60 lines
3.0 KiB
Plaintext
60 lines
3.0 KiB
Plaintext
|
CrisNews #2 - 05/01/94
|
|||
|
|
|
|||
|
|
Reprinted With Permission
|
|||
|
|
By: Cris Research Staff
|
|||
|
|
|
|||
|
|
|
|||
|
|
The Virus Threat
|
|||
|
|
(c) Ian Douglas 1993
|
|||
|
|
|
|||
|
|
Has the threat from viruses started to decline? <20>The number of viruses for the
|
|||
|
|
IBM PC (Intel x86) platform grows daily, but various events are making the IBM
|
|||
|
|
environment safer. <20>(Experts predict around 4000 - 6000 DOS viruses by the end
|
|||
|
|
of 1994.)
|
|||
|
|
|
|||
|
|
Chief <20>amongst these is the move away from DOS to new operating systems. <20><>The
|
|||
|
|
trend <20>started <20>with <20>Windows <20>(not really <20>an <20>operating <20>system), <20><>and <20>has
|
|||
|
|
accelerated with the advent of a reliable OS/2. <20>Further down the line, <20>there
|
|||
|
|
is Windows NT and UNIX. <20>These environments are very unfriendly for the <20>3000+
|
|||
|
|
DOS-based viruses. <20>There is a joke that Windows is a good virus detector - if
|
|||
|
|
a Windows file gets infected by a DOS virus, it crashes :-)
|
|||
|
|
|
|||
|
|
There <20>are two known viruses that can infect Windows executables, <20>but none at
|
|||
|
|
present that can infect OS/2 <20>executables. <20>No known DOS viruses can run under
|
|||
|
|
native <20>OS/2, <20>but only in a DOS session. <20>Also, <20>the constant upgrades to DOS
|
|||
|
|
itself prevent some viruses from working altogether.
|
|||
|
|
|
|||
|
|
There <20>are three main areas of virus spread: <20>Large <20>businesses, <20><>educational
|
|||
|
|
institutions, and swopping disks among friends. Many large business are moving
|
|||
|
|
to OS/2, <20>others will move to Windows NT. In both cases, <20>they are cutting out
|
|||
|
|
an important vector of virus spread. <20>I <20>foresee that educational institutions
|
|||
|
|
will <20>also move to these new operating systems in the near future. <20>The market
|
|||
|
|
will <20>demand <20>students trained in them. <20>This will once again cut out a <20>major
|
|||
|
|
vector for virus spreading.
|
|||
|
|
|
|||
|
|
That <20>leaves <20>the average user, <20>still running DOS. <20>His has <20>less <20>chance <20>of
|
|||
|
|
getting a virus, since the two main vectors are being cut out. The most common
|
|||
|
|
viruses <20>are boot sector infectors, <20>like Stoned. <20>While these may be able <20>to
|
|||
|
|
infect a machine running OS/2, they will not spread from such a machine.
|
|||
|
|
|
|||
|
|
The other interesting development has been in the underground. <20>In the race to
|
|||
|
|
create <20>the super-duper type viruses, <20>they have been trying to write <20>complex
|
|||
|
|
viruses. These take longer to write and are usually more buggy. Thus they make
|
|||
|
|
fewer <20>viruses. <20><>In <20>order to brag, <20>they publish the viruses <20>in <20>electronic
|
|||
|
|
magazines, and make them available for download on virus exchange BBS's. <20>This
|
|||
|
|
means <20>that they end up in the hands of anti-virus authors, <20>before they <20>have
|
|||
|
|
had a chance to spread widely. Thus the AV authors soon include detection, and
|
|||
|
|
the virus does not spread very much.
|
|||
|
|
|
|||
|
|
Many virus exchange BBS's have mostly junk (virus wannabe's) <20>available. Since
|
|||
|
|
the <20>person <20>downloading it only finds out afterwards, <20>the spread of <20>viruses
|
|||
|
|
from these BBS's is not as bad as it might have been.
|
|||
|
|
|
|||
|
|
There <20>also <20>seems <20>to <20>be a growing maturity <20>amongst <20>some <20>members <20>of <20>the
|
|||
|
|
underground, <20>leading to fewer virus writers and viruses. Hopefully, they will
|
|||
|
|
ALL grow up soon.
|
|||
|
|
|
|||
|
|
|
|||
|
|
Cheers, Ian
|
|||
|
|
|