=============================================================== = Section A. Sources of Information and Antivirus Software. = =============================================================== A1) What is Virus-L/comp.virus? Virus-L and comp.virus are discussion forums which focus on computer virus issues. More specifically, Virus-L is an electronic mailing list and comp.virus is a USENET newsgroup. Both groups are moderated; all submissions are sent to the moderator who decides if a submission should be distributed to the groups. For more information, including a copy of the posting guidelines, see the file virus-l.README, available by anonymous FTP on corsa.ucr.edu in the pub/virus-l directory. A2) What is the difference between Virus-L and comp.virus? Virus-L is a mailing list while comp.virus is a newsgroup. Virus-L is distributed in "digest" format (with multiple e-mail postings in one large digest) and comp.virus is distributed as individual news postings. However, the content of the two groups is identical. A3) How do I get onto or off Virus-L/comp.virus? To subscribe to Virus-L, send e-mail to LISTSERV@LEHIGH.EDU saying "SUB VIRUS-L your-name". For example: SUB VIRUS-L Jane Doe To be removed from the Virus-L mailing list, send a message to LISTSERV@LEHIGH.EDU saying "SIGNOFF VIRUS-L". To "subscribe" to comp.virus, simply use your favorite USENET news reader to read the group. A4) What are the guidelines for Virus-L? The posting guidelines are available by anonymous FTP on corsa.ucr.edu. Retrieve the file pub/virus-l/virus-l.README for the most recent copy. In general, however, the moderator requires discussions to be polite and non-commercial. Objective postings of product availability, product reviews, etc, are fine, but commercial advertisements are not. Requests for virus samples (binary or disassembly) are forbidden. Technical discussions are strongly encouraged, however, within reason. A5) How can I get back-issues of Virus-L? Back-issues of Virus-L/comp.virus date back to the group's inception, on 21 April, 1988. The anonymous FTP archive at cs.ucr.edu carries all of the Virus-L back issues. Retrieve the file pub/virus-l/README for more information on the Virus-L/comp.virus archives. A6) What are the known viruses, their names, major symptoms and possible cures? The reader should be aware that there is no universally accepted naming convention for viruses, nor is there any standard means of testing. As a consequence nearly *all* virus information is highly subjective and open to interpretation and dispute. There are several major sources of information on specific viruses. Probably the largest one is Patricia Hoffman's hypertext VSUM. While VSUM is quite complete it only covers PC viruses and it is regarded by many in the antivirus field as being inaccurate, so we advise you not to rely solely on it. It can be downloaded from most major archive sites. A more precise source of information is the Computer Virus Catalog, published by the Virus Test Center in Hamburg. It contains highly technical descriptions of computer viruses for several platforms: DOS, Mac, Amiga, Atari ST and Unix. Unfortunately, the DOS section is quite incomplete. The CVC is available by anonymous FTP from ftp.informatik.uni-hamburg.de (IP = 22.214.171.124), directory pub/virus/texts/catalog. (A copy of the CVC is also available by anonymous FTP on corsa.ucr.edu in the directory pub/virus-l/docs/vtc.) Another small collection of good technical descriptions of PC viruses, called CARObase is also available from ftp.informatik.uni-hamburg.de, in the directory /pub/virus/texts/carobase. A fourth source of information is the monthly Virus Bulletin, published in the UK. Among other things, it gives detailed technical information on viruses (see A8); a one year subscription, however, costs $395. US subscriptions can be ordered by calling (203) 431 8720 (GMT-5/-4) or writing to 590 Danbury Road, Ridgefield, CT 06877; for European subscriptions, the number is +44 1235 555139 (GMT+0/-1) and the address is: 21 The Quadrant, Abingdon, OXON, OX14 3YS, ENGLAND. General enquiries can be sent to firstname.lastname@example.org. Another source of information is the book "Virus Encyclopedia" which is part of the printed documentation of Dr. Solomon's AntiVirus ToolKit (a commercial DOS antivirus program). It is more complete than the CVC list and just as accurate; however it lists only DOS viruses. This book may be available separately The on-line help system of the shareware antivirus product Anti-Virus Pro contains a large and relatively exact collection of virus descriptions and even includes demonstrations of several of the audio and visual effects produced by some viruses. However the text can be difficult to read because English is not the author's native tongue. The WWW site www.datafellows.fi has an on-line, cross-referenced database containing descriptions of about 1500 PC viruses, with an emphasis on viruses "in the wild". Another network-accessible source of information pertaining to viruses is provided by IBM AntiVirus, at http://www.brs.ibm.com/ibmav.html or via gopher at the site index.almaden.ibm.com (choose "IBM Computer Virus Information Center" from the main menu). An excellent source of information regarding Apple Macintosh viruses is the on-line documentation in the freeware Disinfectant program by John Norstad of Northwestern University. This is available at most Mac archive sites. A7) Where can I get