Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[fritz chwolka]

Am 24.10.2016 um 23:28 schrieb Terry Stewart:

Here is some I wrote some time ago on my experiences with vintage viruses.
Bear in mind it's a narrative (and hence somewhat long-winded and rambling)
but anyway..here it is for anyone interested...
http://www.classic-computers.org.nz/blog/2009-08-30-vintage-viruses.htm

Terry (Tez)



I say thanks for your note.  Some years ago got an "wake up" with a 
stone virus. On my dos systems using for disc converting or retro games 
I test now  every disk I insert.


Best Regards

fritz


Mit freundlichen Grüßen

Fritz Chwolka

___

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Mouse]

>>> What is the plural of a computer virus?).
>> Viruses.
>> The Latin word _virus_ [...]
>> More than you ever wanted to know, I'm sure.
> Actually, NO.

What Fred said.  Across the board.

Thank you.  That was informative, authoritative, and - impressive,
managing to combine this with the other two - interesting.

/~\ The ASCII Mouse
\ / Ribbon Campaign
 X  Against HTMLmo...@rodents-montreal.org
/ \ Email!   7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

RE: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Fred Cisin]

 What is the plural of a computer virus?).

On Mon, 24 Oct 2016, Rich Alderson wrote:

Viruses.
The Latin word _virus_ means "slime, poison", and is a collective noun
. . . 
Furthermore, it is a neuter (neither masculine nor feminine) o-stem noun,

. . .
The -i marker of nominative plurals is restricted to those masculine and
. . . 
Neuters in all ancient Indo-European languages, such as Sanskrit, Greek, and

Latin, end in -a (or a regular development from *-a).
. . . 
The word _virus_ was used as a synonym for _venom_ as late as the early 20th
. . . 
modern usage derives from the medical term _filterable virus_, referring to a

More than you ever wanted to know, I'm sure.


Actually, NO.
You answered a long unresolved question.
Authoritatively, and with sufficient detail to facilitate further 
research, or even to seek collaboration if there were doubts.


Thank you.

--
Grumpy Ol' Fred ci...@xenosoft.com

RE: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Rich Alderson]

From: Sean Conner
Sent: Monday, October 24, 2016 2:00 PM

>  MS-DOS had CP/M at its heart, and it had its fair share of virii (viruses? 
>  What is the plural of a computer virus?).

Viruses.

The Latin word _virus_ means "slime, poison", and is a collective noun, like
English _milk_ or _flour_ or _sugar_.  It did not form a plural at all.

Furthermore, it is a neuter (neither masculine nor feminine) o-stem noun, very
very odd because it ends in -us rather than -um in the nominative.  -us is
overwhelming the marker of a masculine o-stem, or occasionally of a masculine
or feminine u-stem (whose plural would be in -us), and very rarely of a
feminine o-stem, or often of a neuter s-stem (like _genus_ "kind", whose plural
is _genera_ "kinds").

The -i marker of nominative plurals is restricted to those masculine and
feminine o-stems; -ii is restricted further, to o-stems in which the stem vowel
is preceded by -i-, so _domus, domi_ "house, houses" vs. _genius, genii_
"tutelary spirit(s) attendant on a person from birth", _Julius, Julii_ "a
_gens_ (clan) name, members of the Julian _gens_", _Cornelius, Cornelii_, etc.

Neuters in all ancient Indo-European languages, such as Sanskrit, Greek, and
Latin, end in -a (or a regular development from *-a).  Presumably, if one were
able to specify a plural in Latin of the word _virus_, it would by rule have to
end in -a.  But the speakers of Latin did not speak of discrete slimes, it all
being one to them, so we will never know.

The word _virus_ was used as a synonym for _venom_ as late as the early 20th
Century in English, as in Burroughs's description of the deadliness of the
_virus_ of Martian serpents (in _The Gods of Mars_), which confused me no end
when I was reading the Martian novels for the first time at the age of 14.  The
modern usage derives from the medical term _filterable virus_, referring to a
disease-causing agent which was unresolvable under a microscope but which could
be mechanically filtered out of water, unlike a poisonous chemical dissolved in
water.  The word _filterable_ was dropped at some point in the literature, then
electron microscopes came along which *could* resolve viruses, and we come into
the modern world.

More than you ever wanted to know, I'm sure.

Rich


Rich Alderson
Vintage Computing Sr. Systems Engineer
Living Computers: Museum + Labs
2245 1st Avenue S
Seattle, WA 98134

mailto:ri...@livingcomputers.org

http://www.LivingComputers.org/

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Terry Stewart]

Here is some I wrote some time ago on my experiences with vintage viruses.
Bear in mind it's a narrative (and hence somewhat long-winded and rambling)
but anyway..here it is for anyone interested...
http://www.classic-computers.org.nz/blog/2009-08-30-vintage-viruses.htm

Terry (Tez)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[ethan]

 Memory protection does not protect you from a virus.  It can protect other
running processes from being modified (if they belong to other users they
can't be infected at all; other processes owned by the user it's possible,
depending upon the system [1]) but that's it.
 -spc


Sorry, I was thinking back to the finger file from the ID software guy 
talking about how horrible MacOS was, not from the perspective of 
preventing viruses.


I suppose Apple was early in the networking game with Appletalk but not 
sure if the viruses ever made use of it.


