From: rbauer@ecst.csuchico.edu (Robert Bauer) Subject: Re: viruses? Date: 28 Jun 1993 10:29:18 GMT
>>: Bootsector viruses won't be able to affect Linux, because
>>: a) they won't survive :) (all memory will be set to zero)
>>
>>They can survive if they are quick enough to catch alle
>>interups and getting a timer to move them back again :-)
>
>Nope. Once the processor is in protected mode, interrupts
>are handled through the Interupt Descriptor Table (at an
>arbitrary location in memory) rather than through the table at
>0x0000.
This is irrelevant in at least one case. Although a bootsector
virus may not be allowed to stay resident past bootup, during
the brief period in which it has control it can do whatever
damage it may to the data on the hard disk. Michealangelo (sp?)
for instance will check the date and if the date is correct
(mar 6 I believe) will proceed to merrily trash your disk while
you wait. ALL THIS HAPPENS BEFORE ANY OTHER BOOT CODE IS EXECUTED.
Thus this zeroing of memory and entering protected mode will do
you no good on an infected disk when the 'magic' date arrives.
There is some question, however, about how one's disk could become
infected, since the infection process, at least in the case of the
Michaelangelo virus occurs when the virus has become resident and
has captured some system interrupts.
[soapbox mode on]
The bottom line is don't trust your system to protect you. Linux is
nicer than dos in terms of general protective features, but it is
certainly NOT foolproof. Being alert, informed, and cautious is the
best way to go.
[soapbox mode off] :)
Robert
rbauer@ecst.csuchico.edu