RISKS-LIST: Risks-Forum Digest Sunday 15 November 1998 Volume 20 : Issue 08 From: "Rob Slade" <rsladeat_private> Subject: REVIEW: "Virus Alert of the Day", virus-alertat_private MLVAOTD.RVW 981016 "Virus Alert of the Day", virus-alertat_private, 1998, http://www.tipworld.com/changes.html %A virus-alertat_private %C City (place of publication) %D 1998 %I TipWorld %O http://www.tipworld.com/changes.html %P 1 paragraph daily %T "Virus Alert of the Day" Aside from VirusHelp (cf. MLVIRHLP.RVW) and the rather noisy alt.comp.virus, there is one other regular source of virus information. No discussion, since this is a one way list, but one more source of clutter for your mailbox. Virus Alert of the Day is one of the (very many) TipWorld mailing lists. Like all of them, it is primarily an advertising tool, so expect a lot of ads. In the case of the virus alert list, you can expect roughly a one paragraph tip per day, along with several screens of commercial announcements of various types. Actually, that is not quite true. There is usually about a screenful of viruses due to go off on the day in question. However, this is only a list of names, without descriptions, and there are, of course, a great many viruses that can go off on any day, or are not subject to date alerts. The information provided by this list is highly suspect. The author, and the closest I've been able to get to an identity is virus-alertat_private, provides very little information, and does not betray much basic fact, let alone conceptual, checking in the postings. (Yes, doing it on a daily basis is hard, but remember that I ran the CVP postings for three solid years, week in and week out, and wasn't even close to running out of material.) Some comes from recycled press releases alerting users to new viruses or types. Sometimes the tip of the day is simply an announcement of a new antiviral release, ensuring that the entire message for the day is one long string of ads. But sometimes when the list actually tries to help it does the greatest disservice. Let's look at three postings from the recent past. On September 10th, readers were advised to "Lock your floppies." Apparently, if you just "flip the `switch' up on the top-left corner on the back of the diskette ... you can prevent diskette-transferred viruses from being loaded onto your PC." Now, it's very nice that the instructions were that detailed, but, unfortunately, they were flat out wrong. If your computer is already infected, then locking your floppy disks may keep viruses off the floppy. But if your diskette is infected, locking it will do nothing to protect your computer. (This tip was later corrected by a reader.) September 16th saw a note from a reader wondering what to do about an infection by a stealth, boot sector virus. He had tried various antivirals and none had removed it. The advice was to wait until the antiviral vendors got around to a release that did deal with it. Unfortunately, a number of the antivirals the reader had mentioned do deal with the virus, and quite effectively. The real secret in this case is to ensure that you "boot clean" and ensure that the virus is not resident in memory before you try to run the antiviral. The secret to booting clean is to ensure that your boot disk was created before the virus infected the system. October 2nd saw the relaying of Symantec's report of the world's first Java virus. This viral non-event was widely ignored by the virus research community, since everyone had already known it was possible. Java is a computer language much like any other, and you can write anything you want in it. The potential threat of a Java virus lies in Java's ability to create applets for the Web. Fortunately for Web users, and unfortunately for "Strange Brew," applets submitted over the Web and run in browsers are confined to a "sandbox" that restricts some of the operations which "Strange Brew" needs in order to run. On October 16th, users of Microsoft Word were told, in order to avoid spreading MS Word macro viruses, to save files in RTF (Rich Text Format) if they were going to send them to other users. Now, while this advice might be inconvenient (RTF is not capable of saving all possible MS Word formatting information), there is some valid reasoning behind using it as a security precaution. RTF does not support MS Word macro viruses, either, so an RTF file wouldn't transmit them. A *true* RTF file, that is. A number of common macro viruses intercept the FileSaveAs call. CAP, for one, will save the file as a template document, with the infection present, in spite of the RTF extension on the filename. Should you wish to chronicle the further misadventures of the virus alerts, check out the TipWorld signup page at http://www.tipworld.com/changes.html. copyright Robert M. Slade, 1998 MLVAOTD.RVW 981016 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:25 PDT