What's the point in OS/2 anti-virus software?

What's the point in OS/2 anti-virus software?

Post by Timur Tab » Sun, 21 Jan 2001 07:26:03



Could someone explain to me the reason why I should bother getting OS/2
anti-virus software?  I've heard that there are "three" OS/2 viruses out
there, but I've never heard of anyone actually having one of these, nor
have I ever heard any explanation as to what these viruses supposedly
do.

There are no copies of Windows anywhere at home, although we do have two
Macs.  I very rarely run Win-OS/2.

The primary problem with the OS/2 anti-virus software I've seen is that
it only scans files on the hard drive.  On Mac and Windows, the most
recent AV software will actually scan your email attachments as they
arrive (the software acts as an intermediary POP3 server).  Does any
OS/2 AV package do that?

How about 16-bit Windows apps that I run under Win-OS/2?  Won't I need a
16-bit AV package instead?  And what about 32-bit apps run under Odin?
Will anything protect me from those viruses?

I'd especially like to hear from people who ARE running native OS/2 AV
apps and have actually found them useful.

--
Timur "too * for my code" Tabi
Remove "nospam_" from my email address when replying

Sent via Deja.com
http://www.veryComputer.com/

 
 
 

What's the point in OS/2 anti-virus software?

Post by J. N. Pfistere » Sun, 21 Jan 2001 10:04:37


Hi, Timur -

Quote:>Could someone explain to me the reason why I should bother getting OS/2
>anti-virus software?  I've heard that there are "three" OS/2 viruses out
>there, but I've never heard of anyone actually having one of these, nor
>have I ever heard any explanation as to what these viruses supposedly
>do.

I don't know the answer to that, but I admire the question :)

Quote:>There are no copies of Windows anywhere at home, although we do have two
>Macs.  I very rarely run Win-OS/2.

I, too, rarely run Win-OS/2, but I do use a lot of DOS programs,
including QModemPro and WordStar.  That was my main reason for
installing the DOS version of F-Prot; and then later IBMAV.  I'm still
running IBMAV, although it looks like it has finally reached the end of
its updates by Symantec.

Quote:>The primary problem with the OS/2 anti-virus software I've seen is that
>it only scans files on the hard drive.  On Mac and Windows, the most
>recent AV software will actually scan your email attachments as they
>arrive (the software acts as an intermediary POP3 server).  Does any
>OS/2 AV package do that?

I know that my installation of IBMAV scans memory and the hard drive
upon bootup (or upon command), and is activated in the opening of each
VDM (DOS) session.  I can't tell how active it is when in native OS/2
applications such as Internet Adventurer and Netscape. It has never
reported virus activity on this machine.

Quote:>How about 16-bit Windows apps that I run under Win-OS/2?  Won't I need a
>16-bit AV package instead?  And what about 32-bit apps run under Odin?
>Will anything protect me from those viruses?

>I'd especially like to hear from people who ARE running native OS/2 AV
>apps and have actually found them useful.

AFAICT, the only virus I have ever received on line appeared a few
months ago--one of the popular Word for Windows macro viruses.  It came
attached to two different e-mails via Internet Adventurer/Netscape 4.61.
I spotted it; but IBMAV did not. No actual infection occurred and it is
now just a memory.

Since it appears that I've never encountered a non-macro virus, I can't
testify that IBMAV is actually ready and waiting to pounce on one. At
least seeing the IBMAV messages at the start of each VDM session is
comforting. :)

Jack P.

 
 
 

What's the point in OS/2 anti-virus software?

Post by John Rodrigu » Sun, 21 Jan 2001 13:17:02


Yeah, that's what I thought.  Then one evening turned into an all
nighter as I was preparing a system for demo for our local OS/2 User
Group meeting.  All three of my systems seemed to go down at once.  I
was installing drivers so I kept doing things then rebooting.  All of
a sudden all three machines wouldn't boot.  I'm no computer guru (just
a programmer) but after hours and hours of torture, restoring,
reinstalling .... I finally reconstructed all my Master Boot Records.
That fixed it.  I had a good old fashion operating system agnostic
boot sector virus.  Came from an old floppy I recycled from my wife's
pile.