( I grew up Atari -> PC )


--
Ethan O'Toole

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Sean Conner]

It was thus said that the Great et...@757.org once stated:
> 
> Early Macs definitely had viruses, a few that I got from thrift stores
> still have the viruses on them. I don't think there is any memory
> protection at all. Software selection for MacOS was pretty crappy, and it
> was hard to get under the hood. So protecting yourself from them would be
> very difficult on the Mac platform. All the file fork BS, dev tools hard
> to get. Also, just like the iPhone pretty much everything was
> shareware/commercial, less community stuff than the PC. I feel bad for the
> people that grew up on MAcOS versus MS-DOS.

  Memory protection does not protect you from a virus.  It can protect other
running processes from being modified (if they belong to other users they
can't be infected at all; other processes owned by the user it's possible,
depending upon the system [1]) but that's it.

  -spc

[1] I would say "yes" in general---you do have to be able to debug your
own programs and thus, intercept and modify a running process (at
the very least, to set a break point).

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Sean Conner]

It was thus said that the Great allison once stated:
> On 10/23/2016 09:15 PM, Mouse wrote:
> >> My favorite formatter was my S100 crate with CP/M, [it's] impossible
> >> to give a single user OS without background processing a virus.
> > I disagree.  I see nothing about "a single-user OS without background
> > processing" that would prevent a virus from infecting other programs,
> > even including the OS, when it's run, and potentially doing something
> > else as well.
> >
> > Perhaps you are using some meaning of "virus" other than "piece of
> > software that infects other software to propagate itself"?  That's the
> > only meaning that makes any sense to me.
> >
> Its highly unlikely as first it would have to install itself and do so
> without corrupting the OS. CP/M-80 is a machine monitor with a file system
> and lacking most of the usual read the disk and "do something" automation. 
> The only automation in CP/M is logging a drive which is reading the
> directory and mapping used blocks. So the initial load would have to be
> performed by the user.  Trogan maybe, social engineered for sure, virus
> no.  The key is you have to actually execute a file for action to happen. 
> In CP/M you can disk dump sectors and never execute them, formatting is
> even more benign, the disk is never read save for a post format verify.

  MS-DOS had CP/M at its heart, and it had its fair share of virii (viruses? 
What is the plural of a computer virus?).  The discussion Liam linked to
(https://groups.google.com/forum/#!topic/comp.os.cpm/V1-zYzA6Uzg) seems to
echo my own thoughts here---technically, it's possible, but not probable due
to the resource constraints (mainly memory) inherent in CP/M.  There is
nothing that also requires a virus to run a background process---it can
certainly modify the existing program to infect other programs, but again,
on CP/M because of the contrained resources (and lack of speed) such actions
might be noticed by the user.

  And in my experience [1] most viruses would infect executable programs and
it wasn't until Windows, when Microsoft went out of its way to find any form
of code in any file type and execute it, did viruses start infecting other
types of files (at first, I didn't believe reports of viruses spreading via
JPEGs, but yup, it was true.  Thanks, Microsoft!).

  -spc 

[1] Never got any in my day-to-day activities, but there was an outbreak
at the university I attended in the late 80s.  I managed to snag an
example and decompile it.  I have no idea what virus it was, but I
think I still have a copy in my floppy archives somewhere.

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 24 October 2016 at 20:20, Cameron Kaiser  wrote:
> - Yes, classic Macs did get viruses. But as a user of a classic Mac since
>   1987, I think I encountered one exactly once and my experience was not
>   unusual. They just weren't all that common and nearly everyone ran Virex
>   anyway until Mac OS 8 days when the platform had little or no relevance to
>   virus authors.


What, really? Wow. You were lucky!

I never owned a Mac of my own 'til my "Road Apple" Performa 5200...

http://lowendmac.com/1995/performa-5200/

... in about '96, thanks to Apple's "Platform Club" for UK journos.

However, in the preceding nearly-a-decade, I supported & maintained
plenty of 'em. Virus infections were plentiful, by a wide variety of
viruses, and there were a wide variety of anti-virus apps in use.
Symantec Antivirus for Macintosh -- SAM -- was the most common
commercial one, but there were others. Virex and Disinfectant were the
most common freebies. There were both disk and file viruses, as well
as Trojans.

And when Mac Office 98 came along, there were macro viruses too.

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 24 October 2016 at 18:58,   wrote:
> Software selection for MacOS was pretty crappy, and it was hard to get under
> the hood.


That's not my experience, TBH. Big, great S/W range, shareware and PD,
hard_er_ but still possible to get under the hood.


-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 24 October 2016 at 04:03, allison  wrote:
> Its highly unlikely as first it would have to install itself and do so
> without corrupting the OS.
> CP/M-80 is a machine monitor with a file system and lacking most of the
> usual
> read the disk and "do something" automation.  The only automation in CP/M
> is logging a drive which is reading the directory and mapping used blocks.
> So the initial load would have to be performed by the user.  Trogan maybe,
> social engineered for sure, virus no.


It's been discussed and there are /claims/ they existed...

https://groups.google.com/forum/#!topic/comp.os.cpm/V1-zYzA6Uzg

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 24 October 2016 at 03:15, Mouse  wrote:
>
> I disagree.  I see nothing about "a single-user OS without background
> processing" that would prevent a virus from infecting other programs,
> even including the OS, when it's run, and potentially doing something
> else as well.

