N
K
kurt wismer
Zvi said:
keep this up and i'm going to wear out the keys on my keyboard that are
involved in typing "argumentum ad hominem"...
so declareth king zvi... now we shall all go forth and spread his gospel...
and neither of which serve as advertising for your non-free products?
this was covered years ago, zvi... your status as a developer/creator
of anti-virus software (of any type) means that you should not be
casting aspersions on the products of other av vendors... not only are
the statements suspect on their face, it reflects poorly on you...
F
FromTheRafters
Zvi Netiv said:
When doing so it is customary to follow with the word "inclusive"
or "exclusive" to denote which you intended. Otherwise you risk
being misinterpreted. This also applies to the lower limit if it is also
ambiguous.
I knew what you meant, despite what you said. :O)
When giving expert advice or opinion, one shouldn't assume what
is common knowledge and allow context to carry the day. To
many, WinME is enough different form the previous, and enough
like the latter, to make your statement misleading.
Z
Zvi Netiv
FromTheRafters said:
Unlike some of the regulars on these groups (what would you put here: yourself
included or excluded?),
I assume that the readers are intelligent.Regards, Zvi
P
Peter
This really is a great thread! I have learned quite a lot,
including how ignorant I am.
The only things that have spoiled the flow are the brief top posting
discussion and the occasional "one-up-manship". Even these have
been interesting to follow.
In many years lurking in NGs this is the thread that I have enjoyed
most. Thank you all.
Peter
including how ignorant I am.
The only things that have spoiled the flow are the brief top posting
discussion and the occasional "one-up-manship". Even these have
been interesting to follow.
In many years lurking in NGs this is the thread that I have enjoyed
most. Thank you all.
Peter
kurt wismer said:
Wrong keywords for the search. ;-) There are more hits for failed disinfection
by AV than successful ones, especially if you limit the search to the last few
years. Nobody would dare having a hernia operation if it had similar mortality
rates to AV disinfection of BSI!
If you suggested FDISK /STATUS before running FDISK /MBR, instead of sending the
poster on a wild goose chase, then the "rule" would now be common knowledge.
Regards, Zvi
S
Shane
Peter said:
Yes, it's a good thread. It's in line for 'Employee of the Month'.
Shane
Z
Zvi Netiv
Peter said:
There are more effective methods to do that: One is crossposting to all groups
where the thread runs, another method is to point the reader to Usenet archives.
Here is where your contribution is kept for posterity.
http://groups.google.com/[email protected]
Regards, Zvi
F
FromTheRafters
Zvi Netiv said:Unlike some of the regulars on these groups (what would you put here: yourself
included or excluded?),
Intelligence is one thing, and knowledge is another. Readers knowledgeable
on the subject will have known what you meant - in fact it would have gone
without saying. If someone asked me to pick a number between 1 and 100,
I would be likely to pick 1 or 100 just because *I* know it is outside the
range that they specified - and yet they would undoubtedly accept my choice
as valid. However, as a programmer, you know that being precise about
what is meant is crucial - and the question would have to be rephrased.
....you could have referred to "New Technology" based OSes and lost many
of the knowledgeable ones.;o)
C
cquirke (MVP Win9x)
[/QUOTE]
Actually, some of the tone has been so unlike what I've come to expect
from Zvi over the years, that I'm ondering if he isn't being forged.
Or he's having a really bad week ;-)
Trsut me, I won't make a mistake!
N
null
Actually, some of the tone has been so unlike what I've come to expect
from Zvi over the years, that I'm ondering if he isn't being forged.
Or he's having a really bad week ;-)[/QUOTE]
You must have a very short memory. This is very tame stuff for Zvi
Art
http://www.epix.net/~artnpeg
K
kurt wismer
cquirke (MVP Win9x) wrote:
[snip]
i think you might be right... hopefully june will provide some better
weeks...
[snip]
i think you might be right... hopefully june will provide some better
weeks...
Z
Zvi Netiv
cquirke (MVP Win9x) said:
No boot virus code from those that I disassembled contained routines that will
autonomously seek for a floppy to infect. Clearly, boot virus writers preferred
to concentrate on infecting the hard drive through their autonomous code. As to
infecting further floppies of the hard drive, here they could count on the OS to
participate in the process.