free or shareware antivirus programs? The Virus-L/comp.virus archive sites carry publicly distributable antivirus software products. Up-to-date listings of these antivirus archive sites are posted monthly to Virus-L/comp.virus (see A5 for details). Many freeware/shareware DOS antivirus programs are available from the SimTel Software Repository. This collection of software is available via anonymous FTP from ftp.coast.net (IP = 126.96.36.199), with antivirus software in the directory /SimTel/msdos/virus. Note that the SimTel archive is "mirrored" at many anonymous FTP sites, including wuarchive.wustl.edu (IP = 188.8.131.52, /systems/ibmpc/simtel/virus), and nic.funet.fi (IP = 184.108.40.206, /pub/msdos/SimTel/virus). Most of this software can also be obtained via e-mail in uuencoded form from various TRICKLE sites, especially in Europe. Likewise, Macintosh antivirus programs can be found in /pub/tools/mac at coast.cs.purdue.edu. A list of many antivirus programs, including commercial products and one person's rating of them, can be obtained by anonymous ftp from corsa.ucr.edu (IP = 220.127.116.11) in pub/virus-l/docs/reviews in the file slade.quickref.rvw. This directory also contains detailed product reviews of many products. A8) Where can I get more information on viruses, etc? Five very good books on computer viruses that cover most of the introductory and technical questions you might have are: "Computers Under Attack: Intruders, Worms and Viruses" edited by Peter J. Denning, ACM Press/Addison-Wesley, 1990. This is a book of collected readings that discuss computer viruses, computer worms, break-ins, and social aspects, and many other items related to computer security and malicious software. A very solid, readable collection that doesn't require a highly- technical background. Price: $20.50. "Rogue Programs: Viruses, Worms and Trojan Horses" edited by Lance J. Hoffman, Van Nostrand Reinhold, 1990. This is a book of collected readings describing in detail how viruses work, where they come from, what they do, etc. It also has material on worms, Trojan Horse programs, and other malicious software programs. This book focuses more on mechanism and relatively less on social aspects than does the Denning book; however, there is an excellent piece by Anne Branscomb that covers legal aspects. Price: $32.95. "A Pathology of Computer Viruses" by David Ferbrache, Springer- Verlag, 1992. This is an in-depth book on the history, operation, and effects of computer viruses. It is one of the most complete books on the subject, with an extensive history section, a section on Macintosh viruses, network worms, and Unix viruses. Price $49.00. "A Short Course on Computer Viruses", 2nd edition, by Dr. Fred B. Cohen, Wiley, 1994. This book is by a well-known pioneer in virus research, who has also written dozens of technical papers on the subject. Price: $35.00 ($45.00 with accompanying diskette). "Robert Slade's Guide to Computer Viruses", by Robert Slade, Springer-Verlag, 1994. This book is a comprehensive introduction to computer viruses, written in a clear and easy style for non-experts. Price $29.00. A somewhat dated, but still useful, high-level description of viruses, suitable for a complete novice with little computer background is "Computer Viruses: Dealing with Electronic Vandalism and Programmed Threats" by Eugene H. Spafford, Kathleen A. Heaphy, and David J. Ferbrache, ITAA (Arlington, VA), 1989. ITAA (Information Technology Association of America) is a computer industry service organization and not a publisher. While many people have indicated they find this a very understandable reference it is now out of print, but portions of it have been reprinted in many other places, including Denning and Hoffman's books (above). It is also worth consulting various publications such as _Computers & Security_ and _SECURE Computing_ (both of which, while not limited to viruses, contain many relevant papers) and the _Virus Bulletin_ (published in the UK, it contains many technical articles). A9) Why is so much of the discussion in Virus-L/comp.virus about PCs and DOS? Is this forum only for the PC world? No--neither the problem nor this discussion relate only to PCs. Viral programs are a property of general-purpose computers, and therefore are, and will be, a problem for any computer system. We *are* aware of the lopsided coverage and welcome the submission of material relevant to other systems. There are several reasons for the apparent imbalance. One very general reason is that users of DOS heavily outnumber the users of other operating systems. The discussion in Virus-L/comp.virus therefore tends to have a preponderance of questions and chat about DOS specific infections and problems. We welcome questions, comments and reports from users of other operating systems and platforms. If you use a computer of another type, please do contribute to the discussion. Just because the majority are talking about DOS does *not* mean that your contribution is not welcome. It may be important precisely because you have a different perspective. Therefore, let us assure you there is no deliberate attempt being made to exclude Amiga, Atari, Macintosh, OS/2, UNIX, VMS, Windows (NT, '95 or any other flavor) or any other platform or operating system from the discussion or the FAQ sheet. If you feel that there *is* too much PC bias, please don't complain about it--tell us something about the virus situation on *your* system.