CrisNews #2  -  05/01/94

Reprinted With Permission
By: Cris Research Staff


                             The Virus Threat
                           (c) Ian Douglas 1993

Has the threat from viruses started to decline?  The number of viruses for the
IBM PC (Intel x86) platform grows daily, but various events are making the IBM
environment safer.  (Experts predict around 4000 - 6000 DOS viruses by the end
of 1994.)

Chief  amongst these is the move away from DOS to new operating systems.   The
trend  started  with  Windows  (not really  an  operating  system),   and  has
accelerated with the advent of a reliable OS/2.  Further down the line,  there
is Windows NT and UNIX.  These environments are very unfriendly for the  3000+
DOS-based viruses.  There is a joke that Windows is a good virus detector - if
a Windows file gets infected by a DOS virus, it crashes :-)

There  are two known viruses that can infect Windows executables,  but none at
present that can infect OS/2  executables.  No known DOS viruses can run under
native  OS/2,  but only in a DOS session.  Also,  the constant upgrades to DOS
itself prevent some viruses from working altogether.

There  are three main areas of virus spread:  Large  businesses,   educational
institutions, and swopping disks among friends. Many large business are moving
to OS/2,  others will move to Windows NT. In both cases,  they are cutting out
an important vector of virus spread.  I  foresee that educational institutions
will  also move to these new operating systems in the near future.  The market
will  demand  students trained in them.  This will once again cut out a  major
vector for virus spreading.

That  leaves  the average user,  still running DOS.  His has  less  chance  of
getting a virus, since the two main vectors are being cut out. The most common
viruses  are boot sector infectors,  like Stoned.  While these may be able  to
infect a machine running OS/2, they will not spread from such a machine.

The other interesting development has been in the underground.  In the race to
create  the super-duper type viruses,  they have been trying to write  complex
viruses. These take longer to write and are usually more buggy. Thus they make
fewer  viruses.   In  order to brag,  they publish the viruses  in  electronic
magazines, and make them available for download on virus exchange BBS's.  This
means  that they end up in the hands of anti-virus authors,  before they  have
had a chance to spread widely. Thus the AV authors soon include detection, and
the virus does not spread very much.

Many virus exchange BBS's have mostly junk (virus wannabe's)  available. Since
the  person  downloading it only finds out afterwards,  the spread of  viruses
from these BBS's is not as bad as it might have been.

There  also  seems  to  be a growing maturity  amongst  some  members  of  the
underground,  leading to fewer virus writers and viruses. Hopefully, they will
ALL grow up soon.


Cheers, Ian