ZZ>
  > Of course running executables can't be written to, but it's hardly ever the
  > RUNNING ones that are infected.  I remain unconviced that
  > this is a real problem for Virus writers.
ZZ>

  Think of it this way.  Virus writers infect the EXE on disk mainly, so
  that the virus has a greater chance of being run another time.

  If they cannot infect the programs that are *currently running* then
  it is less likely that they are going to infect the programs that will
  ever *be run*.  This is based on the theory that the programs that are
  currently running are the programs that are regularly run.

  Under DOS, if a virus infects COMMAND.COM, it will be run every time
  that the machine boots.

  Under OS/2, a virus cannot achieve the same effect, since it won't be
  *able* to infect PMSHELL.EXE, and there's no guarantee that CMD.EXE
  will ever be run by the user (I don't use it here, for example).

ZZ>
  > question whether or not the difficulties in dealing with
  > HPFS are a real problem when DosOpen and so forth work just
  > as well for a possible virus writer as they do for more
  > normal applications programs.
ZZ>

  This is an issue relating to the damage that a virus can do when
  activated.  Lots of viruses like to trash the hard disc.  This is a
  lot more difficult to do with HPFS than FAT.  A lot more of the
  partition would have to be written to.

  As I said before, CHKDSK /F:3 can even recover from FORMAT most of the
  time with HPFS, so you can guess at the level of redundancy in the
  filesystem that the hypothetical OS/2 virus writer would have to deal
  with.

ZZ>
  >                         I seriously doubt that many people
  > would detect a virus in process listing even if they
  > routinely produced such listings.
ZZ>

  They'd notice if a process that they expected to stop didn't stop,
  though.  If the process were to stop then -- *poof* -- the virus is
  not in memory anyway.  A virus that intends to remain active must have
  a thread running somewhere.

  Incidentally, most programs are written so that when the main thread
  exits it kills off all of the other threads irrespective of what they
  were doing.  So a virus would have a hard time sticking around even if
  it spawned off a secondary thread with DosCreateThread.  The virus
  writer would have to learn all about exit lists -- yet another thing
  for the hypothetical OS/2 virus writer to have to learn about and
  cater for.  Yet more viral code bloat.

ZZ>
  >                                      To my mind, a person
  > wishing to code destructive programs for OS/2 would be
  > better off coding worms for OS/2 rather than viruses.
ZZ>

  Worms or trojans are more likely to succeed than the parasites like
  viruses.

ZZ>
  > Especially considering the built-in networking stuff that
  > IBM is promising.
ZZ>

  Probably about the most dangerous program running on a normal setup is
  sendmail, but even then the IBM sendmail is a crippled version which I
  doubt would have most of the "usual" holes.

  Mind you, in a short while I won't be running sendmail any more.  (-:

  > JdeBP <
___
 X MegaMail 2.10 #0:
--- Maximus/2 2.02