Exactly. This. I agree. MS-DOS was a single-user OS without background
processing, but it had legions of viruses.

I don't think CP/M had TSRs as such...

https://en.wikipedia.org/wiki/CP/M#TSR_.28Terminate-and-Stay-Resident.29_programs

... but that doesn't mean it was totally impossible to get into RAM
and stay there, does it?

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 23 October 2016 at 19:12, Fred Cisin  wrote:
> But, I was explicitly referring to the time BEFORE OS-X!  (<1999?)

Ahh, well, that's entirely fair then.

> Assholes who proclaimed themselves to be "experts" kept pushing our college
> administration to SWITCH ALL of our our student computer labs from PC to
> Mac, mostly using the LIE that "Macs are immune to viruses".

That's... well, yeah, asshattish. Anyone who knew the Mac knew of
viruses. They were a real problem.

> But, we stuck to 80-90% PCs.
> 1) We had a dozen Macs (mostly SE?) and 5 dozen PCs.  We were getting higher
> incidence of viurses on the Macs than the PCs, due to student disks.

Can easily believe that.

> 2) At the time, certain key pieces of software that we needed (such as COBOL
> and FORTRAN compilers) were not as readily available on Mac.

[Nod] Or they were seriously expensive.

> 3) We had only needed a tiny handful of machines with performance.
> PC-DOS, Win3.1, and Win95 on 386SX were PERFECTLY suited for homework of
> programming classes.  (small homework assignments, NOT all day production!)

Win 3.1 on a 386SX, no problem.

Win 95 on a 386SX: sheesh. You'd need the patience of a saint.

Early in my time at PC Pro magazine, I actually benchmarked 95 versus
Wfwg on a 386 with 4MB. We had to hunt for a PC that old, and borrowed
it from a friend of the editor.

Amazingly, app loading was a hair quicker -- 95 had smarter cache
management. But it wasn't fast.

> Think about anybody who would claim to NEED performance to write "Hello,
> world".  And low performance created BETTER sort programs, by NOT giving the
> opportunity to "throw hardware at it".

True.

> Even the "remedial job training for the digital sweatshop" classes

[Chuckle]

> (WordPervert, Lotus, dBase, Weird, Office)

[Guffaw]

> were well suited for a large
> number of 386SX machines.

Yep, guess so!

> 4) At the time, one dozen Macs cost us as much as five dozen PCs! List
> prices for Macs might have been close to list prices of OEM PCs from IBM,
> but we were willing to run cheap generic clones, and assemble them
> ourselves.  THAT was significant, when you have a lab FULL of students (and
> rarely a waiting queue).

Oh my yes.

And they were, $ for $, significantly more expensive in the UK than Stateside.

> But, by about the time that OS-X came out, enough students had their own
> machines that we no longer needed as many.
> Our administration ceased having the Computer Information Systems department
> run the labs for Business, Math, etc., and hired IT (mostly grossly
> incompetents from "trade schools").  They were no longer "our labs".
> Machines started being down for a week or two for a bad floppy or need for
> Windoze reinstallation, waiting for IT to get around to them.

:-(

C21 IT. Everyone raves about it. I'm considered a weirdo for saying
some things were better before.

> They hired an extremely expensive outside firm ("because they are experts",
> and because the college "IT" had no idea how to do it!) to run a public
> domain test program for Y2K compatibility, and dumpstered the few machines
> that would have had to have their date manually set [ONCE!] after Y2K.

Well, TBH, I did some of that consultancy myself. I didn't dump any
kit though. Some clients took the chance to refresh their whole
office, and I made sure the old boxes were re-homed or given to
charity.


-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 23 October 2016 at 18:03, Electronics Plus  wrote:
> I used to have factory original CD install disks from Zip drives, but I threw 
> them all out, because they were all infected with viruses. Iomega was kind 
> enough to send me clean install disks, after I mailed them back one of the 
> infected disks. That prompted a huge recall, back in the 90s.

Wow! I never heard about that one!

I did hear of other such instances, though. And more recently,
at-the-factory-infected USB sticks and digital picture frames.

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Fred Cisin]

On Mon, 24 Oct 2016, et...@757.org wrote:
I *DO* remember that in the local BBS wars, people who were toying with 
MS-DOS viruses would make them then submit them to the AV companies to get 
them on "the list." The huge list of viruses that the software would defend 
against. But in reality, they were never in the wild.


At the time of the "Michelangelo" panic, it did not appear to be in the 
wild.  (ZERO of the "hundreds" of disks destroyed during scanning at UC 
Berkeley student computer labs were retained for analysis)
The AV companies had copies, and they provided them to each other 
and to the media.  It wasn't until later that copies started to leak out 
into the wild.  In fact, we speculated that what was being found were 
wannabe variants, created from "Stoned", and INSPIRED by and after the 
panic.
The ones that we finally ran into were blatently obviously simply slightly 
modified versions of "Stoned", but THAT aspect was never mentioned by the 
AV companies nor the media during the panic.



Oh and the local guy that was involved at a high level with the DOS Virus 
group, he said at a party that had a bunch of DOS virus authors John 
MacAffee was there partying with them. No proof and he probably wouldn't 
admit saying that today (was told to me in the early 2000s).


