Techguy
December 11, 2000, 10:00 pm
* DOS file attributes protect executable files from infection
File attributes are set by software, and can therefore be
changed by software, including viruses. Many viruses reset a
ReadOnly/System/Hidden file to Read/Write, infect it, and
often reset it to the original attributes afterwards.
This also applies to other software mechanisms such as
simulating hardware write-protection on a hard disk.
However, file protection rights in NetWare *can* help to
contain virus infections, if set up properly, as can
trustee rights. [Trustee assignments govern whether an
individual user has right of access to a subdirectory: the
Inherited Rights Mask governs the protection rights of
individual files and (sub)directories.]
Basically, a file virus has the same rights of access as the
user who happens to inadvertantly activate it.
Setting up these levels of security is really a function
of the network Administrator, but you might like to check
(politely) that yours is not only reassuringly paranoid but
also knowledgeable about viruses as well as networks, since a
LAN which is not, in this respect, securely configured, can
result in very rapid infection and reinfection of files
across the whole LAN. In particular, accounts with supervisor
equivalence can, potentially, be the unwitting cause of very
rapid dissemination of viruses.
* I'm safe from viruses because I don't use bulletin boards/shareware/
Public Domain software.
Many of the most widely-spread viruses are Boot Sector Infectors,
which can't normally infect over a serial or network connection.
Writers of shareware, freeware etc. are no more prone to accidental
infection than commercial publishers, and possibly less. The only
'safe' PC is still in it's original wrapping (which doesn't mean
it isn't already infected...) And don't forget that shrinkwrapped
software may have been rewrapped.
As well, the most common viruses today are macro viruses, which depend
on you running a commercial application (usually MS Word or Excel).
They spread via documents exchanged between computers, which is a common
occurrance on many systems, regardless of how 'connected' they are.
* FDISK /MBR fixes boot sector viruses.
The mark II comp.virus FAQ is worth reading on this (see Part 1
of this FAQ as well as Part 4, section 14).
In brief, don't use FDISK /MBR *unless* you're *very* sure of what
you're doing, as you may lose data. Note also that if you set up the
drive with a disk manager such as EZDrive, you won't be able to access
the drive until and unless you can reinstall it.
* Write protecting suspect floppies stops infection.
This sounds so silly I hesitate to include it. I've never seen it said
on a.c.v., but I've heard it so often in other contexts, I've included
it anyway. Write-protecting a suspect floppy will only protect that
diskette from *re-infection*, if it's already infected. It won't stop
an infected floppy from infecting other (write-enabled) drives.
If you boot with a disk in drive A which is infected with a boot-sector
virus, the fact that the diskette is write-protected will make no
difference at all.
Write-protecting a *clean* floppy will indeed prevent it from being
infected (but see below!).
* The write protect tab always stops a disk write
Briefly, write protection is built into the hardware on the Mac and
on the PC (and most other systems, of course, but we can't cover
everything), and can't be circumvented in software.
However, it is possible for the hardware to fail: it's not common,
but it happens. Thus when I do a cleanup, I try to create a file on a
sacrificial floppy before risking my R/O boot disk. Sometimes, I
even remember....
Other caveats: a disk which you receive write-protected could have
been de-protected, infected, and re-protected. Even a 3.5" disk with
the write-enable tab removed can be written to by covering the hole
with (e.g.) masking tape. And, of course, shrink-wrapped software
could have been infected before the duplication process.
* I can infect my system by running DIR on an infected disk
If you have a clean PC system, you can't contract a boot sector virus
*or* a file virus just by listing the files on an infected floppy.
Of course, if your PC is infected, you may well infect a *clean* floppy
by using
DIR A:
It *is* possible to have a scanner report a virus in memory after a
DIR of a floppy with an infected boot sector. The distinction here is
that the virus is not actually loaded into memory, so the PC has
*not* been infected.
from alt.comp.virus newsgroup FAQ
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
File attributes are set by software, and can therefore be
changed by software, including viruses. Many viruses reset a
ReadOnly/System/Hidden file to Read/Write, infect it, and
often reset it to the original attributes afterwards.
This also applies to other software mechanisms such as
simulating hardware write-protection on a hard disk.
However, file protection rights in NetWare *can* help to
contain virus infections, if set up properly, as can
trustee rights. [Trustee assignments govern whether an
individual user has right of access to a subdirectory: the
Inherited Rights Mask governs the protection rights of
individual files and (sub)directories.]
Basically, a file virus has the same rights of access as the
user who happens to inadvertantly activate it.
Setting up these levels of security is really a function
of the network Administrator, but you might like to check
(politely) that yours is not only reassuringly paranoid but
also knowledgeable about viruses as well as networks, since a
LAN which is not, in this respect, securely configured, can
result in very rapid infection and reinfection of files
across the whole LAN. In particular, accounts with supervisor
equivalence can, potentially, be the unwitting cause of very
rapid dissemination of viruses.
* I'm safe from viruses because I don't use bulletin boards/shareware/
Public Domain software.
Many of the most widely-spread viruses are Boot Sector Infectors,
which can't normally infect over a serial or network connection.
Writers of shareware, freeware etc. are no more prone to accidental
infection than commercial publishers, and possibly less. The only
'safe' PC is still in it's original wrapping (which doesn't mean
it isn't already infected...) And don't forget that shrinkwrapped
software may have been rewrapped.
As well, the most common viruses today are macro viruses, which depend
on you running a commercial application (usually MS Word or Excel).
They spread via documents exchanged between computers, which is a common
occurrance on many systems, regardless of how 'connected' they are.
* FDISK /MBR fixes boot sector viruses.
The mark II comp.virus FAQ is worth reading on this (see Part 1
of this FAQ as well as Part 4, section 14).
In brief, don't use FDISK /MBR *unless* you're *very* sure of what
you're doing, as you may lose data. Note also that if you set up the
drive with a disk manager such as EZDrive, you won't be able to access
the drive until and unless you can reinstall it.
* Write protecting suspect floppies stops infection.
This sounds so silly I hesitate to include it. I've never seen it said
on a.c.v., but I've heard it so often in other contexts, I've included
it anyway. Write-protecting a suspect floppy will only protect that
diskette from *re-infection*, if it's already infected. It won't stop
an infected floppy from infecting other (write-enabled) drives.
If you boot with a disk in drive A which is infected with a boot-sector
virus, the fact that the diskette is write-protected will make no
difference at all.
Write-protecting a *clean* floppy will indeed prevent it from being
infected (but see below!).
* The write protect tab always stops a disk write
Briefly, write protection is built into the hardware on the Mac and
on the PC (and most other systems, of course, but we can't cover
everything), and can't be circumvented in software.
However, it is possible for the hardware to fail: it's not common,
but it happens. Thus when I do a cleanup, I try to create a file on a
sacrificial floppy before risking my R/O boot disk. Sometimes, I
even remember....
Other caveats: a disk which you receive write-protected could have
been de-protected, infected, and re-protected. Even a 3.5" disk with
the write-enable tab removed can be written to by covering the hole
with (e.g.) masking tape. And, of course, shrink-wrapped software
could have been infected before the duplication process.
* I can infect my system by running DIR on an infected disk
If you have a clean PC system, you can't contract a boot sector virus
*or* a file virus just by listing the files on an infected floppy.
Of course, if your PC is infected, you may well infect a *clean* floppy
by using
DIR A:
It *is* possible to have a scanner report a virus in memory after a
DIR of a floppy with an infected boot sector. The distinction here is
that the virus is not actually loaded into memory, so the PC has
*not* been infected.
from alt.comp.virus newsgroup FAQ
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.