I still don't have AV software but I'm looking for something.  True
that we OS/2 users don't have to scan incoming email or worry about VB
script, but I'm going to protect myself anyway!

John



Quote:> Could someone explain to me the reason why I should bother getting OS/2
> anti-virus software?  

 
 
 

What's the point in OS/2 anti-virus software?

Post by James Mo » Sun, 21 Jan 2001 15:06:25



> [...]

> I still don't have AV software but I'm looking for something.  True
> that we OS/2 users don't have to scan incoming email or worry about VB
> script, but I'm going to protect myself anyway!

    I would have suggested Panda AntiVirus at one time. Not that the
program is no good. It seems to be okay; it is their apparent desire to
not provide updates.
    They require that a postcard be sent to them to register the
software and receive an authentication code so I can download virus
signature file updates. I never got one. I have sent several emails to
them and have never gotten a response. So forget Panda.

--
sma at sohnen-moe dot com

 
 
 

What's the point in OS/2 anti-virus software?

Post by Doug Boult » Sun, 21 Jan 2001 18:09:28




Quote:> I'd especially like to hear from people who ARE running native OS/2 AV
> apps and have actually found them useful.

Norman AV found one of those stupid Word macro viruses in a mail
attachment that someone had sent me.  Since I view .DOC files in
either WordPro or WordPerfect, no threat to me, but it would have been
embarassing to send the infected file on to someone else who wouldn't
have been as lucky.

--
Doug Boulter

To reply by e-mail, remove the obvious spam traps from the address

 
 
 

What's the point in OS/2 anti-virus software?

Post by Charles Christacopoulo » Sun, 21 Jan 2001 22:14:15


It is like insurance.  You have it just in case.

I tried once to install Network Associates (their current version of Dr
Solomon's) Anti virus which would run in the background and intercept
process running under OS/2.  It was a disaster.
My old PC could not cope with the extra load (became much slower) and also
needed at least one reboot per day (instead of one every 6-14 days).

It is the usual story, an anti virus program cannot run natively and do all
those nice things because OS/2 won't allow it to access the threads of other
processes.

Mail would be a likely source of infenction but if I receive attachments
from a not-trusted source they get deleted, althernatvily most attachments
are for windows higher than 3.1 apps so they don't get viewed under os/2.

I guess the best you can hope with an antivirus program for os/2 is to do
periodic scans of your disks, run through the autoexec.bat a dos/windows
version, and just check the odd suspect file.

Anyone to say anything positive about it :-)

Charles

--

remove "_removeme" to reply.
-------------------------------------------------------------------
Charles Christacopoulos, Secretary's Office, University of Dundee,
Dundee DD1 4HN, (Scotland) United Kingdom.
Tel: +44+(0)1382-344891. Fax: +44+(0)1382-201604.
http://somis.ais.dundee.ac.uk/
Scottish Search Maestro http://somis2.ais.dundee.ac.uk/
Win 2000? Still happy using OS2 Warp and so do the HTTPs above :-)

 
 
 

What's the point in OS/2 anti-virus software?

Post by mike.lut.. » Mon, 22 Jan 2001 00:06:31



Quote:>Could someone explain to me the reason why I should bother getting OS/2
>anti-virus software?  I've heard that there are "three" OS/2 viruses out
>there, but I've never heard of anyone actually having one of these, nor
>have I ever heard any explanation as to what these viruses supposedly
>do.
>I'd especially like to hear from people who ARE running native OS/2 AV
>apps and have actually found them useful.
>Timur "too * for my code" Tabi

Timur, I run Norman reasonably often.  The BBS system(s) in the place
are still scanned nightly in the 'maid' routines.  It's found a number of
WIN infestations in mail sent me from others, which have no value directly
on the OS/2 box.  If, somehow, they got hand-forwarded from me to a WIN
user, I'd feel bad about that.  Knowing you from your long time presence
around the place, so would you, I think.