Wouldn't be surprising.  I knew one fellow, with journalistic ties, who 
partied with both groups.  He threw a Comdex party at the Landmark Hotel 
with a lot of strange people.


There were rumors at the time, that McAfee was involved in creating 
"Michelangelo" and the panic.  But, until there is some evidence, I would 
give him the benefit of the doubt; and there's no way to ask him now (he's 
currently a murder suspect fugitive).




Creation of the "Michelangelo" variants that we saw did not require any 
expertise, just some disassembly of "Stoned" and some trivial patching.

Creation of the PANIC was an impressive feat of showmanship.

THAT (creation of the "Michelangelo" panic), and Harold Hill of Meredith 
Wilson's "Music Man" ("You've got TROUBLE, right here in River 
City") really helped train a lot of people how to make money off of Y2K.
The college probably spent more than $300 average PER MACHINE testing and 
preparing for Y2K!  (Since there were friends and relatives of upper 
officials working with the contractors, exact amounts spent were not 
clearly revealed)



--
Grumpy Ol' Fred ci...@xenosoft.com

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Cameron Kaiser]

> Early Macs definitely had viruses, a few that I got from thrift stores 
> still have the viruses on them. I don't think there is any memory 
> protection at all. Software selection for MacOS was pretty crappy, and it 
> was hard to get under the hood. So protecting yourself from them would be 
> very difficult on the Mac platform. All the file fork BS, dev tools hard 
> to get. Also, just like the iPhone pretty much everything was 
> shareware/commercial, less community stuff than the PC. I feel bad for the 
> people that grew up on MAcOS versus MS-DOS.

Lest this turn into another chapter in Mac vs DOS:

- Yes, classic Macs did get viruses. But as a user of a classic Mac since
  1987, I think I encountered one exactly once and my experience was not
  unusual. They just weren't all that common and nearly everyone ran Virex
  anyway until Mac OS 8 days when the platform had little or no relevance to
  virus authors.

- You may not have had a command line, but it was perfectly possible to get
  under the hood. You could mess with resources in MacsBug or ResEdit, shuffle
  INITs and CDEVs, whatever you like. Such tools were easy to get and freely
  available. Whether you *liked* the resource/data fork split is a matter of
  preference but they certainly didn't prohibit mucking around by the
  knowledgeable and the structured nature of the resource fork in some ways
  makes it easier.

- No, pretty much everything was *not* just shareware/commercial. Look at
  UMich or Info-Mac for a nearly total refutation of your statement. Freeware
  existed in quantity commensurate with the platform's penetration and Apple
  certainly did not discourage it in those days. I have mirrors of them which
  you can check out:

gopher://gopher.floodgap.com/1/archive

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Art is either plagiarism or revolution. -- Paul Gauguin 

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[ethan]

But, I was explicitly referring to the time BEFORE OS-X!  (<1999?)
Assholes who proclaimed themselves to be "experts" kept pushing our college 
administration to SWITCH ALL of our our student computer labs from PC to Mac, 
mostly using the LIE that "Macs are immune to viruses".


Jumping in here late. When I was much younger I remember being on BBSes 
that were H/P/A/V (Hacking, Phreaking, Anarchy and Viruses.) The first 3 
just being old textfiles that are lovingly preserved by people like Jason 
Scott. We had a local guy that shook up the DOS Virus group NuKE. Later he 
became a coworker.


Early Macs definitely had viruses, a few that I got from thrift stores 
still have the viruses on them. I don't think there is any memory 
protection at all. Software selection for MacOS was pretty crappy, and it 
was hard to get under the hood. So protecting yourself from them would be 
very difficult on the Mac platform. All the file fork BS, dev tools hard 
to get. Also, just like the iPhone pretty much everything was 
shareware/commercial, less community stuff than the PC. I feel bad for the 
people that grew up on MAcOS versus MS-DOS.


I *DO* remember that in the local BBS wars, people who were toying with 
MS-DOS viruses would make them then submit them to the AV companies to get 
them on "the list." The huge list of viruses that the software would 
defend against. But in reality, they were never in the wild. I think there 
was at least 8 of these from one author who was just a bored Navy guy. So 
take the # of viruses with a grain of salt. But BBSes did have collections 
of them, and I'm sure you can still find the huge zip files of them 
somewhere.


There were utilities like Virus Creation Lab that had checkboxes and would 
crap out assembly code or something that you would then take the output 
over to MASM or the Borland Assembler and compile. So who knows how many 
of the DOS viruses came from this.


I remember doing a lot of BBSing, and trading stuff with friends and never 
saw a virus. There was a case where the computers at Sears had the stoned 
virus or something and everyone in the area was excited to go over there 
and get a disk infected with it.


Of course BBSes always had the virus scan door. Ahhh fprot. And also the 
zip files that never stop expanding :-)


Oh and the local guy that was involved at a high level with the DOS Virus 
group, he said at a party that had a bunch of DOS virus authors John 
MacAffee was there partying with them. No proof and he probably wouldn't 
admit saying that today (was told to me in the early 2000s).

