home *** CD-ROM | disk | FTP | other *** search
-
-
-
-
-
-
-
-
-
- Dc89scan
-
- DataCrime Virus Detection
-
- Copyright 1989, Sector Technology
-
- Author: Michael Allen
-
-
-
-
-
-
- Introduction:
- -------------
-
- Sector Technology is pleased to provide you with this FREE
- utility that will scan your PC for the presence of the "Columbus
- Day", "Datacrime 1(a) and 1(b)" or "Friday the 13th" virus. You
- are encouraged to make copies of this program and documentation
- to pass along to your friends and workmates. We only ask that you
- keep the package intact and do not modify the program or
- documentation.
-
- We welcome the opportunity to provide you with this utility, we
- cannot, however warrant detection of any other strains other than
- the two we have verified. We make no warranties implied or
- otherwise and assume no responsibility for any adverse effects
- which may be caused as a result of this software program. By the
- use of this program, the user accepts responsibility and
- understands that the use is at their own risk.
-
- Sector Technology, headquartered in Falls Church, Virginia, is in
- the business of providing security solutions to both the
- government and corporate organizations. We are not in the
- business of capitalizing on the fears of a particular virus
- scare. We specialize in solving problems in computer security
- and classified material handling, both in the collateral and
- special access arenas.
-
- Sector Technology's Computer Security Division offers a complete,
- totally compatible line of computer security products that range
- from a low cost, basic access control, anti-virus, encryption
- product (Port of Entry), up through a mainframe-like
- hardware/software security package (Sentinel) for the IBM
- PC/XT/AT, PS/2 and compatible computer systems. We also provide
- the ultimate security package for the Macintosh environment
- called Empower. These products are described in more detail
- below.
-
- Instructions:
- -------------
-
- The Dc89scan program performs a very simple and straight forward
- task. It scans all the .COM files on the disk drive you specify
- looking for signs of the two known stains of the DataCrime virus.
-
- To run Dc89scan, enter the program name at the DOS prompt along
- with the disk drive letter and an optional path (if you want to
- check only those files in a particular sub-directory). For
- example, to check all the .COM files on your C: drive, enter:
-
- Dc89scan C:
-
- Dc89scan will read all the .COM files in all sub-directories on
- the C: drive. If you specify a sub-directory, such as:
-
- Dc89scan C:\DOS
-
- It will check just the .COM files in the DOS sub-directory and
- any sub-directories within and below the DOS sub-directory.
-
- When you run Dc89scan, it begins its checking. It lists
- the filenames of infected files along the left side of the screen
- as shown below:
-
- ┌────────────────────────────────────────────────────────────────────┐
- │Infected files: ┌──────────────────────────────────────────────┐│
- │ │ DC-SCAN ││
- │IBMBIO.COM (1168) │ Copyright 1989, Sector Technology ││
- │CHKDSK.COM (1280) │ ││
- │DISKCOPY.COM (1168) │DC-Scan checks all your .COM files for the ││
- │FORMAT.COM (1168) │DataCrime (Columbus Day) virus. ││
- │MODE.COM (1168) │It checks for both the '1168' and the '1280' ││
- │PRINT.COM (1168) │strains. All files listed should be deleted ││
- │EDLIN.COM (1280) │from your system before October 12! ││
- │ │ ││
- │ │This program is provided free of charge by ││
- │ │Sector Technology as a service to PC users. ││
- │ │ ││
- │ │Sector Technology is in the security business.││
- │ │Our products are for all levels of business ││
- │ │and government, including: Port of Entry, ││
- │ │The Citadel Security System, and The Sentinel ││
- │ │Security System. Please read the documents ││
- │ │for details, or call: (703) 845-0323. ││
- │ └──────────────────────────────────────────────┘│
- │ │
- │ Sub-directory: DOS │
- │ File: MORE.COM │
- │ │
- │ Press [Shift-PrtSc] to print list of infected files │
- └────────────────────────────────────────────────────────────────────┘
-
- If more than 23 files are infected, Dc89scan will pause to allow
- you to print (PrtSc) the list before clearing the list from the
- screen.
-
- The number in parenthesis by the filename of each infected file
- indicates which strain of the DataCrime virus was found. The
- number refers to the number of bytes added to the .COM file by
- the virus. The two strains are known as the 1168 virus and the
- 1280 virus.
