VIRUSES (ST) A companion document for the HOSPITAL virus detection/prevention suite Neil Forysth Department of Computer Science Heriot-Watt Univeristy Hunters Close 79 Grassmarket Edinburgh neil@uk.ac.hw.cs THE HOSPITAL PROGRAMS It would be a lie to say that if you use the HOSPITAL programs you will never suffer from a virus attack. The people(?) who write viruses will eventually get these programs and try to invent new ways of infection and avoiding detection. However, using some combination of the programs is definately a good precaution. They certainly do a great job against all the viruses I've seen to date and should any smarter viruses come along I will modify my programs accordingly. Treat all formatted disks that you are given or buy with suspicion. This includes commercially availiable packages. I have seen a virus infected disk that came straight out of its cling wrapped box. The software house was not being irresponsible, they were the victim of a virus attack. OTHER HELPFUL UTILITIES AFMT by Neil Forsyth In addition to the boot sector, some disk viruses use the extra FAT sectors on a disk. There are usually six of these on single sided disk and four on a double. They are never used on the current double density disk systems. The AFMT disk formatter reduces the size of the FAT to a minimum leaving no free FAT sectors for a virus to hide in and giving you more disk space. DT (Disk Toolbox) by Neil Forsyth This utility allows you to reversably change the executability of a boot sector. If the boot sector does not contain a virus and perhaps needs to be run for a program to work then it can easily be changed back. The RAM loadable version of TOS from Atari uses an executable boot sector to load as do a lot of commercial games. VKILLER by George Woodside This is an excellent program for the bulk checking of disks for possible viral infection. It has many features for analysis and destruction of viruses. It can also tell you a few things about any known viruses it finds. FLU by George Woodside This program demonstrates the symptoms of many of the joke type viruses that George has come across. LINK VIRUSES There are some viruses that infect programs instead of disk sectors. I have never seen one of these 'link viruses' but have a pretty good idea how they might work and hope to create programs to safeguard against them soon. HARD DISK VIRUSES Currently there does not seem to be any viruses that attack hard disks but I'm sure that they will appear. The only advice I can offer here is to back up your hard disk data regularly. I do mean data here and not programs. You can always re- install an application program and the copy on the hard disk that is lost may have been infected. MYTHS There have been some reports, all of them unconfirmed, of programs that are able to write to disks with the write protect notch on. I beleive this to be absolute nonsense and probably caused by delayed disk writes from cache programs or floppy serial numbers being the same. When writing my disk formatter (AFMT), I had to bypass the operating system and access the hardware directly and never managed to write to a write protected disk. (From the Western Digital 1772 Disk Controller Data Sheet) "Write protect: This input is sampled whenever a Write Command is received. A logic low on this line will prevent any Write Command from executing (internal pull-up)." The only way this could be circumvented would be to modify the disk drive or its connection to the computer. However I am open minded enough to beleive this phenomenon if and when I ever see it and you can be pretty sure I'll tell you if I do!