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[allison]

On 10/23/2016 09:15 PM, Mouse wrote:
>> My favorite formatter was my S100 crate with CP/M, [it's] impossible
>> to give a single user OS without background processing a virus.
> I disagree.  I see nothing about "a single-user OS without background
> processing" that would prevent a virus from infecting other programs,
> even including the OS, when it's run, and potentially doing something
> else as well.
>
> Perhaps you are using some meaning of "virus" other than "piece of
> software that infects other software to propagate itself"?  That's the
> only meaning that makes any sense to me.
>
> /~\ The ASCII   Mouse
> \ / Ribbon Campaign
>  X  Against HTML  mo...@rodents-montreal.org
> / \ Email! 7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
>
Its highly unlikely as first it would have to install itself and do so
without corrupting the OS.
CP/M-80 is a machine monitor with a file system and lacking most of the
usual
read the disk and "do something" automation.  The only automation in CP/M
is logging a drive which is reading the directory and mapping used blocks.
So the initial load would have to be performed by the user.  Trogan maybe,
social engineered for sure, virus no.  The key is you have to actually
execute
a file for action to happen.  In CP/M you can disk dump sectors and never
execute them, formatting is even more benign, the disk is never read save
for a post format verify.

There is no boot block save for system tracks and even then the OS is not
wired to write them without a utility so other than boot in rom(usually)
its kinda hard to pollute the disk though powering off with it in the
drive usually
will kill a sector making it unreadable.

There are many other OSs that equally as crude such as Northstar Dos or
for that
fact OS/8.  Old machines do not evaluate like current winders, linux,
OSX in that
perspective.

The extreme opposing end of the spectrum is a VAX running VMS/OVMS the
level of protection is high enough that you would spend much time and
effort to
find the way to get something above the user account level.   In that
case you
can pollute your self maybe share with friends assuming you don't user
crash first.


Allison

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[allison]

On 10/22/2016 01:36 PM, Ali wrote:
>>> I didn't think modern A/V products included complete historical sets
>>> of signatures. I
>>
>> I would certainly expect them to, yes!
>
> Just wondering are you guys not running AV SW on your old HW? I personally 
> run period specific AV SW on my older machines. Granted I have mostly IBM 
> 51xx series machines and later Macs so AV SW is easier to find. 
>
 If its a PC and running M$ it has it...  I don't collect them but have
a few oldies for the utility they present.
Even the mainstay PCs in use are linux based.  For those times I need
winders VMware/Openbox virtualization
keeps it well contained.

The rest of the hardware is DEC PDP-8f, Qbus PDP11s (11/03 through
11/73) and Qbus VAX plus 3100series.
The S100 gear runs CP/M as do the 8080/8085/z80 SBCs so no risk there
the remainder are odd things like
IMSAI 3035 control computer Ti9900, 6502 and others that virus/trogans
mean nothing.  I can't Imagine
malware for my AmproLB+ or Kaypro4/84  would look like.  In general if
its not internet connected its  very
low risk and if it can't run M$ OS on intel its even less risk.When
I find a bug using the PDP-11 running RT11
or the Vax running VMS makes it really easy to dissect the code without
worry of it escaping.

For those times I wish to visit a site that is flagged as dropping
malware using an expendable virtual machine
(copy of one) has proven both safe and handy. 


Allison

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Mouse]

> My favorite formatter was my S100 crate with CP/M, [it's] impossible
> to give a single user OS without background processing a virus.

I disagree.  I see nothing about "a single-user OS without background
processing" that would prevent a virus from infecting other programs,
even including the OS, when it's run, and potentially doing something
else as well.

Perhaps you are using some meaning of "virus" other than "piece of
software that infects other software to propagate itself"?  That's the
only meaning that makes any sense to me.

/~\ The ASCII Mouse
\ / Ribbon Campaign
 X  Against HTMLmo...@rodents-montreal.org
/ \ Email!   7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Mouse]

>>> [...anti-virus...]
>> [...]
> Just wondering are you guys not running AV SW on your old HW?

I am not.

But then, because of my interests, the old hardware I keep is stuff
like Sun SPARCs that are powerful enough to run a real operating
system.  These are (a) inherently invulnerable to most of the malware
(including viruses) out there because they're not x86 Windows and (b)
difficult to attack with targeted malware because they are real OSes
with real interprocess protection, file protection, and the like.

Probably not impossible; all nontrivial software has bugs.  But I have
no reason to think I'm likely to be targeted by anyone with the
resources (= skills, mostly) to effectively attack my OSes.  And I'm
familiar enough with their operation that most successful malware is
likely to be noticed relatively soon.  And if I am somehow targeted by
the likes of letter agencies, there are much weaker links in the chains
for them than the things malware attacks.  And "AV SW", even if someone
produced one that ran on what I run and I were willin gto run it,
generally isn't going to notice custom-designed malware anyway.

/~\ The ASCII Mouse
\ / Ribbon Campaign
 X  Against HTMLmo...@rodents-montreal.org
/ \ Email!   7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

RE: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Electronics Plus]

-Original Message-
From: cctalk [mailto:cctalk-boun...@classiccmp.org] On Behalf Of Liam Proven
Sent: Sunday, October 23, 2016 9:37 AM
To: General Discussion: On-Topic and Off-Topic Posts
Subject: Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 
system?

