TIP: Click on subject to list as thread! ANSI
echo: virus_info
to: ALL
from: RICHARD ST. JOHN
date: 1996-12-30 09:17:00
subject: Not A Virus [4/8]
***>>> CONTINUED FROM PREVIOUS MESSAGE <<<***
                from that of the text. Since it's the macros that would 
contain
                a virus, should there ever be one, and since people don't
                generally pass macros when they pass around Word Perfect
                documents, chances of a Word Perfect virus becoming a threat
                to users is close to nil.
        5.3 What's UNWISE.EXE?
                It's probably the worst marketing choice for a program name
                I've ever come across. The truth is, UNWISE.EXE is a program
                called Wise Uninstall which is included with some Windows
                shareware programs.
6.0 AntiVirus Software
        6.1 ChipAway Virus Enabled
                A particular antivirus product instituted in BIOS has
                inappropriately chosen the activation messages of "ChipAway
                Virus Enabled." When this phrase is seen during the bootup
                process, it represents that this product has been activated.
        6.2 Traces of a virus Found in Memory
                While this message is the message presented by McAfee's Scan,
                it represents the concept of one antivirus product finding
                another antivirus' strings in memory. One of the best known
                of this circumstance is the combination of Scan and 
PAV/MSAV.
                Running CPAV and then SCAN will usually generate this 
ssage.
        6.3 Virus found in ANTIVIR.DAT
                In 6.2, we showed circumstances where one antivirus product
                locates another in memory. There is also the circumstance of
                one antivirus finding strings in another antivirus' data
                files or TSR executables. This is especially true now that
                there are heuristic analyzers.
                What the heuristic analysers are perhaps finding are viral
                snippets that are used to identify viruses. But it is not the
                complete virus.
                A similar situation arises when some antivirus packages are
                used to scan data files when "Scan All Files" is chosen. In
                this situation, the viruses "detected" are usually some kind
                of polymorphic virus. This brings forth the issue, "Should
                you be scanning all files?" My answer is, each product is
                presented to you with a default mode. Careful thinking is
                applied to choose the right set of defaults. Yet no product
                that I'm aware of has a default setting of scanning all
                files. All products recommend a certain configuration. Think
                about that.
                [The chance that an antivirus package is distributed with a
                virus is actually relatively high if you are not downloading
                the package from a known and trusted site. Antivirus packages
                have been known to be trojanized many times in secondary
                redistribution channels. Be safe. Download originals from
                official supported sites.]
        6.4 Loading Bootstrap...
                This is a message placed by SCAN in the MBR bootup process
                after it has cleaned certain boot sector viruses. Because the
                user has just completed an encounter with a virus, he is very
                alert to any new strangeness he encounters. Seeing this new
                message, he immediately believes this is something laid by 
he
                virus. This message has been removed as of last summer.
        6.5 Something is writing to your boot sector...
                Antivirus products vary in technology. One technology
                implemented by some antivirus products is called behavior
                blocking. However, use of this technology often involves
                giving too much power to users who do not understand the
                capabilities nor the circumstances.
                The most common behavior blocking issue raised to our
                technical support is, "Something is writing to my boot 
sector!"
                This could be a virus. But it could be that the user just
                typed FORMAT.
                I would recommend, in a corporate environment, you allow 
sers
                to decide for themselves whether they wish to run a behavior
                blocker. If the user is unaware that he is using behavior
                blocking technology, you will be confronted with more
                non-virus cases than situations where it actually stopped a
                virus. Yet, you may decide that you would be able to live
                with a 10 to 1 non-viral to viral ratio because the one virus
                infection that it catches costs more to clean up than the
                on-going support.
                The choice of using an antivirus is the determination that
                the cost of running an antivirus is less than the cost of
                cleaning up after virus infections. Therefore, only you can
                evaluate the cost for your organization.
7.0 Macintosh
        7.1 Welcome datacomp
                Users of Apple's Macintosh have been mystified by the
***>>> CONTINUED NEXT MESSAGE <<<***
--- GEcho 1.20/Pro
---------------
* Origin: Slings & Arrows BBS St. Louis, Mo. (1:100/205.0)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.