[ISN] REVIEW: "Virus Alert of the Day", virus-alertat_private

From: mea culpa (jerichoat_private)
Date: Sun Nov 15 1998 - 23:48:45 PST

  • Next message: mea culpa: "RE: [ISN] Privacy Group Pushes For Hearings on ECHELON"

    RISKS-LIST: Risks-Forum Digest  Sunday 15 November 1998  Volume 20 : Issue 08
    
    From: "Rob Slade" <rsladeat_private>
    Subject: REVIEW: "Virus Alert of the Day", virus-alertat_private
    
    MLVAOTD.RVW   981016
    
    "Virus Alert of the Day", virus-alertat_private, 1998,
    http://www.tipworld.com/changes.html
    %A   virus-alertat_private
    %C   City (place of publication)
    %D   1998
    %I   TipWorld
    %O   http://www.tipworld.com/changes.html
    %P   1 paragraph daily
    %T   "Virus Alert of the Day"
    
    Aside from VirusHelp (cf. MLVIRHLP.RVW) and the rather noisy
    alt.comp.virus, there is one other regular source of virus information. 
    No discussion, since this is a one way list, but one more source of
    clutter for your mailbox. 
    
    Virus Alert of the Day is one of the (very many) TipWorld mailing lists. 
    Like all of them, it is primarily an advertising tool, so expect a lot of
    ads.  In the case of the virus alert list, you can expect roughly a one
    paragraph tip per day, along with several screens of commercial
    announcements of various types.  Actually, that is not quite true.  There
    is usually about a screenful of viruses due to go off on the day in
    question.  However, this is only a list of names, without descriptions,
    and there are, of course, a great many viruses that can go off on any day,
    or are not subject to date alerts. 
    
    The information provided by this list is highly suspect.  The author, and
    the closest I've been able to get to an identity is
    virus-alertat_private, provides very little information, and does
    not betray much basic fact, let alone conceptual, checking in the
    postings.  (Yes, doing it on a daily basis is hard, but remember that I
    ran the CVP postings for three solid years, week in and week out, and
    wasn't even close to running out of material.)  Some comes from recycled
    press releases alerting users to new viruses or types. Sometimes the tip
    of the day is simply an announcement of a new antiviral release, ensuring
    that the entire message for the day is one long string of ads.  But
    sometimes when the list actually tries to help it does the greatest
    disservice. 
    
    Let's look at three postings from the recent past.  On September 10th,
    readers were advised to "Lock your floppies."  Apparently, if you just
    "flip the `switch' up on the top-left corner on the back of the diskette
    ... you can prevent diskette-transferred viruses from being loaded onto
    your PC."  Now, it's very nice that the instructions were that detailed,
    but, unfortunately, they were flat out wrong.  If your computer is already
    infected, then locking your floppy disks may keep viruses off the floppy. 
    But if your diskette is infected, locking it will do nothing to protect
    your computer.  (This tip was later corrected by a reader.) 
    
    September 16th saw a note from a reader wondering what to do about an
    infection by a stealth, boot sector virus.  He had tried various
    antivirals and none had removed it.  The advice was to wait until the
    antiviral vendors got around to a release that did deal with it.
    Unfortunately, a number of the antivirals the reader had mentioned do deal
    with the virus, and quite effectively.  The real secret in this case is to
    ensure that you "boot clean" and ensure that the virus is not resident in
    memory before you try to run the antiviral.  The secret to booting clean
    is to ensure that your boot disk was created before the virus infected the
    system. 
    
    October 2nd saw the relaying of Symantec's report of the world's first
    Java virus.  This viral non-event was widely ignored by the virus research
    community, since everyone had already known it was possible. Java is a
    computer language much like any other, and you can write anything you want
    in it.  The potential threat of a Java virus lies in Java's ability to
    create applets for the Web.  Fortunately for Web users, and unfortunately
    for "Strange Brew," applets submitted over the Web and run in browsers are
    confined to a "sandbox" that restricts some of the operations which
    "Strange Brew" needs in order to run. 
    
    On October 16th, users of Microsoft Word were told, in order to avoid
    spreading MS Word macro viruses, to save files in RTF (Rich Text Format)
    if they were going to send them to other users.  Now, while this advice
    might be inconvenient (RTF is not capable of saving all possible MS Word
    formatting information), there is some valid reasoning behind using it as
    a security precaution.  RTF does not support MS Word macro viruses,
    either, so an RTF file wouldn't transmit them.  A *true* RTF file, that
    is.  A number of common macro viruses intercept the FileSaveAs call.  CAP,
    for one, will save the file as a template document, with the infection
    present, in spite of the RTF extension on the filename. 
    
    Should you wish to chronicle the further misadventures of the virus
    alerts, check out the TipWorld signup page at
    http://www.tipworld.com/changes.html. 
    
    copyright Robert M. Slade, 1998   MLVAOTD.RVW   981016
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:25 PDT