CrisNews #2 - 05/01/94 Reprinted With Permission By: Cris Research Staff The Virus Threat (c) Ian Douglas 1993 Has the threat from viruses started to decline? �The number of viruses for the IBM PC (Intel x86) platform grows daily, but various events are making the IBM environment safer. �(Experts predict around 4000 - 6000 DOS viruses by the end of 1994.) Chief �amongst these is the move away from DOS to new operating systems. ��The trend �started �with �Windows �(not really �an �operating �system), ��and �has accelerated with the advent of a reliable OS/2. �Further down the line, �there is Windows NT and UNIX. �These environments are very unfriendly for the �3000+ DOS-based viruses. �There is a joke that Windows is a good virus detector - if a Windows file gets infected by a DOS virus, it crashes :-) There �are two known viruses that can infect Windows executables, �but none at present that can infect OS/2 �executables. �No known DOS viruses can run under native �OS/2, �but only in a DOS session. �Also, �the constant upgrades to DOS itself prevent some viruses from working altogether. There �are three main areas of virus spread: �Large �businesses, ��educational institutions, and swopping disks among friends. Many large business are moving to OS/2, �others will move to Windows NT. In both cases, �they are cutting out an important vector of virus spread. �I �foresee that educational institutions will �also move to these new operating systems in the near future. �The market will �demand �students trained in them. �This will once again cut out a �major vector for virus spreading. That �leaves �the average user, �still running DOS. �His has �less �chance �of getting a virus, since the two main vectors are being cut out. The most common viruses �are boot sector infectors, �like Stoned. �While these may be able �to infect a machine running OS/2, they will not spread from such a machine. The other interesting development has been in the underground. �In the race to create �the super-duper type viruses, �they have been trying to write �complex viruses. These take longer to write and are usually more buggy. Thus they make fewer �viruses. ��In �order to brag, �they publish the viruses �in �electronic magazines, and make them available for download on virus exchange BBS's. �This means �that they end up in the hands of anti-virus authors, �before they �have had a chance to spread widely. Thus the AV authors soon include detection, and the virus does not spread very much. Many virus exchange BBS's have mostly junk (virus wannabe's) �available. Since the �person �downloading it only finds out afterwards, �the spread of �viruses from these BBS's is not as bad as it might have been. There �also �seems �to �be a growing maturity �amongst �some �members �of �the underground, �leading to fewer virus writers and viruses. Hopefully, they will ALL grow up soon. Cheers, Ian