It isn't sufficient that something is just "perfectly positioned" to happen, it
takes the right conditions for it to actually happen, and aren't fulfilled in
our particular case.
Regards, Zvi
C
cquirke (MVP Win9x)
[/QUOTE]
Nonetheless, the opportunity is there - so I wouldn't want to assume
it won't happen, especially in the context of unknown malware.
Or rather, they might have to work around the OS, as well as av
heuristics. I know that's ben done in Win9x, but to do this in NT, a
more lateral approach may be needed, e.g. trojanize the code that
formats diskettes, or drill into some unrelated code with Ring 0
access (a la Witty) and do it from there.
If an opportunity exists, it's likely to be exploited someday
Sucess-proof your business! Tip #37
When given an NDA to sign, post it on your web site
Z
Zvi Netiv
cquirke (MVP Win9x) said:
No chance it can happen with the known BSI. Prove me wrong and bring one virus
name that will do that! Or perhaps you claim that someone may still write such
virus? ;-) What for?
F
FromTheRafters
Zvi Netiv said:
POC of course.
How to use this virus:
1) Use the BIOS setup program to allow the machine to boot first from
the floppy.
2) Boot the machine with an infected floppy.
3) Use the setup program to allow the machine to boot first from the
harddrive while a new clean writable floppy is in the floppy drive.
4) Reboot the machine so that the harddrive's virus code can infect the
floppy.
5) Bring the floppy to another machine.
6) Repeat.
I'm sure it will be widespread in no time. ;o)
C
cquirke (MVP Win9x)
[/QUOTE]
What for do any viruses get written?
For every virus, there was a time before that virus existed. During
that time, several practices that we'd view as insane today appeared
to be quite safe and appropriate (at least to some).
Pure BSVs, as we know them (i.e. diskette to HD to diskette) are
unlikely to attract new writers, but MBR and PBR are useful places to
be, for certain ojectives. So I do see future malware using these,
tho more likely after entry via some other route.
As part of av-awareness, such malware might attack other boot media
such as diskettes and USB drives. Diskette is easy - there are BIOS
service routines available for use - but USB more of a challenge.
NNA Tech Support, 2037:
"Double-click 'My Silo', click Map..."
N
Norman L. DeForest
What for do any viruses get written?
For every virus, there was a time before that virus existed. During
that time, several practices that we'd view as insane today appeared
to be quite safe and appropriate (at least to some).
Pure BSVs, as we know them (i.e. diskette to HD to diskette) are
unlikely to attract new writers, but MBR and PBR are useful places to
be, for certain ojectives. So I do see future malware using these,
tho more likely after entry via some other route.
As part of av-awareness, such malware might attack other boot media
such as diskettes and USB drives. Diskette is easy - there are BIOS
service routines available for use - but USB more of a challenge.[/QUOTE]
This long thread has left me puzzled. If NT-based versions of Windows
don't allow any low-level access to floppies, how does a Windows NT/2K/XP
user format a floppy disk for use?
F
FromTheRafters
Norman L. DeForest said:
I think that it is only application level software that is denied low-level
access, and I'm not too sure what the OS replaces the BIOS routines
with. Witty apparently found a way to circumvent the barrier between
application and system software, as yet I haven't seen it explained.
Z
Zvi Netiv
cquirke (MVP Win9x) said:On Wed, 09 Jun 2004 18:19:44 +0300, Zvi Netiv
What for do any viruses get written?
For every virus, there was a time before that virus existed. During
that time, several practices that we'd view as insane today appeared
to be quite safe and appropriate (at least to some).
Pure BSVs, as we know them (i.e. diskette to HD to diskette) are
unlikely to attract new writers,
What I have been saying, when you jumped into the discussion.
Regards, Zvi
Z
Zvi Netiv
Norman L. DeForest said:
Formatting floppies under NT uses the Windows own functions that replace the
BIOS interrupt 13h services.
Int 13h calls are denied under NT-based OS only if the destination drive is a
fixed one (i.e. hard drive). Floppies are served.
Regards, Zvi