TIP: Click on subject to list as thread! ANSI
echo: os2prog
to: Robert King
from: Peter Fitzsimmons
date: 1994-12-24 00:37:04
subject: Re: Virus Alert!

RK> #1, Writing to executing executables is simple and is in fact done 
 RK>     quite often by shareware and some comercial applications.

You can not write to a running exe/dll (hence,  can not write to any vital
os/2 element).

 RK> #2, Protected mode means nothing to the virus programmer.

Explain -- protected mode prevents the virus from writing outside of its
memory space;  to say it means nothing is quite a claim.

 RK> #3, Even a DOS based program can read/write to HPFS drives under OS/2
 RK>     just as they do in DOS. NO VIRUS uses BIOS/DOS 
 RK> calls for reads and     writes. Such operations are 
 RK> performed at the port level which, as you
 RK>     apparently aren't aware, bypasses the operating system entirely.

buzzzt.  Wrong.  Just try running a dos program that goes after the disk
controller ports -- they are all virtualized and will deny all writes. A
native OS/2 device driver could do it,  but this would mean a very visible
"device=virus.sys" being added to your config.sys & a reboot.

 RK> #4, The OS/2 scanners that are available, DO NOT detect several virusi.
 RK>     One that I can demonstrate readily is the 
 RK> Frankenstien virus which I     have on a floppy. Not 
 RK> only do the OS/2 scanners not see it, but the DOS

But can this virus do any damage when run in a VDM?   I don't think so...


--- Maximus/2 2.01
* Origin: Sol 3/Toronto (905)858-8488 (1:259/414)
SEEN-BY: 12/2442 620/243 624/50 632/348 640/820 690/660 711/409 410 413 430
SEEN-BY: 711/807 808 809 934 942 949 712/353 515 713/888 800/1 7877/2809
@PATH: 259/414 400 99 250/702 3615/50 229/2 12/2442 711/409 808 809 934

SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.