60 lines
3.0 KiB
Plaintext
60 lines
3.0 KiB
Plaintext
CrisNews #2 - 05/01/94
|
|
|
|
Reprinted With Permission
|
|
By: Cris Research Staff
|
|
|
|
|
|
The Virus Threat
|
|
(c) Ian Douglas 1993
|
|
|
|
Has the threat from viruses started to decline? ÿThe number of viruses for the
|
|
IBM PC (Intel x86) platform grows daily, but various events are making the IBM
|
|
environment safer. ÿ(Experts predict around 4000 - 6000 DOS viruses by the end
|
|
of 1994.)
|
|
|
|
Chief ÿamongst these is the move away from DOS to new operating systems. ÿÿThe
|
|
trend ÿstarted ÿwith ÿWindows ÿ(not really ÿan ÿoperating ÿsystem), ÿÿand ÿhas
|
|
accelerated with the advent of a reliable OS/2. ÿFurther down the line, ÿthere
|
|
is Windows NT and UNIX. ÿThese environments are very unfriendly for the ÿ3000+
|
|
DOS-based viruses. ÿThere is a joke that Windows is a good virus detector - if
|
|
a Windows file gets infected by a DOS virus, it crashes :-)
|
|
|
|
There ÿare two known viruses that can infect Windows executables, ÿbut none at
|
|
present that can infect OS/2 ÿexecutables. ÿNo known DOS viruses can run under
|
|
native ÿOS/2, ÿbut only in a DOS session. ÿAlso, ÿthe constant upgrades to DOS
|
|
itself prevent some viruses from working altogether.
|
|
|
|
There ÿare three main areas of virus spread: ÿLarge ÿbusinesses, ÿÿeducational
|
|
institutions, and swopping disks among friends. Many large business are moving
|
|
to OS/2, ÿothers will move to Windows NT. In both cases, ÿthey are cutting out
|
|
an important vector of virus spread. ÿI ÿforesee that educational institutions
|
|
will ÿalso move to these new operating systems in the near future. ÿThe market
|
|
will ÿdemand ÿstudents trained in them. ÿThis will once again cut out a ÿmajor
|
|
vector for virus spreading.
|
|
|
|
That ÿleaves ÿthe average user, ÿstill running DOS. ÿHis has ÿless ÿchance ÿof
|
|
getting a virus, since the two main vectors are being cut out. The most common
|
|
viruses ÿare boot sector infectors, ÿlike Stoned. ÿWhile these may be able ÿto
|
|
infect a machine running OS/2, they will not spread from such a machine.
|
|
|
|
The other interesting development has been in the underground. ÿIn the race to
|
|
create ÿthe super-duper type viruses, ÿthey have been trying to write ÿcomplex
|
|
viruses. These take longer to write and are usually more buggy. Thus they make
|
|
fewer ÿviruses. ÿÿIn ÿorder to brag, ÿthey publish the viruses ÿin ÿelectronic
|
|
magazines, and make them available for download on virus exchange BBS's. ÿThis
|
|
means ÿthat they end up in the hands of anti-virus authors, ÿbefore they ÿhave
|
|
had a chance to spread widely. Thus the AV authors soon include detection, and
|
|
the virus does not spread very much.
|
|
|
|
Many virus exchange BBS's have mostly junk (virus wannabe's) ÿavailable. Since
|
|
the ÿperson ÿdownloading it only finds out afterwards, ÿthe spread of ÿviruses
|
|
from these BBS's is not as bad as it might have been.
|
|
|
|
There ÿalso ÿseems ÿto ÿbe a growing maturity ÿamongst ÿsome ÿmembers ÿof ÿthe
|
|
underground, ÿleading to fewer virus writers and viruses. Hopefully, they will
|
|
ALL grow up soon.
|
|
|
|
|
|
Cheers, Ian
|
|
|