V.I.R.U.S. Weekly - December 24, 1993

A weekly digest of virus and related news, V.I.R.U.S. Weekly BBS feed and
newsletter is prepared by the Vancouver Institute for Research into User
Security.  For those without online service feeds, both V.I.R.U.S. Weekly and
Monthly are available in hardcopy.  For more information contact Robert Slade
or CyberStore.
copyright 1993, Robert M. Slade

Other columns this week:

9    3.1 Scanners

10   "When H.A.R.L.I.E. Was One" by Gerrold


F-Prot 2.10b (MS-DOS)
This update version of F-Prot has been announced as available for ftp from
risc.ua.edu and complex.is.

The many faces of F-Prot
Recent seemingly contradictory claims by two software distributors prompted a
query to Fridrik Skulason about how other people are using his product.  The
programs currently including the F-PROT "engine" are:
    F-PROT shareware     (Frisk Software)
    F-PROT Professional  (Command Software, DataFellows and PerComp)
    Virus Alert          (Look Software) different interface
    VirusNet             (SafetyNet) different interface
    Data Security Plus   (PC Guardian) includes the shareware version


Power Pump on CDs (MS-DOS)
The Power Pump virus is not new, but it has recently been reported as infecting
the XYPHR2.COM file in the XYPHR2.ZIP archive on both the "So Much Shareware
Vol. II" and "Deathstar Arcade Battles" CDs.  Please check these files


Beware of cat
Due to a combination of virus debugging and cat interference, Ross Greenberg
has discovered an intriguing new way to hang a computer.  This particular virus
attacks the CMOS information table, so Ross expected some problems.  Having
reset everything possible to original values, however, he still found that the
computer wouldn't work properly.  Somewhere in the bowels of the CMOS in an
apparently "unused" portion, something affects the timer operation, and
seriously impacts the computer.  (A deliberate corruption of that area appears
to restore the system.)


Let him who is without bug ...
Bill Lambdin has been posting a monthly ranking of antiviral scanners for some
time in VIRUS-L as well as the Fidonet echoes.  Frans Veldman and Jeff Cook, of
Thunderbyte, have recently been complaining about his test.  Bill freely admits
that his test is not perfect.  Frans and Jeff state that it should be prefect
before he releases it.  A clear case of the pot calling the kettle black, and
in very intemperate language, too.  This exchange has renewed questions about
Jeff's neutrality as co-moderator of VIRUS_INFO.  He has not used any
moderating tools as weapons, but frequently cites his "authority".

Computer Virus Interest Group shutting down
Although not as well known as some, the Australian Computer Virus Interest
Group (CVIG) has been quietly doing solid research work at the Queensland
University of Technology in Brisbane.  After three years, however, the
government grant that sponsored it has expired, and the research, and CVIG
News, is no more.

Free F-Prot benefits business
A recent posting to Fidonet suggested that F-Prot was the best antiviral
because it was free for individual users.  The author was obviously simply
pleased at getting some free software, but he raises an important point.  Part
of the virus problem is that we are still in an "unhygenic" computing
environment, where there are a lot of carriers.  Antiviral software which is
free for individual users, such as F-Prot and, until recently, VIRx, benefits
corporations as well as home users, by reducing the level of risk ...

A WORM virus?
CD-ROMs are probably seen as the ultimate in "shrink-wrapped" software.  Not
only are CD-ROMs only pressed by sophisticated commercial equipment, but they
are "permanent", and so unaffected by virus attacks.  Unfortunately not true. 
Materials for CD-ROMs are produced in the normal way, and are subject to
infection.  Indeed, given the volume of material, may be *more* susceptible to
infection if not rigorously checked.  Many examples of infected CD-ROMs are
known, including two produced by offices of the US federal government.
Vancouver      ROBERTS@decus.ca         | "The client interface
Institute for  Robert_Slade@sfu.ca      |  is the boundary of
Research into  rslade@cue.bc.ca         |  trustworthiness."
User           p1@CyberStore.ca         |    - Tony Buckland, UBC
Security       Canada V7K 2G6           |