Virus

Question 1:
How to solve the virus crisis ?

Introduction and Purpose

As a regular reader of the newsgroup news:alt.comp.virus I know how serious the virus problem is. Every day there are new ones. The question immediate pops up: Can we solve the virus problem. IMO we can, however we have to pay a price. Part of the problem in this newsgroup is that the readers are not allowed to discuss what virusses are in detail. IMO that is wrong. IMO there is nothing wrong in discussing what a virus is. It is wrong to write a virus. It is wrong to modify a program, adding actions that where not intended by the original creator of the program. Explaining how a virus works will help to understand the general public what a virus does, how to prevent the virus to perform its deadly work and to solve the damage in case it has caused. Not only that if you know how virusses currently operate, you can study how they change, predict what they could do in the future and take protective actions.

Description
If you want to discus virusses than first we have to define what a virus is. IMO there are two different types: The first type of virusses are programs which take there actions based on errors in the operating system. The operating system does not perform as designed. The manufacturer of the operating system has to solve those problems. The second type of virusses are programs take actions not based on errors. They are written in standard available program languages but their functionality is not what the user expects. For example: they modify and or delete system files.

Only the second type are subject of this discussion. A virus program performs two tasks:

one task modifies the system (i.e. certain files) a second task is used to reproduce (i.e. to spread)

Reproduction uses two strategies: diskettes or e-mail.

Diskette reproduction could be as follows: Starting point is a diskette with one modified program. Loading and reading that diskette (to see which files it maintains) will not cause any harm. Executing the modified program will modify at least some of the the files in your system. Copying any of those modified files on a new diskette will take care for the reproduction process. e-mail reproduction goes more or less as follows: Starting point is an e-mail with an attachment. Receiving the e-mail does not cause any damage. Opening and executing the attachment will first result that some of your files are modified. Secondly that the program will issue an e-mail with the attachment to the people mentioned in your address book. As such the virus reproduces.

Answer part 1
IMO The first rule to follow, in order to solve the virus problem is that (application) programs should only be allowed to write to the files in their own root directory or in the files in their child directories but never in its parent directory i.e. the operating system should prevent that. However not completely. If they want than each time they should ask permission from the user (For example: at the beginning of Setup or to modify REGISTRY) The second rule is that programs downloaded via Internet should not be executed directly, but always first stored onto the disk.

The first rule allows a program to create files and directories relative to their own directory in which they reside i.e. in their child or offspring directories. That means programs should by preference only use relative disc addressing and not absolute disc addressing. Most application programs under Windows 98 (ME ?) already follow both rules. All Programs, Visual Basic scripts, Java scripts and Macros should follow both rules. The operating system itself should be an exception.

Answer part 2
Microsoft should supply the above feature as an option in its Operating Systems (Limited Edition). IMO many people will benefit if it excists.

Reflection
One current strategy to protect yourself against macros is the following: Do not execute programs (macros) from unreliable (not trusted) sources. IMO such a strategy is not very pratically on the long run (Currently, without any modification to the Operating System, it is one of the best). IMO the operating system should give the user a certain amount of build in protection. My suggestion does that. When you go to the URL http://16ton.com/htg/consp2.htm the following message is displayed: "You should be aware that any file you download from the network could contain malicious program code (application) or scripting language (documents). Simply viewing the contents of these files could be dangerous. Take precautions: do not download anything from a site that you do not trust. Are you sure you want to continue ?" There are 17 programs available of this home page. See Program Implementation for details. As part of download infomation I have added the following warning: "You have to trust the owner for that". I wish that the Operating System would be responsible for this security risk and that trust would not be an issue. A second type of strategy is to install Anti Virus (AV) software. The problem with AV software is that it requires continuous updates. My suggestion makes you less dependent on AV software. I can not quarantee that it solves all the problems. A different strategy to solve the virus problem is more severe punishment for the people who make those virusses. IMO that deterrent will not work as a general world wide solution. A different strategy is education. One current opinion is that it are only the lonely kids who write computer virus programs. All education is good and eduction about how to behave is worthwhile (for everyone of all ages). However telling someone that it is bad to write a virus I do not think will solve the problem. The Love Letter virus contains many different parts and functions. Each of those parts is important and worthwhile knowing for any programmer, because it can be usefull for his normal day by day work. It is the combination of those functions that make it dangerous. The price for my suggestion is less flexibility. That is a slight disadvantage. For me does disadvantages outperform the major advantage: More security

Technical Information

For a technical slide show about virusses see: http://www.seas.gwu.edu/~csci229/nov19/sld001.htm For a technical information and (old) source code see: http://www.tlsecurity.net/ For virii resources see: http://vx.netlux.org/

Virus
Question 1: Pertanyaan 1:
How to solve the virus crisis ? Bagaimana mengatasi krisis virus?