On 22 October 2016 at 21:21, Fred Cisin <ci...@xenosoft.com> wrote:
> On Sat, 22 Oct 2016, Liam Proven wrote:
>>
>> :-)
>> A good 5-6y or more ago I restored an old Mac Classic II a friend 
>> gave me. I got it dual-booting System 6.0.8 and 7.1 and had both of 
>> them online via an Asanté EtherSCSI interface. To do this involved 
>> downloading a lot of ancient Mac software on my B G3 under OS X, 
>> and putting it on Zip disk, then putting the Zip media in the Classic 
>> II's SCSI Zip drive.
>> One of the Systems on the Classic was repurposed from another Mac and 
>> included some ancient Mac antivirus program -- I forget which one, 
>> maybe Disinfectant. I was glad of it, though, as it triggered and 
>> found one of my downloads was infected with an equally ancient Mac 
>> virus.
>
>
> But "Marketing" convinced the public that Macs were IMMUNE TO GETTING
> VIRUSES!:-)


No no no -- hang on.

Classic MacOS was appallingly vulnerable. It had no user-account security at 
all, and every disk had a tiny bit of code read and executed when it was 
mounted, AIUI, to customise the icon etc.

Personal computer viruses more or less originated on the classic Mac.

But OS X is effectively immune to all of them, and AFAIK there are no true 
viruses for OS X even now. But you need to use a narrow strict definition. 
There are many Trojans, but they need to social-engineer or trick the user into 
agreeing, clicking OK and entering a password.
That's not a virus if it requires user interaction to propagate.

Ditto there are sploits and worms that attack OS X servers, but since OS X 
servers are fairly rare, so are the sploits. And OS X has a much-modified 
FreeBSD userland underneath it, and some of those componets are vulnerable too.

So it's a bit of a hair-splitting argument.

What it is _not_ is plain marketing lies, such as "Windows NT is a microkernel".

--
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

I still have sealed packs of installation software for very early laptops with 
DOS. Some of them probably have the Stoned virus on them. I used to have 
factory original CD install disks from Zip drives, but I threw them all out, 
because they were all infected with viruses. Iomega was kind enough to send me 
clean install disks, after I mailed them back one of the infected disks. That 
prompted a huge recall, back in the 90s. I remember seeing web screens in the 
early 2000s from viruses; one was a picture of Zeus holding a lightning bolt 
with the caption "Watch out for Zeus, he will kick your ass!" Another was a 
picture of the old Kilroy was here, but had the caption of Kiljoy was here. 
Kiljoy would stay on for about 5 seconds, and then gradually all the network 
services would be stopped and then deleted from the computer.

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 22 October 2016 at 21:21, Fred Cisin  wrote:
> On Sat, 22 Oct 2016, Liam Proven wrote:
>>
>> :-)
>> A good 5-6y or more ago I restored an old Mac Classic II a friend gave
>> me. I got it dual-booting System 6.0.8 and 7.1 and had both of them
>> online via an Asanté EtherSCSI interface. To do this involved
>> downloading a lot of ancient Mac software on my B G3 under OS X, and
>> putting it on Zip disk, then putting the Zip media in the Classic II's
>> SCSI Zip drive.
>> One of the Systems on the Classic was repurposed from another Mac and
>> included some ancient Mac antivirus program -- I forget which one,
>> maybe Disinfectant. I was glad of it, though, as it triggered and
>> found one of my downloads was infected with an equally ancient Mac
>> virus.
>
>
> But "Marketing" convinced the public that Macs were IMMUNE TO GETTING
> VIRUSES!:-)


No no no -- hang on.

Classic MacOS was appallingly vulnerable. It had no user-account
security at all, and every disk had a tiny bit of code read and
executed when it was mounted, AIUI, to customise the icon etc.

Personal computer viruses more or less originated on the classic Mac.

But OS X is effectively immune to all of them, and AFAIK there are no
true viruses for OS X even now. But you need to use a narrow strict
definition. There are many Trojans, but they need to social-engineer
or trick the user into agreeing, clicking OK and entering a password.
That's not a virus if it requires user interaction to propagate.

Ditto there are sploits and worms that attack OS X servers, but since
OS X servers are fairly rare, so are the sploits. And OS X has a
much-modified FreeBSD userland underneath it, and some of those
componets are vulnerable too.

So it's a bit of a hair-splitting argument.

What it is _not_ is plain marketing lies, such as "Windows NT is a microkernel".

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Philip Pemberton]

On 22/10/16 20:21, Fred Cisin wrote:
> But "Marketing" convinced the public that Macs were IMMUNE TO GETTING
> VIRUSES!:-)

And "Engineering" (aka some teenager playing on their parents' Mac)
decided to convince Marketing that they were wrong?

And the whole scene unfolds with a tedious inevitability...

;)

Cheers,
-- 
Phil.
classic...@philpem.me.uk
http://www.philpem.me.uk/

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Sam O'nella]

I wouldn't dismiss it if you're using images or any used software. Yes some 
platforms are more susceptible than others but unless you have no hard drive, 
power your system off after every use, and never switch disks while system is 
running it's still something that can infest your originals or archive.
Dan's great collection of cpm is a good example of something that ended up 
passed around the community and had a few infected images.  Depending on 
whether it's a file, boot sector, MBr or TSR it will different and potentially 
detrimental impact.
I stopped archiving my Amiga disks but at a place I worked that had Amiga 
systems some kids brought in lots of games (some cracked) and while we didn't 
allow that it was spring break and they had finished their work. What's the 
worst that could happen? Kids slowly starting to walk up and say their computer 
says it's infected with a virus.
Probably one disk but who knows how many were infected after that. Took me 
longer just to find an antivirus for the Amiga than to get the systems cleaned 
lol but still, an unexpected pain.
One of the best preventative methods if the software doesn't need to write to 
the originals is write protect the floppy.  But buying used, who knows if the 
previous owner was computer savvy or safe.
 Original message From: Steven M Jones 
Well, glad to hear there's nothing to worry about. 

