On Sat, 27 Jan 2001 14:31:38 -0700, Bob George wrote:
>> I run DR-DOS. in single tasking mode. no background, nothing for a
>> virus running on netware to get into.
> Yet DR-DOS remains vulnerable to virus attacks, no? Pop in a diskette
> infected with a boot-sector virus, and you're still vulnerable even BEFORE
> the OS loads. And others were equally effective, weren't they? My only point
> is that a single-tasker isn't somehow immune, and usage dictates
> vulnerability on most single-taskers.
"pop in a diskette", or run an infected program. but in dos email
the incoming are not recognized as 'executables' by dos. You can put
something in your download directory, and if such a downloaded file
is infected, you got a problem. But to be posted as an executable in
the first place, as at SIMTEL, it is subjected to virus scans. And in
the dos os, which is so simple, there are very few, and easily
recognized interrupts which write to a drive. The robusticity of dos
virus scans is vastly better.
but if all you do is look at attachments... the dos browser does not
execute, but only open for display on the screen, as a JPG. At best a
corrupted image would crash the software. No way could an attachment
infect a system unless you purposly tried to run it at the dos CLI.
> Not to get off on an old theme, but I don't equate saboteurs with heroes of
> any sort. On any platform.
Nor I. Nor are all former Microsoft programmers unethical, or less so in
the open source movement. but Microsoft has made a lot of enemies who
would pay well for winx source code, which might be sold without any
nefarious purpose apparent. More particularly, those enemies have
cracked into Microsoft headquarters, and downloaded an unknown amount of
source code and corporate secrets. I have no way of evaluating what the
risk is, but the plethora of viruses every week gives me pause.
>> You cannot do this with an 'open source' operating systems like Linux
>> or DR-DOS.
> I wasn't aware that DR-DOS is Open Source. Is that the case now?
Http://www.caldera.com bought the rights to DR-DOS. They usta list it
as a download, IIRC, fee based. I think you might be able to find the
earlier, 7.02 version of the sourcecode with the OS itself online.
After download, and unzipped, there is a utility which will burn the
MBR on a floppy for clean boot regardless of what your current OS is.
If sabotage software is going to function, it hasta be inserted into
the OS kernel or some other executable. Only when code is executed
can the sabotage software piggy back on and run.
If the OS is open source, then there is a copy of that kernel which
you can download. Any sabotage would be a variation in that string
of bytes, and can easily be detected... if you have a standard open
source kernel to compare. You cant get that with winx.
Open source is out there, chapter, verse, and byte. Because it is all
out there for peer review, it hasta be laid out in a rational fashion.
I've looked around in proprietary software; routinely it is chaotic
because they leave all the breakpoints in, and all the error testing
subroutines. It's like carpenters who build a house, and soon as they
are done, slam the door and split... leaving lumber scraps out in the
hallways, nails all over the floor, plumbing tools in the bathroom,
and ductape on the furnace. When you see that shit, you have some
clue as to what they were doing, but you dont have a blueprint.
but if I presented that crap to my programming professor, and he was
competent enough to know good work, he'd give me an 'F'. All that
crap takes up room, and you are never quite sure that a glitch of
some kind might not fire up a tool, and cut a hole thru the floor.
Running a virus scanner over a mess like that is delusional. It hasta
look at every piece of garbage left laying around, and compare that
with a database of shapes. It dont really know that a given piece is
harmless, all it knows is that it dont look familiar. without having
the source code, it cant tell garbage from framework.
uncopywritten- do what you will with it.
-- Arachne V1.68, NON-COMMERCIAL copy, http://arachne.cz/
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
