will virus affect?

will virus affect?

Post by Mile » Sun, 07 Feb 1999 04:00:00



I would like to know, if I have a win95 and Linux in a pc, (using some
of those system selecting program), then if the virus scanner in win95
detected  a virus active in my pc, then, will the virus affect the
Linux ?

thanks

 
 
 

will virus affect?

Post by Jim Harpe » Sun, 07 Feb 1999 04:00:00



> I would like to know, if I have a win95 and Linux in a pc, (using some
> of those system selecting program), then if the virus scanner in win95
> detected  a virus active in my pc, then, will the virus affect the
> Linux ?

> thanks

Not a chance... DOS/Win virii can only affect DOS/Win systems. Unix virii
are relatively non-existant.

Have you ever seen a UNIX virus scanner? I haven't...

-Jim

 
 
 

will virus affect?

Post by Stephen Carvill » Sun, 07 Feb 1999 04:00:00



> I would like to know, if I have a win95 and Linux in a pc, (using some
> of those system selecting program), then if the virus scanner in win95
> detected  a virus active in my pc, then, will the virus affect the
> Linux ?

An NT95 virus can only execute from the the MS side of the hard drive.
However, a malicious NT95 virus could be written to detect a Linux
partition and then trash the partition table.  If it was sophisticated
enough it could even reidentify the partition and reformat it.

So the answer is "yes" but I haven't heard of any such viri...

--
Stephen Carville

----------------------------------------------------
Management: The art of hiring intelligent, skilled individuals and then
ignoring their advice.

 
 
 

will virus affect?

Post by M.. » Mon, 08 Feb 1999 04:00:00




>> I would like to know, if I have a win95 and Linux in a pc, (using some
>> of those system selecting program), then if the virus scanner in win95
>> detected  a virus active in my pc, then, will the virus affect the
>> Linux ?

>> thanks
> Not a chance... DOS/Win virii can only affect DOS/Win systems. Unix virii
> are relatively non-existant.

nope....
Think about viris that write directly to Harddisks like fdisk..!!

--
cu
Thorben

 
 
 

will virus affect?

Post by Todd Knar » Tue, 09 Feb 1999 04:00:00



> nope....
> Think about viris that write directly to Harddisks like fdisk..!!

Virus is running in user mode. User mode code is not permitted to
access device I/O registers. The process containing the virus will
be terminated by the kernel. End of virus.

Exception: virus is attached to a program that has permission to access
I/O registers ( usually because it's suid-root ). OTOH the virus is
likely to assume it's dealing with a FAT filesystem or DOS boot sector
or MBR, so you're more likely to get a corrupted MBR/bootsector/filesystem
than anything useful to the virus.

--
If you'll excuse me - I have fif* things fighting for my attention, all
of them annoying.
                                -- Susan Ivanova

 
 
 

will virus affect?

Post by M.. » Tue, 09 Feb 1999 04:00:00




>> nope....
>> Think about viris that write directly to Harddisks like fdisk..!!
> Virus is running in user mode. User mode code is not permitted to
> access device I/O registers. The process containing the virus will
> be terminated by the kernel. End of virus.
> Exception: virus is attached to a program that has permission to access
> I/O registers ( usually because it's suid-root ). OTOH the virus is
> likely to assume it's dealing with a FAT filesystem or DOS boot sector
> or MBR, so you're more likely to get a corrupted MBR/bootsector/filesystem
> than anything useful to the virus.

sure...
But what when I'm running windows on the same machine with access to the Linux-partitions?
This is what I mean, and this was the question....

--
cu
Thorben

 
 
 

will virus affect?

Post by Todd Knar » Wed, 10 Feb 1999 04:00:00



> sure...
> But what when I'm running windows on the same machine with access to the Linux-partitions?
> This is what I mean, and this was the question....

In that case Wine or Dosemu is using the network redirector services to
make the Linux filesystems appear to the program. Whatever the virus does,
the Linux filesystem drivers will apply the standard file permissions and
your user privileges, and I doubt they'd allow you to write to the raw
partition ( check the permissions on /dev/hd* and /dev/sd* for whether
non-owner users are permitted to write to them ). There can be holes
in Wine and Dosemu that'd let a virus get past the checks, but the
virus would have to recognize that it's running in emulation on a Linux
system and take appropriate action.

If you mean really running Windows, then since Windows has no protection
on devices any program there can scribble over any part of the disk it
wants ( NT might modify this, but in it's default config it's entirely
likely to allow that sort of behavior ). My advice: if you absolutely
must run Windows, at least run NT Workstation and invest the several
hundred dollars in the tools and courses needed to lock it down properly.
You can keep a Win95 or unsecured NT system clean, but it requires serious
paranoia. [ NB: 20 years clean, and not about to change that just because
someone else doesn't want to learn how to make Word97 spit out RTF or some
other innocuous format. ]

--
If you'll excuse me - I have fif* things fighting for my attention, all
of them annoying.
                                -- Susan Ivanova

 
 
 

will virus affect?

Post by Victor Wagn » Wed, 10 Feb 1999 04:00:00


: sure...
: But what when I'm running windows on the same machine with access to the Linux-partitions?
: This is what I mean, and this was the question....

Then get mcaffee antivirus for Linux, boot Linux (better from rescue
disk, to avoid executing something from MBR, mount Windows partition
and clean virus, while enjoing safety of Linux).

Only bad thing that Linux antivirus cannot cure MBR, becouse it is
intended for fileservers, not for dual-boot computers.
: --
: cu
: Thorben
--
--------------------------------------------------------
I have tin news and pine mail...

 
 
 

1. DOS virus affecting MBR&LILO

Hi,

My research group has been tagged by the dreaded 'FORM' virus
intermittantely for the last 6 months.  This
virus typically shows up under DOS and Windows 95 by making the
keyboard click and/or causing hard drive problems.  The usual fix
in the past has been to run DOS 6.22 (reboot Win95 into old DOS)
and run MSAV, the MS anti-virus utility.  It usually detects
a few bad files and cleans them and then all is well.

But no longer.  For some reason the failure mode is now affecting
the Master Boot Record (MBR).  Lately booting up the linux
kernel from the LILO prompt produced endless hard drive read errors.  

I decided to run MSAV and lo-and-behold, the FORM
virus was detected in a few files and cleaned.  After rebooting
from MSAV the DOS partitions worked fine, but the linux
problem did not go away (still had read errors)!

the fix was the following.  
        run DOS and type 'fdisk /MBR' to refresh the MBR.
        reboot the linux boot floppies
        mount the hard drive    
        and...rerun/reinstall LILO.

MY QUESTION IS THUS THE FOLLOWING:
        IF MSAV DOESN'T DETECT/ERRADICATE THE VIRAL CONTAMINATION
IN THE MBR, THAN WHAT MEASURES CAN I USE TO PREVENT THIS FROM
HAPPENING IN THE FUTURE...AND, IS THERE ANYTHING I CAN DO TO MAKE
LILO MORE RUGGED?


thanx,
david.

2. Problem in Mounting Audio Cd- Solaris

3. How to fix MBR affected by Manitoba virus

4. Fax Software...

5. Virus Affecting Linux Drive?

6. anyone use @home.

7. DOS virus affecting MBR&LILO

8. Linux with a Cable modem?

9. Virus protection against WINDOWS Viruses, server releated.

10. viruses or virus checkers?

11. Virus Alert: happy99.exe attachment is a virus.

12. virus warning on virus-watch.com

13. Linux file virus, 8759 bytes, is this a known virus?