Introduction and Purpose Pendahuluan dan Tujuan

As a regular reader of the newsgroup news:alt.comp.virus I know how serious the virus problem is. Sebagai pembaca reguler newsgroup berita: alt.comp.virus Aku tahu betapa serius masalah virus. Every day there are new ones. Setiap hari ada yang baru. The question immediate pops up: Can we solve the virus problem. Pertanyaan langsung muncul: Dapatkah kita memecahkan masalah virus. IMO we can, however we have to pay a price. IMO kita dapat, namun kami harus membayar harga. Part of the problem in this newsgroup is that the readers are not allowed to discuss what virusses are in detail. Bagian dari masalah di newsgroup ini adalah bahwa pembaca tidak diizinkan untuk membahas apa yang virusses yang secara rinci. IMO that is wrong. IMO itu salah. IMO there is nothing wrong in discussing what a virus is. IMO tidak ada yang salah dalam mendiskusikan apa virus. It is wrong to write a virus. Adalah salah untuk menulis virus. It is wrong to modify a program, adding actions that where not intended by the original creator of the program. Adalah salah untuk memodifikasi program, menambahkan tindakan yang mana tidak diinginkan oleh pencipta asli program. Explaining how a virus works will help to understand the general public what a virus does, how to prevent the virus to perform its deadly work and to solve the damage in case it has caused. Menjelaskan cara kerja virus akan membantu untuk memahami masyarakat umum apa virus tidak, bagaimana mencegah virus untuk melakukan pekerjaan yang mematikan dan memecahkan kerusakan dalam kasus itu telah menyebabkan. Not only that if you know how virusses currently operate, you can study how they change, predict what they could do in the future and take protective actions. Tidak hanya itu jika anda tahu bagaimana virusses saat ini beroperasi, Anda bisa belajar bagaimana mereka berubah, memprediksi apa yang bisa mereka lakukan di masa depan dan mengambil tindakan protektif.

Description Keterangan
If you want to discus virusses than first we have to define what a virus is. Jika Anda ingin virusses diskusi dari pertama kita harus mendefinisikan apa virus. IMO there are two different types: IMO ada dua jenis yang berbeda: The first type of virusses are programs which take there actions based on errors in the operating system. Jenis pertama virusses adalah program yang mengambil tindakan berdasarkan ada kesalahan dalam sistem operasi. The operating system does not perform as designed. Sistem operasi tidak melakukan seperti yang dirancang. The manufacturer of the operating system has to solve those problems. Para produsen dari sistem operasi memiliki untuk memecahkan masalah tersebut. The second type of virusses are programs take actions not based on errors. Jenis kedua adalah program virusses mengambil tindakan tidak

didasarkan pada kesalahan. They are written in standard available program languages but their functionality is not what the user expects. Mereka ditulis dalam standar bahasa program yang tersedia, tetapi fungsi mereka bukan apa pengguna mengharapkan. For example: they modify and or delete system files. Sebagai contoh: mereka memodifikasi dan atau menghapus file sistem. Only the second type are subject of this discussion. Hanya jenis kedua adalah subjek dari diskusi ini. A virus program performs two tasks: Sebuah program virus melakukan dua tugas: one task modifies the system (ie certain files) satu tugas memodifikasi sistem (file tertentu yaitu) a second task is used to reproduce (ie to spread) tugas kedua digunakan untuk mereproduksi (yaitu untuk menyebarkan)

