Doug's Home On The Web

===============================================================
= Section A.   Sources of Information and Antivirus Software. =
===============================================================

A1)  What is Virus-L/comp.virus?

Virus-L and comp.virus are discussion forums which focus on computer
virus issues.  More specifically, Virus-L is an electronic mailing list
and comp.virus is a USENET newsgroup.  Both groups are moderated; all
submissions are sent to the moderator who decides if a submission should
be distributed to the groups.  For more information, including a copy of
the posting guidelines, see the file virus-l.README, available by
anonymous FTP on corsa.ucr.edu in the pub/virus-l directory.


A2)  What is the difference between Virus-L and comp.virus?

Virus-L is a mailing list while comp.virus is a newsgroup.  Virus-L is
distributed in "digest" format (with multiple e-mail postings in one
large digest) and comp.virus is distributed as individual news postings.
However, the content of the two groups is identical.


A3)  How do I get onto or off Virus-L/comp.virus?

To subscribe to Virus-L, send e-mail to LISTSERV@LEHIGH.EDU saying "SUB
VIRUS-L your-name".  For example:

  SUB VIRUS-L Jane Doe

To be removed from the Virus-L mailing list, send a message to
LISTSERV@LEHIGH.EDU saying "SIGNOFF VIRUS-L".

To "subscribe" to comp.virus, simply use your favorite USENET news
reader to read the group.


A4)  What are the guidelines for Virus-L?

The posting guidelines are available by anonymous FTP on corsa.ucr.edu.
Retrieve the file pub/virus-l/virus-l.README for the most recent copy.
In general, however, the moderator requires discussions to be polite and
non-commercial.  Objective postings of product availability, product
reviews, etc, are fine, but commercial advertisements are not.  Requests
for virus samples (binary or disassembly) are forbidden.  Technical
discussions are strongly encouraged, however, within reason.


A5)  How can I get back-issues of Virus-L?

Back-issues of Virus-L/comp.virus date back to the group's inception, on
21 April, 1988.  The anonymous FTP archive at cs.ucr.edu carries all of
the Virus-L back issues.  Retrieve the file pub/virus-l/README for more
information on the Virus-L/comp.virus archives.


A6)  What are the known viruses, their names, major symptoms and
     possible cures?

The reader should be aware that there is no universally accepted naming
convention for viruses, nor is there any standard means of testing.  As
a consequence nearly *all* virus information is highly subjective and
open to interpretation and dispute.

There are several major sources of information on specific viruses.
Probably the largest one is Patricia Hoffman's hypertext VSUM.  While
VSUM is quite complete it only covers PC viruses and it is regarded by
many in the antivirus field as being inaccurate, so we advise you not to
rely solely on it.  It can be downloaded from most major archive sites.

A more precise source of information is the Computer Virus Catalog,
published by the Virus Test Center in Hamburg.  It contains highly
technical descriptions of computer viruses for several platforms: DOS,
Mac, Amiga, Atari ST and Unix.  Unfortunately, the DOS section is quite
incomplete.  The CVC is available by anonymous FTP from
ftp.informatik.uni-hamburg.de (IP = 134.100.4.42), directory
pub/virus/texts/catalog.  (A copy of the CVC is also available by
anonymous FTP on corsa.ucr.edu in the directory pub/virus-l/docs/vtc.)

Another small collection of good technical descriptions of PC viruses,
called CARObase is also available from ftp.informatik.uni-hamburg.de, in
the directory /pub/virus/texts/carobase.

A fourth source of information is the monthly Virus Bulletin, published
in the UK.  Among other things, it gives detailed technical information
on viruses (see A8); a one year subscription, however, costs $395.  US
subscriptions can be ordered by calling (203) 431 8720 (GMT-5/-4) or
writing to 590 Danbury Road, Ridgefield, CT 06877; for European
subscriptions, the number is +44 1235 555139 (GMT+0/-1) and the address
is: 21 The Quadrant, Abingdon, OXON, OX14 3YS, ENGLAND.  General
enquiries can be sent to virusbtn@vax.ox.ac.uk.

Another source of information is the book "Virus Encyclopedia" which is
part of the printed documentation of Dr. Solomon's AntiVirus ToolKit (a
commercial DOS antivirus program).  It is more complete than the CVC
list and just as accurate; however it lists only DOS viruses.  This book
may be available separately

The on-line help system of the shareware antivirus product Anti-Virus
Pro contains a large and relatively exact collection of virus
descriptions and even includes demonstrations of several of the audio
and visual effects produced by some viruses. However the text can be
difficult to read because English is not the author's native tongue.

The WWW site www.datafellows.fi has an on-line, cross-referenced
database containing descriptions of about 1500 PC viruses, with an
emphasis on viruses "in the wild".  Another network-accessible source of
information pertaining to viruses is provided by IBM AntiVirus, at
http://www.brs.ibm.com/ibmav.html or via gopher at the site
index.almaden.ibm.com (choose "IBM Computer Virus Information Center"
from the main menu).

An excellent source of information regarding Apple Macintosh viruses is
the on-line documentation in the freeware Disinfectant program by John
Norstad of Northwestern University.  This is available at most Mac
archive sites.


