Virus and firewalls

[bak006]

Hi,

do you know if is there a new release of an antivirus for OS4 (ppc native)?

I know that there aren't ppc virus in general and for OS4 in particular but I think that say "Virus in Amiga OS? No problem they aren't" is quite dangerous...

Thanks in advance.

Luke

[Piru]

Unfortunately xvs.library does not work with OS4, and this pretty much rules out most of the antivirus apps. The author is looking for help.

Couple of years ago I helped getting xvs.library working with MorphOS, and I've used VirusZ III ever since.

I don't see any reason why the antivirus app should be PPC native, at least there is no reason for that with MorphOS. With 48h uptime, VirusZ_III has used total 30 seconds of CPU time.

[Hyperspeed]

I use Virus Executor, that seems to be the best developed.

Here's an interesting question now you mention PPC though... are some viruses incompatible with certain processors in the 68k range?

For example, would the shift from '030 to '060 stop certain viruses working properly?

And how do they survive a warm reset (RAD: is another oddity)...

[bak006]

Hyperspeed wrote:
I use Virus Executor, that seems to be the best developed.

Here's an interesting question now you mention PPC though... are some viruses incompatible with certain processors in the 68k range?

For example, would the shift from '030 to '060 stop certain viruses working properly?

And how do they survive a warm reset (RAD: is another oddity)...

I don't know if there is incompatibility between 68k's processors...maybe, but I think that a virus uses the OS and not the processor.

As under windows...various viruses uses OS processes and not instructions inside Pentium 3,4,5 or Amd cpu.

Luke
 

[Piru]

@Hyperspeed

are some viruses incompatible with certain processors in the 68k range?

Certainly so. Many viruses broke when instruction cache was introduced with 68020 and later CPUs. Mainly this was due to self modifying code (or decryption) and failure to flush the caches.

Another source for incompatibility could come from use of "unused" bits to fool the disassembler. While these bits were usused on 68000, with 68020 and later these bits would for example indicate index multiplier [example: move.l 0(a0,d0.l*,d1 behaves like move.l 0(a0,d0.l),d1 on 68000].

Another example is move.w sr,d0, which is user mode instruction on 68000, but supervisor on 68010 and later.

For example, would the shift from '030 to '060 stop certain viruses working properly?

This is unlikely. If the virus is smart enough to work on 68020 and 68030, it would be really stupid to break on 68060.

And how do they survive a warm reset

Simple: There's ready functionality provided in the OS for this. Cool/Cold/WarmCapture vectors in execbase (these were used by bootblock viruses) and KickMemPtr/KickTagPtr in execbase (these were used by more complex things).

(RAD: is another oddity)...

Not really, it uses KickMemPtr/KickTagPtr.

[Hyperspeed]

I believe there should always be a hardware override to protect against crafty code such as viruses.

To leave hardware at the mercy of software is dangerous, I mean if the BIOS can be flashed by a simple program (as is the case with CDRW drives and the PPCs) then they could potentially be destroyed by a malicious program.

The internet is another thing, I believe backdoor programs could be a severe threat even to Amiga users especially with broadband.

Wonder if anyone uses their Amiga as a hardware firewall in some way...›

I found Hitchhiker 4.11 and reported it to Virus Help Denmark, I found this with Virus-Z before moving onto Virus Executor.

Years ago I found a bootblock virus on a Heimdall 2 copy a friend lent me. Didn't say the name of it though.