An object of DOS is still DOS, isn't it?   You do know that memory space
used by a new DOS-VDM session isn't cleared, apparently, by the new session,
prior to use?  What's in that space which could be analyzed and then
re-propagated might be very interesting, even to OS/2 users.  For
example, using the old McAfee SCAN routine for DOS, in a DOS-VDM
session, if it finds a virus, the next time you try to use it right after
in a subsequent DOS-VDM session, it won't load!  It complains that either
the signature for that virus or the one just previous to it is still resident
in memory!!  Took me by surprise!

In addition, Norman has found a number of DOS viri in files I've
downloaded from places looking for utilities, the latest being one in a
DOS-VDM Fossil routine I went hunting for work on someone's WIN-98 BBS
box left with me for help.   It came in via a TELNET download from
that BBS to me.  That's not TELNET's fault, is it?  ;)

I pulled it very late, early in the morning, fell asleep, thinking I'd
put it on a floppy and go to work when I got up.  Norman caught it in
the nightly maid routine that's here...  surprise!

It's also found and cleaned out the old Empire Monkey B creature that
suddenly appeared in a stack full of floppy's I used at a hospital in a
major service update routine where they were still running DOS.  In
addition to the floppy cleanout, even without booting from that, it
wound up on my dual-boot DOS-OS/2 service transportable in the MBR of it
as part of the DOS side of things!  The cleanout from there got rid of
my last actual DOS file system box.. *ALL* of them are now HPFS ..
grin..  There may be more still to the old joke that the easiest place
to get sick is in the hospital...  grin.

I was quite surprised at the infection of my OS/2 transportable.
Corruption of track 3 took me quite unawares.  The hospital MIS crew
that dosed me never knew it was there either until much later after I'd
sorted it all out.  "Why I'm an OS/2 user!  We don't have such things...
Not *ME* said the flea it's in *YOUR* bed!"  It came from one of their
proprietary Compaq DOS computer BIOS setups disks ... I recall the MIS
director saying, "Gee, OS/2, there's a box of that somewhere around here
I think?"

Norman's even found three other older DOS viri versions in files
auto forwarded me for DOS session and WIN 3.1 stuff via the BBS game.
Frankly, there is nothing to stop a sick user from doing DELETE *.* from
any DOS prompt window in either DOS or OS/2.  When called from a batch
file the old GLOBAL.COM does a fine job of that.  Nor is there any way
to really guard against any nicely written program in BASIC, for
example, from simply doing a SHELL routine added to do the equivalent,
or a massive rename or whatever.  We're here more free from what can be
written that's bad, as far as I can see, simply because fewer people
want to mess in our sandbox than the other operating systems.

Sure device drivers and so on are more convoluted in their creation and
application here, perhaps, than in the WIN and LINUX world!  But that
doesn't stop creative applications attached to executables in OS/2, as
far as I can see, from my limited view of all this.  I'd think you,
given your far better ability at code creation than I or many others
here, would easily see that.

I bought in because I am in constant contact with the WIN and DOS world
anyway.  You may not be, thus needing to think about this less.  Your choice,
until we hear of round one for us.

--> Sleep well; OS2's still awake! ;)



 
 
 

What's the point in OS/2 anti-virus software?

Post by rsm.. » Mon, 22 Jan 2001 01:03:58



01/20/2001


>> I'd especially like to hear from people who ARE running native OS/2 AV
>> apps and have actually found them useful.
>Norman AV found one of those stupid Word macro viruses in a mail
>attachment that someone had sent me.  Since I view .DOC files in  either
>WordPro or WordPerfect, no threat to me, but it would have been
>embarassing to send the infected file on to someone else who wouldn't
>have been as lucky.

I don't know how well it works, but Norman AV will apparently be shipped
with the ecs upgrade at GA release. I agree that it would be embarassing

Bob.

The Microsoft Network: Come into my parlor, said the spider to the fly.

--
-----------------------------------------------------------

-----------------------------------------------------------

 
 
 

What's the point in OS/2 anti-virus software?

