<![CDATA[CrisNews #2 - 05/01/94
Reprinted With Permission
By: Cris Research Staff
The Virus Threat
(c) Ian Douglas 1993
Has the threat from viruses started to decline? The number of viruses for the
IBM PC (Intel x86) platform grows daily, but various events are making the IBM
environment safer. (Experts predict around 4000 - 6000 DOS viruses by the end
of 1994.)
Chief amongst these is the move away from DOS to new operating systems. The
trend started with Windows (not really an operating system), and has
accelerated with the advent of a reliable OS/2. Further down the line, there
is Windows NT and UNIX. These environments are very unfriendly for the 3000+
DOS-based viruses. There is a joke that Windows is a good virus detector - if
a Windows file gets infected by a DOS virus, it crashes :-)
There are two known viruses that can infect Windows executables, but none at
present that can infect OS/2 executables. No known DOS viruses can run under
native OS/2, but only in a DOS session. Also, the constant upgrades to DOS
itself prevent some viruses from working altogether.
There are three main areas of virus spread: Large businesses, educational
institutions, and swopping disks among friends. Many large business are moving
to OS/2, others will move to Windows NT. In both cases, they are cutting out
an important vector of virus spread. I foresee that educational institutions
will also move to these new operating systems in the near future. The market
will demand students trained in them. This will once again cut out a major
vector for virus spreading.
That leaves the average user, still running DOS. His has less chance of
getting a virus, since the two main vectors are being cut out. The most common
viruses are boot sector infectors, like Stoned. While these may be able to
infect a machine running OS/2, they will not spread from such a machine.
The other interesting development has been in the underground. In the race to
create the super-duper type viruses, they have been trying to write complex
viruses. These take longer to write and are usually more buggy. Thus they make
fewer viruses. In order to brag, they publish the viruses in electronic
magazines, and make them available for download on virus exchange BBS's. This
means that they end up in the hands of anti-virus authors, before they have
had a chance to spread widely. Thus the AV authors soon include detection, and
the virus does not spread very much.
Many virus exchange BBS's have mostly junk (virus wannabe's) available. Since
the person downloading it only finds out afterwards, the spread of viruses
from these BBS's is not as bad as it might have been.
There also seems to be a growing maturity amongst some members of the
underground, leading to fewer virus writers and viruses. Hopefully, they will
ALL grow up soon.
Cheers, Ian
]]>