Reproduction uses two strategies: diskettes or e-mail. Reproduksi menggunakan dua strategi: disket atau e-mail. Diskette reproduction could be as follows: Starting point is a diskette with one modified program. Reproduksi disket bisa sebagai berikut: Titik awal adalah disket dengan satu program yang telah dimodifikasi. Loading and reading that diskette (to see which files it maintains) will not cause any harm. Loading dan membaca bahwa disket (untuk melihat file mana ia mempertahankan) tidak akan menyebabkan kerusakan apapun. Executing the modified program will modify at least some of the the files in your system. Pelaksana program yang telah dimodifikasi akan mengubah setidaknya beberapa file-file di sistem anda. Copying any of those modified files on a new diskette will take care for the reproduction process. Menyalin semua file-file diubah pada disket baru akan mengurus untuk proses reproduksi. e-mail reproduction goes more or less as follows: Starting point is an e-mail with an attachment. e-mail reproduksi berjalan kurang lebih sebagai berikut: Titik awal adalah e-mail dengan lampiran. Receiving the e-mail does not cause any damage. Menerima e-mail tidak menyebabkan kerusakan apapun. Opening and executing the attachment will first result that some of your files are modified. Membuka dan menjalankan lampiran pertama akan hasil bahwa beberapa file Anda diubah. Secondly that the program will issue an e-mail with the attachment to the people mentioned in your address book. Kedua bahwa program akan mengeluarkan e-mail dengan lampiran ke orang yang disebutkan dalam buku alamat Anda. As such the virus reproduces. Dengan demikian virus mereproduksi.

Answer part 1 Jawaban bagian 1

IMO IMO The first rule to follow, in order to solve the virus problem is that (application) programs should only be allowed to write to the files in their own root directory or in the files in their child directories but never in its parent directory ie the operating system should prevent that. Aturan pertama untuk mengikuti, untuk memecahkan masalah virus adalah bahwa (aplikasi) program hanya diijinkan untuk menulis ke file dalam direktori root sendiri atau di file dalam direktori anak mereka tetapi tidak pernah dalam direktori induknya yaitu operasi sistem harus mencegah hal itu. However not completely. Namun tidak sepenuhnya. If they want than each time they should ask permission from the user (For example: at the beginning of Setup or to modify REGISTRY) Jika mereka inginkan daripada setiap kali mereka harus meminta izin dari pengguna (Misalnya: pada awal Setup atau untuk memodifikasi Registry) The second rule is that programs downloaded via Internet should not be executed directly, but always first stored onto the disk. Aturan kedua adalah bahwa program download melalui Internet tidak seharusnya dieksekusi secara langsung, tetapi selalu pertama disimpan ke disk.

The first rule allows a program to create files and directories relative to their own directory in which they reside ie in their child or offspring directories. Aturan pertama memungkinkan program untuk membuat file dan direktori relatif ke direktori mereka sendiri di mana mereka tinggal yaitu di anak mereka atau direktori keturunan. That means programs should by preference only use relative disc addressing and not absolute disc addressing. Itu berarti program harus oleh preferensi hanya menggunakan pengalamatan relatif disk dan disk tidak mutlak menangani. Most application programs under Windows 98 (ME ?) already follow both rules. Kebanyakan program aplikasi di bawah Windows 98 (ME?) Sudah mengikuti kedua aturan. All Programs, Visual Basic scripts, Java scripts and Macros should follow both rules. Semua Program, script Visual Basic, skrip Java dan Macro harus mengikuti kedua aturan. The operating system itself should be an exception. Sistem operasi itu sendiri harus pengecualian.

Answer part 2 Jawaban bagian 2

Microsoft should supply the above feature as an option in its Operating Systems (Limited Edition). Microsoft harus menyediakan fitur di atas sebagai pilihan dalam Sistem Operasi nya (Edisi Terbatas). IMO many people will benefit if it excists. IMO orang banyak akan mendapatkan keuntungan jika excists.

