Copy Link
Add to Bookmark
Report
Cris Vol 2 Issue 02
CrisNews #2 - 05/01/94
Reprinted With Permission
By: Cris Research Staff
The Virus Threat
(c) Ian Douglas 1993
Has the threat from viruses started to decline? ÿThe number of viruses for the
IBM PC (Intel x86) platform grows daily, but various events are making the IBM
environment safer. ÿ(Experts predict around 4000 - 6000 DOS viruses by the end
of 1994.)
Chief ÿamongst these is the move away from DOS to new operating systems. ÿÿThe
trend ÿstarted ÿwith ÿWindows ÿ(not really ÿan ÿoperating ÿsystem), ÿÿand ÿhas
accelerated with the advent of a reliable OS/2. ÿFurther down the line, ÿthere
is Windows NT and UNIX. ÿThese environments are very unfriendly for the ÿ3000+
DOS-based viruses. ÿThere is a joke that Windows is a good virus detector - if
a Windows file gets infected by a DOS virus, it crashes :-)
There ÿare two known viruses that can infect Windows executables, ÿbut none at
present that can infect OS/2 ÿexecutables. ÿNo known DOS viruses can run under
native ÿOS/2, ÿbut only in a DOS session. ÿAlso, ÿthe constant upgrades to DOS
itself prevent some viruses from working altogether.
There ÿare three main areas of virus spread: ÿLarge ÿbusinesses, ÿÿeducational
institutions, and swopping disks among friends. Many large business are moving
to OS/2, ÿothers will move to Windows NT. In both cases, ÿthey are cutting out
an important vector of virus spread. ÿI ÿforesee that educational institutions
will ÿalso move to these new operating systems in the near future. ÿThe market
will ÿdemand ÿstudents trained in them. ÿThis will once again cut out a ÿmajor
vector for virus spreading.
That ÿleaves ÿthe average user, ÿstill running DOS. ÿHis has ÿless ÿchance ÿof
getting a virus, since the two main vectors are being cut out. The most common
viruses ÿare boot sector infectors, ÿlike Stoned. ÿWhile these may be able ÿto
infect a machine running OS/2, they will not spread from such a machine.
The other interesting development has been in the underground. ÿIn the race to
create ÿthe super-duper type viruses, ÿthey have been trying to write ÿcomplex
viruses. These take longer to write and are usually more buggy. Thus they make
fewer ÿviruses. ÿÿIn ÿorder to brag, ÿthey publish the viruses ÿin ÿelectronic
magazines, and make them available for download on virus exchange BBS's. ÿThis
means ÿthat they end up in the hands of anti-virus authors, ÿbefore they ÿhave
had a chance to spread widely. Thus the AV authors soon include detection, and
the virus does not spread very much.
Many virus exchange BBS's have mostly junk (virus wannabe's) ÿavailable. Since
the ÿperson ÿdownloading it only finds out afterwards, ÿthe spread of ÿviruses
from these BBS's is not as bad as it might have been.
There ÿalso ÿseems ÿto ÿbe a growing maturity ÿamongst ÿsome ÿmembers ÿof ÿthe
underground, ÿleading to fewer virus writers and viruses. Hopefully, they will
ALL grow up soon.
Cheers, Ian