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Fred Cisin]

On Sat, 22 Oct 2016, Liam Proven wrote:

:-)
A good 5-6y or more ago I restored an old Mac Classic II a friend gave
me. I got it dual-booting System 6.0.8 and 7.1 and had both of them
online via an Asanté EtherSCSI interface. To do this involved
downloading a lot of ancient Mac software on my B G3 under OS X, and
putting it on Zip disk, then putting the Zip media in the Classic II's
SCSI Zip drive.
One of the Systems on the Classic was repurposed from another Mac and
included some ancient Mac antivirus program -- I forget which one,
maybe Disinfectant. I was glad of it, though, as it triggered and
found one of my downloads was infected with an equally ancient Mac
virus.


But "Marketing" convinced the public that Macs were IMMUNE TO GETTING 
VIRUSES!:-)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Steven M Jones]

On 10/21/2016 18:22, william degnan wrote:
> 
> Stoned Monk is still detectable by modern anti virus software, 25 or
> whatever years later, at least last time I tested using a win 7 machine.
> So, that was maybe 4 or 5 years ago.

Well, glad to hear there's nothing to worry about. Like I said, not an
area I've had to deal with (not since the 80s/early 90s, anyway).

Thanks for indulging me.
--S.

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[allison]

On 10/21/2016 09:43 PM, Fred Cisin wrote:
>
> Certain college administrators declared that every machine that was
> infected would have to be destroyed; "it is impossible to remove the
> virus".  Have I mentioned a colleague whom they tried to terminate for
> removing machines from dumpsters?
> At UC Berkeley, agressive scanning was done in student computer labs,
> and "hundreds" of infected disks were found and DESTROYED.  ZERO
> copies were retained for ANY analysis.  Nor was even a count kept, nor
> followup to try to get students with infected disks to scan their home
> machines. 
Fred,

You nailed it, panic in the streets by people that should know better.

Back when I always though he was a criminal and behind it.

Also if anyone destroyed a drive or media with it it was out of shear
stupidity as a wipe/reformat
was all that was needed as the boot-block was not special it was just
another block on the media.
Floppies with it were bulk erased and reformatted.

My favorite formatter was my S100 crate with CP/M,  Its impossible to
give a single user OS
without background processing a virus.

I got a lot of free drives around then.  A few are still in use.

Allison

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[william degnan]

On Oct 21, 2016 8:30 PM, "Steven M Jones"  wrote:
>
> On 10/21/2016 14:15, william degnan wrote:
> > Any disk or archive you come upon from the early 90's should be scanned
for
> > viruses before use on a vintage machine.  USe a modern PC as it's no
biggie
> > to clean old viruses that way.  Scan before you use on an older machine,
> > scan inside of ZIP files not just the zip itself.  There were three
viruses
> > that I found years ago on the most-often seen Maslin archive set.  Old
> > stuff that's not an issue for modern machines.
>
> I didn't think modern A/V products included complete historical sets of
> signatures. I'm sure they can deal with ancient, simple bootloader
> infections and such, but at some point I'd be concerned there's a gap
> where something might be too new to be detected by the simplest
> heuristics, but too old for a more sophisticated signature to be in your
> common modern products.
>
> But this isn't something I've had to deal with. Is this an imagined
> problem, or has somebody run into this?
>
> Thx,
> --S.
>

Stoned Monk is still detectable by modern anti virus software, 25 or
whatever years later, at least last time I tested using a win 7 machine.
So, that was maybe 4 or 5 years ago.

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 22 October 2016 at 19:36, Ali  wrote:
>
> Just wondering are you guys not running AV SW on your old HW? I personally 
> run period specific AV SW on my older machines. Granted I have mostly IBM 
> 51xx series machines and later Macs so AV SW is easier to find.
>
> Since I get most of my stuff for these machines from dubious sources (e-bay, 
> garage sales, some random FTP, etc.) I never know what I am getting. So all 
> of my computers run AV of SW of some form. Biggest issue is finding the 
> latest signature DB that works on older versions of the SW. F-Prot had a DOS 
> version available until a few years ago. I am not sure if any of the AV 
> makers still have an up to date AV SW for DOS...


Well, no.

My vintage machines are, TBH, rarely powered on and I'm considering
getting rid of almost everything. I don't have my own house any more.
Most of the collection had gone already. My vague plan is to mostly
restrict it to portable/battery-powered kit from now on -- as they're
much smaller!

For things like Cambridge Z88, Psions, Amstrad NC100, Sinclair
Spectrums etc., it's academic. I'm not aware of either malware or
antimalware for them. Most don't support disk drives anyway -- or as
in the Spectrum, there were dozens and no standard, so software
couldn't adapt and none were so dominant as to be worth targeting.