A7)  Where can I get free or shareware antivirus programs?

The Virus-L/comp.virus archive sites carry publicly distributable
antivirus software products. Up-to-date listings of these antivirus
archive sites are posted monthly to Virus-L/comp.virus (see A5 for
details).

Many freeware/shareware DOS antivirus programs are available from the
SimTel Software Repository.  This collection of software is available
via anonymous FTP from ftp.coast.net (IP = 141.210.10.117), with
antivirus software in the directory /SimTel/msdos/virus.  Note that the
SimTel archive is "mirrored" at many anonymous FTP sites, including
wuarchive.wustl.edu (IP = 128.252.135.4, /systems/ibmpc/simtel/virus),
and nic.funet.fi (IP = 128.214.248.6, /pub/msdos/SimTel/virus).  Most of
this software can also be obtained via e-mail in uuencoded form from
various TRICKLE sites, especially in Europe.

Likewise, Macintosh antivirus programs can be found in /pub/tools/mac at
coast.cs.purdue.edu.

A list of many antivirus programs, including commercial products and one
person's rating of them, can be obtained by anonymous ftp from
corsa.ucr.edu (IP = 138.23.166.33) in pub/virus-l/docs/reviews in the
file slade.quickref.rvw.  This directory also contains detailed product
reviews of many products.


A8)  Where can I get more information on viruses, etc?

Five very good books on computer viruses that cover most of the
introductory and technical questions you might have are:

"Computers Under Attack: Intruders, Worms and Viruses" edited by
     Peter J. Denning, ACM Press/Addison-Wesley, 1990.  This is a
     book of collected readings that discuss computer viruses,
     computer worms, break-ins, and social aspects, and many other
     items related to computer security and malicious software.  A
     very solid, readable collection that doesn't require a highly-
     technical background.  Price: $20.50.

"Rogue Programs: Viruses, Worms and Trojan Horses" edited by Lance
     J. Hoffman, Van Nostrand Reinhold, 1990.  This is a book of
     collected readings describing in detail how viruses work,
     where they come from, what they do, etc.  It also has
     material on worms, Trojan Horse programs, and other malicious
     software programs.  This book focuses more on mechanism and
     relatively less on social aspects than does the Denning book;
     however, there is an excellent piece by Anne Branscomb that
     covers legal aspects.  Price: $32.95.

"A Pathology of Computer Viruses" by David Ferbrache, Springer-
     Verlag, 1992.  This is an in-depth book on the history,
     operation, and effects of computer viruses.  It is one of the
     most complete books on the subject, with an extensive history
     section, a section on Macintosh viruses, network worms, and
     Unix viruses.  Price $49.00.

"A Short Course on Computer Viruses", 2nd edition, by Dr. Fred B.
     Cohen, Wiley, 1994.  This book is by a well-known pioneer in
     virus research, who has also written dozens of technical
     papers on the subject.  Price: $35.00 ($45.00 with
     accompanying diskette).

"Robert Slade's Guide to Computer Viruses", by Robert Slade,
     Springer-Verlag, 1994.  This book is a comprehensive
     introduction to computer viruses, written in a clear and easy
     style for non-experts.  Price $29.00.


A somewhat dated, but still useful, high-level description of viruses,
suitable for a complete novice with little computer background is
"Computer Viruses: Dealing with Electronic Vandalism and Programmed
Threats" by Eugene H. Spafford, Kathleen A. Heaphy, and David J.
Ferbrache, ITAA (Arlington, VA), 1989.  ITAA (Information Technology
Association of America) is a computer industry service organization and
not a publisher.  While many people have indicated they find this a very
understandable reference it is now out of print, but portions of it have
been reprinted in many other places, including Denning and Hoffman's
books (above).

It is also worth consulting various publications such as _Computers &
Security_ and _SECURE Computing_ (both of which, while not limited to
viruses, contain many relevant papers) and the _Virus Bulletin_
(published in the UK, it contains many technical articles).


A9)  Why is so much of the discussion in Virus-L/comp.virus about PCs
     and DOS?  Is this forum only for the PC world?

No--neither the problem nor this discussion relate only to PCs.  Viral
programs are a property of general-purpose computers, and therefore are,
and will be, a problem for any computer system.  We *are* aware of the
lopsided coverage and welcome the submission of material relevant to
other systems.

There are several reasons for the apparent imbalance.  One very general
reason is that users of DOS heavily outnumber the users of other
operating systems.  The discussion in Virus-L/comp.virus therefore tends
to have a preponderance of questions and chat about DOS specific
infections and problems.  We welcome questions, comments and reports
from users of other operating systems and platforms.  If you use a
computer of another type, please do contribute to the discussion.  Just
because the majority are talking about DOS does *not* mean that your
contribution is not welcome.  It may be important precisely because you
have a different perspective.

Therefore, let us assure you there is no deliberate attempt being made
to exclude Amiga, Atari, Macintosh, OS/2, UNIX, VMS, Windows (NT, '95 or
any other flavor) or any other platform or operating system from the
discussion or the FAQ sheet.  If you feel that there *is* too much PC
bias, please don't complain about it--tell us something about the virus
situation on *your* system.