Post by William L. Hartzel » Mon, 22 Jan 2001 01:51:57


John:
My computer came with a BIOS boot sector anti virus code that runs each
time I boot the machine.  It complains often about Boot Manager, but I
keep it on anyway.
Bill

> Yeah, that's what I thought.  Then one evening turned into an all
> nighter as I was preparing a system for demo for our local OS/2 User
> Group meeting.  All three of my systems seemed to go down at once.  I
> was installing drivers so I kept doing things then rebooting.  All of
> a sudden all three machines wouldn't boot.  I'm no computer guru (just
> a programmer) but after hours and hours of torture, restoring,
> reinstalling .... I finally reconstructed all my Master Boot Records.
> That fixed it.  I had a good old fashion operating system agnostic
> boot sector virus.  Came from an old floppy I recycled from my wife's
> pile.

> I still don't have AV software but I'm looking for something.  True
> that we OS/2 users don't have to scan incoming email or worry about VB
> script, but I'm going to protect myself anyway!

> John



> > Could someone explain to me the reason why I should bother getting OS/2
> > anti-virus software?

 
 
 

What's the point in OS/2 anti-virus software?

Post by James Knot » Mon, 22 Jan 2001 06:29:06


A boot sector virus can still get your OS/2 system.  That
happened to me once, when I used a floppy from my night
school class.  Fortunately, IBM AV found and killed it.


> Could someone explain to me the reason why I should bother getting OS/2
> anti-virus software?  I've heard that there are "three" OS/2 viruses out
> there, but I've never heard of anyone actually having one of these, nor
> have I ever heard any explanation as to what these viruses supposedly
> do.

> There are no copies of Windows anywhere at home, although we do have two
> Macs.  I very rarely run Win-OS/2.

> The primary problem with the OS/2 anti-virus software I've seen is that
> it only scans files on the hard drive.  On Mac and Windows, the most
> recent AV software will actually scan your email attachments as they
> arrive (the software acts as an intermediary POP3 server).  Does any
> OS/2 AV package do that?

> How about 16-bit Windows apps that I run under Win-OS/2?  Won't I need a
> 16-bit AV package instead?  And what about 32-bit apps run under Odin?
> Will anything protect me from those viruses?

> I'd especially like to hear from people who ARE running native OS/2 AV
> apps and have actually found them useful.

> --
> Timur "too * for my code" Tabi
> Remove "nospam_" from my email address when replying

> Sent via Deja.com
> http://www.veryComputer.com/

--
Replies sent via e-mail to this address will be promptly
ignored.

"james.knott".
 
 
 

What's the point in OS/2 anti-virus software?

Post by Harald Eilerts » Tue, 23 Jan 2001 21:06:23


Greetings Timur!

As the author of one of the AV packages, my answer may be biased, but
I'll try to answer anyways :)


Quote:> Could someone explain to me the reason why I should bother getting OS/2
> anti-virus software?  I've heard that there are "three" OS/2 viruses out
> there, but I've never heard of anyone actually having one of these, nor
> have I ever heard any explanation as to what these viruses supposedly
> do.

These viruses are not in the wild, so thay shouldn't bother anyone.
Still DOS and Win16 viruses may infect your machine, while they
probably won't do as much damage as on a real DOS or Win system. But
these viruses aren't too common any more either. With Odin, I do
suspect you could be subject to Win32 viruses, and of course there are
Macro viruses that are the most common type of virus these days.

How much this will affect your system depends on what software your're
running and how often you back up. What you may want to avoid is to
pass on attachments containing viruses to others that may be running
other less imune systems. You may not need an on access scanner, but
an on demand scanner for checking attachments or files you are sharing
with other may be a good insurance.

Quote:> The primary problem with the OS/2 anti-virus software I've seen is that
> it only scans files on the hard drive.  On Mac and Windows, the most
> recent AV software will actually scan your email attachments as they
> arrive (the software acts as an intermediary POP3 server).  Does any
> OS/2 AV package do that?

Not quite yet, but we're working on it. We'll also handle news (nntp)
and web (http).
BUT: Since we already scan everything saved to a file (if you run the
on-access scanner), we'll still catch most e-mail viruses and infected
attachments when they're stored away by the e-mail client. Depends on
how the e-mails are stored, but in cases like PMMail, we should catch
everything.

Quote:> How about 16-bit Windows apps that I run under Win-OS/2?  Won't I need a
> 16-bit AV package instead?  