Reflection Refleksi
One current strategy to protect yourself against macros is the following: Do not execute programs (macros) from unreliable (not trusted) sources. Salah satu strategi saat ini untuk melindungi diri terhadap macro adalah sebagai berikut: Jangan menjalankan program (macro) dari diandalkan (tidak dipercaya) sumber. IMO such a strategy is not very pratically on the long run (Currently, without any modification to the Operating System, it is one of the best). IMO strategi seperti itu tidak terlalu pratically pada jangka panjang (Saat ini, tanpa modifikasi untuk Sistem Operasi, ini adalah salah satu yang terbaik). IMO the operating system should give the user a certain amount of build in protection. IMO sistem operasi harus memberikan pengguna sejumlah membangun di perlindungan. My suggestion does that. Saran saya melakukan itu. When you go to the URL http://16ton.com/htg/consp2.htm the following message is displayed: Ketika Anda pergi ke URL http://16ton.com/htg/consp2.htm pesan berikut ditampilkan: "You should be aware that any file you download from the network could contain malicious program code (application) or scripting language (documents). Simply viewing the contents of these files could be dangerous. Take precautions: do not download anything from a site that you do not trust. Are you sure you want to continue ?" "Anda harus menyadari bahwa setiap file yang Anda download dari jaringan bisa berisi kode program berbahaya (aplikasi) atau bahasa scripting (dokumen) Cukup melihat isi dari file-file ini bisa berbahaya Ambil tindakan pencegahan:.. Tidak men-download sesuatu dari sebuah situs yang Anda tidak percaya Anda yakin ingin melanjutkan?. " There are 17 programs available of this home page. Ada 17 program yang tersedia dari halaman rumah. See Program Implementation for details. Lihat Pelaksanaan Program untuk rincian. As part of download infomation I have added the following warning: "You have to trust the owner for that" . Sebagai bagian dari informasi download saya telah menambahkan peringatan berikut: "Anda harus percaya pemilik untuk itu". I wish that the Operating System would be responsible for this security risk and that trust would not be an issue. Saya berharap bahwa Sistem Operasi akan bertanggung jawab untuk risiko keamanan dan kepercayaan yang tidak akan menjadi masalah. A second type of strategy is to install Anti Virus (AV) software. Tipe kedua strategi adalah untuk menginstal Anti Virus (AV) perangkat lunak. The problem with AV software is that it requires continuous updates. Masalah dengan perangkat lunak AV adalah bahwa ia memerlukan update terus menerus. My suggestion makes you less dependent on AV software. Saran saya membuat Anda kurang bergantung pada perangkat lunak AV. I can not quarantee that it solves all the problems. Saya tidak dapat quarantee bahwa itu memecahkan semua masalah.

A different strategy to solve the virus problem is more severe punishment for the people who make those virusses. Sebuah strategi yang berbeda untuk memecahkan masalah virus adalah hukuman lebih berat bagi orang yang membuat mereka virusses. IMO that deterrent will not work as a general world wide solution. IMO yang jera tidak akan bekerja sebagai solusi dunia yang umum luas. A different strategy is education . Sebuah strategi yang berbeda adalah pendidikan. One current opinion is that it are only the lonely kids who write computer virus programs. Satu pendapat saat ini adalah bahwa hal itu hanya anakanak kesepian yang menulis program virus komputer. All education is good and eduction about how to behave is worthwhile (for everyone of all ages). Semua pendidikan yang baik dan pendidikan tentang bagaimana berperilaku bermanfaat (untuk semua orang dari segala usia). However telling someone that it is bad to write a virus I do not think will solve the problem. Namun mengatakan bahwa seseorang itu buruk untuk menulis virus saya tidak berpikir akan memecahkan masalah. The Love Letter virus contains many different parts and functions. Virus Surat Cinta mengandung banyak bagian yang berbeda dan fungsi. Each of those parts is important and worthwhile knowing for any programmer, because it can be usefull for his normal day by day work. Setiap bagian-bagian penting dan bermanfaat bagi programmer mengetahui apapun, karena bisa berguna untuk hari normal melalui pekerjaan hari. It is the combination of those functions that make it dangerous. Ini adalah kombinasi dari fungsi-fungsi yang membuatnya berbahaya. The price for my suggestion is less flexibility. Harga untuk saran saya adalah fleksibilitas kurang. That is a slight disadvantage. Itu adalah sedikit kerugian. For me does disadvantages outperform the major advantage: More security Bagi saya tidak kekurangan mengungguli keuntungan utama: keamanan More

Technical Information Informasi Teknis

For a technical slide show about virusses see: http://www.seas.gwu.edu/~csci229/nov19/sld001.htm Untuk slide show teknis tentang virusses lihat: http://www.seas.gwu.edu/ ~ csci229/nov19/sld001.htm For a technical information and (old) source code see: http://www.tlsecurity.net/ Untuk informasi teknis dan (lama) kode sumber lihat: http://www.tlsecurity.net/ For virii resources see: http://vx.netlux.org/ Untuk virii sumber lihat: http://vx.netlux.org/