-
- The DataCrime virus infects only .COM files. When an infected
- .COM file is executed, the added virus code checks the system
- date. If the current date is after October 12, the virus
- displays:
-
- DATACRIME VIRUS
- RELEASED 1 MARCH 1989
-
- It then formats the first eight tracks of the hard disk wiping
- out your master boot record, partition table, and the DOS
- partition boot record. Not a nice thing to have happen!
-
- The virus can infect .COM files on drive C:, D:, A: or B:. It
- skips COMMAND.COM (or any .COM file with a 'D' in the 7th place
- of its filename) and .COM files whose length is less than seven
- bytes.
-
-
- PRODUCT LINE
- ------------
-
- Sector Technology's Computer Security Division offers a complete,
- totally compatible line of computer security products, including:
-
- Port of Entry. A low cost, non-administrative solution to
- microcomputer security needs. Access to the system requires a
- verified user name, minimal 6-character password and a project
- name or number. Port of Entry provides two very strong anti-
- virus programs. The first, Safeboot, takes over the boot system
- sequence and verifies the boot sector, DOS and command.com are
- clean before the system boots. It will detect viruses like the
- Brain and Lehigh that infect the boot sector. The second
- program, Virwatch, is a device driver that monitors access to all
- .COM, .EXE and .SYS files and the boot record and will detect and
- prevent unauthorized modification, deletion or renaming of these
- files.
-
- Port of Entry also provides disklock protection (accessing the
- hard drive by booting from the A drive), file-by-file encryption,
- adjustable automatic logoff with screen blanking, audit trails,
- project billing feature and secure file transmission. Retail
- price-$75.
-
- Our Sentinel Microcomputer Security System provides the ultimate
- in micro-computer security. Sentinel is a hardware/software
- security system which has been successfully evaluated by the
- National Security Agency. Sentinel is the only security system to
- be granted a patent by the U.S. Patent and Trademark Office for
- concept and design. On-board storage of audit trails, encryption
- keys, passwords and access rights' table ensures a tamper proof
- and truly accountable method of tracking system usage and
- authorized access to files. DES or Sector's proprietary algorithm
- is handled via hardware so it is fast and virtually transparent.
- Encryption can be set globally, by application, by user, or may
- be user selected. In a network environment, Sentinel encrypts
- and decrypts at the workstation and ensures the confidentiality
- of all files going to and from the LAN file server. Read only,
- read/write and execute only options ensure proper access to
- specified files. Protection, audit trails, encryption and
- protection are handled on a file by file basis, not by
- directories or sub-directories. Two-tier administration allows
- delegation of responsibilities. Labels are attached to the files
- providing access and other information irrespective of where that
- file is stored. Sentinel also provides password expiration,
- secure file transmission, automatic logoff, project billing
- feature, copyright protection, memory purging and virus
- protection:
- Retail price - $465; $495 with DES.
-
- The Citadel Microcomputer Security System is the software version
- of Sentinel. Retail price - $195.
-
- Empower, the security system for the Macintosh world, offers a
- wide range of features. Empower provides transparent encryption,
- handles multi-user environments, provides for multiple access
- levels, optional guest access, hard disk protection and user-
- specified automatic logoff (also doubles as a screen saver).
- Empower also provides a complete set of controls for floppy,
- internal and external hard disks.
-
- Sector Technology's Security Division offers our proprietary
- Integrated Security Management System (ISMS). The ISMS is a
- comprehensive, modular, computer-based system that automates most
- security functions in a security office. ISMS uses bar code
- technology to manage and track U.S. Government classified
- material and personnel access information. ISMS is written in
- PROGRESS, a top-rated fourth generation language, that provides
- superior portability from PC-DOS personal computers to micros and
- minis running UNIX (XENIX on 286/386 PCs). Host architectures
- include IBM, compatibles, AT&T, NCR, Plexus and the VAX/VMS
- systems.
-
- ISMS is menu driven with on-line help. We offer automation for
- the following functions:
-
- * Classified Document Control
- * Organization Management
- * Visitor Control
- * Contract Management
- * PSQ preparation/Tracking
- * Storage Container Management
- * Security Suspense Tracking
- * Receipt Printing
- * Guard Tour Management
- * Personnel Security Records
- * Printing of DD48's, 49's and 254's
- * Vehicle Management
- * Outgoing Visitor Management
- * Incident/Violation Recording
-
- