of travel and any
accommodation expenses incurred. Information is
available from the editor, Virus Bulletin, UK.
Tel 0235 555139.