CA>
  >                           simply copied the original program into a system
  > subdirectory, giving it a name that could not be seen by a
"dir". then it
  > replaced the original file with itself
CA>

  That's not a virus; that's a worm.  Loosely put, a virus is a parasite
  that attaches to and propagates through the execution of other
  programs.  A worm is a whole program in its own right.

CA>
  >             and entering it into config.sys as well, maybe using a good
  > sounding name like "KBDBASE2.SYS" and thus installing at
next bootup the
  > viral device driver.
CA>

  This again qualifies as a worm, not a virus.  It would have to be
  introduced via a trojan co-conspirator, as well.  Think about it.
  KBDBASE2.SYS cannot be run as an application.  How many bootable OS/2
  floppies do you hand around to your friends ?

  I believe that Jon Guthrie was the one who has already said that worms
  are a different problem.

  They are certainly a more realistic problem, given the stringent
  restrictions that OS/2 places on applications, that eliminate the
  vectors of infection that viruses use, such as writing to an EXE when
  it is run, or writing to the boot sector.  The few viable means of
  infection that are left are not the world's best ways to get
  propagated (writing to non running EXEs doesn't guarantee that those
  EXEs will ever be run).

  Another element of realism involves considering the level of technical
  competence required.  The MZ executable format is quite simple, and a
  virus doesn't have a hard time attaching itself to such a file.  The
  LZ executable format is a lot more complex, and a virus author would
  have to figure it out, otherwise he'd find himself writing his virus
  into the debugging information or fixup records.

  OS/2 also protects to a much larger extent against some of the worse
  parts of virus activation, such as scrambling the boot sector or FAT
  via low level writes, overwriting the kernel or other programs in
  memory, or going into a busy wait loop and halting the machine.

CA>
  > the user is the weakest point of a computer system, right?
CA>

  True, but as has been pointed out, the risks should be put into
  perspective.

  > JdeBP <
___
 X MegaMail 2.10 #0:
--- Maximus/2 2.02