CrisNews #2 - 05/01/94 Reprinted With Permission By: Cris Research Staff The Virus Threat (c) Ian Douglas 1993 Has the threat from viruses started to decline? ˙The number of viruses for the IBM PC (Intel x86) platform grows daily, but various events are making the IBM environment safer. ˙(Experts predict around 4000 - 6000 DOS viruses by the end of 1994.) Chief ˙amongst these is the move away from DOS to new operating systems. ˙˙The trend ˙started ˙with ˙Windows ˙(not really ˙an ˙operating ˙system), ˙˙and ˙has accelerated with the advent of a reliable OS/2. ˙Further down the line, ˙there is Windows NT and UNIX. ˙These environments are very unfriendly for the ˙3000+ DOS-based viruses. ˙There is a joke that Windows is a good virus detector - if a Windows file gets infected by a DOS virus, it crashes :-) There ˙are two known viruses that can infect Windows executables, ˙but none at present that can infect OS/2 ˙executables. ˙No known DOS viruses can run under native ˙OS/2, ˙but only in a DOS session. ˙Also, ˙the constant upgrades to DOS itself prevent some viruses from working altogether. There ˙are three main areas of virus spread: ˙Large ˙businesses, ˙˙educational institutions, and swopping disks among friends. Many large business are moving to OS/2, ˙others will move to Windows NT. In both cases, ˙they are cutting out an important vector of virus spread. ˙I ˙foresee that educational institutions will ˙also move to these new operating systems in the near future. ˙The market will ˙demand ˙students trained in them. ˙This will once again cut out a ˙major vector for virus spreading. That ˙leaves ˙the average user, ˙still running DOS. ˙His has ˙less ˙chance ˙of getting a virus, since the two main vectors are being cut out. The most common viruses ˙are boot sector infectors, ˙like Stoned. ˙While these may be able ˙to infect a machine running OS/2, they will not spread from such a machine. The other interesting development has been in the underground. ˙In the race to create ˙the super-duper type viruses, ˙they have been trying to write ˙complex viruses. These take longer to write and are usually more buggy. Thus they make fewer ˙viruses. ˙˙In ˙order to brag, ˙they publish the viruses ˙in ˙electronic magazines, and make them available for download on virus exchange BBS's. ˙This means ˙that they end up in the hands of anti-virus authors, ˙before they ˙have had a chance to spread widely. Thus the AV authors soon include detection, and the virus does not spread very much. Many virus exchange BBS's have mostly junk (virus wannabe's) ˙available. Since the ˙person ˙downloading it only finds out afterwards, ˙the spread of ˙viruses from these BBS's is not as bad as it might have been. There ˙also ˙seems ˙to ˙be a growing maturity ˙amongst ˙some ˙members ˙of ˙the underground, ˙leading to fewer virus writers and viruses. Hopefully, they will ALL grow up soon. Cheers, Ian