No, our scanners will find any kind of viruses, both 16bit, 32bit,
binary, macro, Win, DOS, Linux.... A 16 bit package will not be able
to scan large parts of your system, a native package will be able to
scan everything.

Quote:> And what about 32-bit apps run under Odin? Will anything protect me from
> those viruses?

Yes. Our on-demand scanners will recognize them as Win32 binaries
regardless of what system they're hosted on. Our on-access scanners
will do the same, the moment you try to access the file. This should
be the same for the other products as well.

In the end, you have to decide for yourself if you actually need an
anti virus solution or not, and which package will work the best for
you. But the day you pass on an infected powerpoint macro to a
customer or something you'll find it a cheap insurance.

For more info, and a trial download, check:
http://www.norman.no/products.shtml

You should also find a beta of our on-access scanner there. A new beta
is going out as soon as I get time to update the docs and package it
up.

Take Care!
--
Harald Eilertsen
OS/2 Developer
Norman ASA -- http://www.norman.no/

 
 
 

What's the point in OS/2 anti-virus software?

Post by Felix Miat » Fri, 26 Jan 2001 00:38:11



> As the author of one of the AV packages, my answer may be biased, but
> I'll try to answer anyways :)

> > Could someone explain to me the reason why I should bother getting OS/2
> > anti-virus software?  I've heard that there are "three" OS/2 viruses out
> > there, but I've never heard of anyone actually having one of these, nor
> > have I ever heard any explanation as to what these viruses supposedly
> > do.
> These viruses are not in the wild, so thay shouldn't bother anyone.
> Still DOS and Win16 viruses may infect your machine, while they
> probably won't do as much damage as on a real DOS or Win system. But
> these viruses aren't too common any more either. With Odin, I do
> suspect you could be subject to Win32 viruses, and of course there are
> Macro viruses that are the most common type of virus these days.
> How much this will affect your system depends on what software your're
> running and how often you back up. What you may want to avoid is to
> pass on attachments containing viruses to others that may be running
> other less imune systems. You may not need an on access scanner, but
> an on demand scanner for checking attachments or files you are sharing
> with other may be a good insurance.

I managed to infect my main system (no windoze) and two windoze systems
Monday with the B1 boot virus, whatever that is. I guess if must be a
boot sector virus from a floppy. The only way I knew I had found it was
because on one of the multiboot machines, one on which I more often boot
OS/2 and Linux than windoze, was I did boot into windoze, which was
still setup with IBM AV, and warned me before windoze ever started about
the virus. According to IBM AV, B1 has successfully been removed from
all three.

Quote:> In the end, you have to decide for yourself if you actually need an
> anti virus solution or not, and which package will work the best for
> you. But the day you pass on an infected powerpoint macro to a
> customer or something you'll find it a cheap insurance.
> For more info, and a trial download, check:
> http://www.norman.no/products.shtml

I tried to find a way to simply buy the product, but the web site is a
typical poor usability site.

1-Fonts except titles are all set to substandard sizes (standard size is
3, site uses sizes 1 & 2 extensively) (see URLs in headers and .sig of
this message for problem's explanation)

2-Purchase online appears to be limited to windoze versions.
--
He who pursues righteousness and love finds life, prosperity, and
honor.          Proverbs 21:21 NKJV

 Team OS/2

Felix Miata  ***  http://mrmazda.members.atlantic.net/fonts.html

 
 
 

What's the point in OS/2 anti-virus software?

Post by Harald Eilerts » Sat, 27 Jan 2001 02:06:47



2001 15:38:11):

Quote:> I tried to find a way to simply buy the product, but the web site is a
> typical poor usability site.

> 2-Purchase online appears to be limited to windoze versions.

Contact a subsidiary or reseller near you to purchase the OS/2
version. Take a look at
http://www.norman.no/subsidiaries.shtml for info about the various
subsidiaries. The OS/2 version will be available for direct ordering
from the web again, as soon as I get our internet update tool ported.

Also, if you are getting the eCS GA, there's a limited time free
lisence included.

Take Care!
--
Harald Eilertsen
OS/2 Developer
Norman ASA -- http://www.norman.no/