I don't have more than 1-2 vintage machines able to run DOS or Windows
and mostly wouldn't want to!

The Macs should do, yes -- but then most of those are going, I'm
afraid. I don't have the space any more, and when I did, I never used
them except when fixing them up to sell. :-(

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

RE: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Ali]

> > I didn't think modern A/V products included complete historical sets
> > of signatures. I
> 
> 
> I would certainly expect them to, yes!


Just wondering are you guys not running AV SW on your old HW? I personally run 
period specific AV SW on my older machines. Granted I have mostly IBM 51xx 
series machines and later Macs so AV SW is easier to find. 

Since I get most of my stuff for these machines from dubious sources (e-bay, 
garage sales, some random FTP, etc.) I never know what I am getting. So all of 
my computers run AV of SW of some form. Biggest issue is finding the latest 
signature DB that works on older versions of the SW. F-Prot had a DOS version 
available until a few years ago. I am not sure if any of the AV makers still 
have an up to date AV SW for DOS...

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 22 October 2016 at 18:54, Terry Stewart  wrote:
> My copy of AVG detected the stoned virus on an old floppy on my WinXP
> machine a couple of years ago.


:-)

A good 5-6y or more ago I restored an old Mac Classic II a friend gave
me. I got it dual-booting System 6.0.8 and 7.1 and had both of them
online via an Asanté EtherSCSI interface. To do this involved
downloading a lot of ancient Mac software on my B G3 under OS X, and
putting it on Zip disk, then putting the Zip media in the Classic II's
SCSI Zip drive.

One of the Systems on the Classic was repurposed from another Mac and
included some ancient Mac antivirus program -- I forget which one,
maybe Disinfectant. I was glad of it, though, as it triggered and
found one of my downloads was infected with an equally ancient Mac
virus.

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Terry Stewart]

> I used to work for AVG; I can ask if you like.

My copy of AVG detected the stoned virus on an old floppy on my WinXP
machine a couple of years ago.

Terry (Tez)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Liam Proven]

On 22 October 2016 at 00:05, Steven M Jones  wrote:
> I didn't think modern A/V products included complete historical sets of
> signatures. I


I would certainly expect them to, yes!

I used to work for AVG; I can ask if you like. But yes. Also, they
include malware signatures from other systems, in case of attachments
etc. which can't infect the host machine but could if passed on to one
of the target OS.

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.uk • GMail/Twitter/Facebook/Flickr: lproven
Skype/MSN: lpro...@hotmail.com • LinkedIn/AIM/Yahoo: liamproven
Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)

Re: Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[william degnan]

>
> John McAfee predicted that 5 million computers would be wiped out.
> The press were called in.
>
> On March 6, there were apparently DOZENS of drives wiped.  Few, if any
records kept to verify numbers.
> McAfee, as expected, took full credit, and declared that the REASON why
it was dozens, instead of millions, was because his warnings were heeded.
>
> Six months later, when he took his company public, he raised 42 million
dollars.
>
> He is currently a fugitive as the "prime suspect" in the murder of his
neighbor in Belize  (apparently NOT virus related)
>
>

Side note...maybe 6 or 12 months before the big virus scare I called McAfee
on the phone and spoke with him about a virus I found on a GRID laptop that
I found was copied to 4000 similar  machines out in the field where I
wokred. He emailed me his latest test iteration of his software, a copy on
a scratch disk.  It was a very early version.  I had no idea of course of
his future, but I was impressed with his software because it was light, no
install disks and he knew his stuff.   We were talking about how to inject
his antivirus prpgram into a program I wrote to update laptops remotely by
modem, and how we could send virus updates via this process.   It was
getting impractical to keep sending me disks and we needed a better way.
You could not buy his software
Viruses were starting to get more numerous.  I don't know if he had just
started his company, it was not public or anything yet.  In fact I got his
number inmformally from a manager at a company called Sales Tchnologies out
of Atlanta, I w as working with their sales tracking program they were
already using my "mass update" system to manage their software and data
updates.  That's where the virus came from.   Fun times all MS DOS based,
btrieve database, Sprint Internet exchange for free phine calls inbound
from anywhehre in the USA... I also remember building and compiling Sales
Tech software version updates on a xerox workstation.  When I left they
offered me the Xerox but I remember thinking what would I ever do with
*that* old piece of junk?  "Well Bill you're the only one who knows how to
use it so we will just throw it away then, are you sure".."yah, my
apartment is too small"

At least that's how I remember it.

Bill

Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

[Steven M Jones]

On 10/21/2016 14:15, william degnan wrote:
> Any disk or archive you come upon from the early 90's should be scanned for
> viruses before use on a vintage machine.  USe a modern PC as it's no biggie
> to clean old viruses that way.  Scan before you use on an older machine,
> scan inside of ZIP files not just the zip itself.  There were three viruses
> that I found years ago on the most-often seen Maslin archive set.  Old
> stuff that's not an issue for modern machines.

I didn't think modern A/V products included complete historical sets of
signatures. I'm sure they can deal with ancient, simple bootloader
infections and such, but at some point I'd be concerned there's a gap
where something might be too new to be detected by the simplest
heuristics, but too old for a more sophisticated signature to be in your
common modern products.

But this isn't something I've had to deal with. Is this an imagined
problem, or has somebody run into this?

Thx,
--S.