RISKS-LIST: Risks-Forum Digest Sunday 15 November 1998 Volume 20 : Issue 08
From: "Rob Slade" <rslade@sprint.ca>
Subject: REVIEW: "Virus Alert of the Day", virus-alert@optimator.win.net
MLVAOTD.RVW 981016
"Virus Alert of the Day", virus-alert@optimator.win.net, 1998,
http://www.tipworld.com/changes.html
%A virus-alert@optimator.win.net
%C City (place of publication)
%D 1998
%I TipWorld
%O http://www.tipworld.com/changes.html
%P 1 paragraph daily
%T "Virus Alert of the Day"
Aside from VirusHelp (cf. MLVIRHLP.RVW) and the rather noisy
alt.comp.virus, there is one other regular source of virus information.
No discussion, since this is a one way list, but one more source of
clutter for your mailbox.
Virus Alert of the Day is one of the (very many) TipWorld mailing lists.
Like all of them, it is primarily an advertising tool, so expect a lot of
ads. In the case of the virus alert list, you can expect roughly a one
paragraph tip per day, along with several screens of commercial
announcements of various types. Actually, that is not quite true. There
is usually about a screenful of viruses due to go off on the day in
question. However, this is only a list of names, without descriptions,
and there are, of course, a great many viruses that can go off on any day,
or are not subject to date alerts.
The information provided by this list is highly suspect. The author, and
the closest I've been able to get to an identity is
virus-alert@optimator.win.net, provides very little information, and does
not betray much basic fact, let alone conceptual, checking in the
postings. (Yes, doing it on a daily basis is hard, but remember that I
ran the CVP postings for three solid years, week in and week out, and
wasn't even close to running out of material.) Some comes from recycled
press releases alerting users to new viruses or types. Sometimes the tip
of the day is simply an announcement of a new antiviral release, ensuring
that the entire message for the day is one long string of ads. But
sometimes when the list actually tries to help it does the greatest
disservice.
Let's look at three postings from the recent past. On September 10th,
readers were advised to "Lock your floppies." Apparently, if you just
"flip the `switch' up on the top-left corner on the back of the diskette
... you can prevent diskette-transferred viruses from being loaded onto
your PC." Now, it's very nice that the instructions were that detailed,
but, unfortunately, they were flat out wrong. If your computer is already
infected, then locking your floppy disks may keep viruses off the floppy.
But if your diskette is infected, locking it will do nothing to protect
your computer. (This tip was later corrected by a reader.)
September 16th saw a note from a reader wondering what to do about an
infection by a stealth, boot sector virus. He had tried various
antivirals and none had removed it. The advice was to wait until the
antiviral vendors got around to a release that did deal with it.
Unfortunately, a number of the antivirals the reader had mentioned do deal
with the virus, and quite effectively. The real secret in this case is to
ensure that you "boot clean" and ensure that the virus is not resident in
memory before you try to run the antiviral. The secret to booting clean
is to ensure that your boot disk was created before the virus infected the
system.
October 2nd saw the relaying of Symantec's report of the world's first
Java virus. This viral non-event was widely ignored by the virus research
community, since everyone had already known it was possible. Java is a
computer language much like any other, and you can write anything you want
in it. The potential threat of a Java virus lies in Java's ability to
create applets for the Web. Fortunately for Web users, and unfortunately
for "Strange Brew," applets submitted over the Web and run in browsers are
confined to a "sandbox" that restricts some of the operations which
"Strange Brew" needs in order to run.
On October 16th, users of Microsoft Word were told, in order to avoid
spreading MS Word macro viruses, to save files in RTF (Rich Text Format)
if they were going to send them to other users. Now, while this advice
might be inconvenient (RTF is not capable of saving all possible MS Word
formatting information), there is some valid reasoning behind using it as
a security precaution. RTF does not support MS Word macro viruses,
either, so an RTF file wouldn't transmit them. A *true* RTF file, that
is. A number of common macro viruses intercept the FileSaveAs call. CAP,
for one, will save the file as a template document, with the infection
present, in spite of the RTF extension on the filename.
Should you wish to chronicle the further misadventures of the virus
alerts, check out the TipWorld signup page at
http://www.tipworld.com/changes.html.
copyright Robert M. Slade, 1998 MLVAOTD.RVW 981016
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Wed Nov 18 14:57:39 1998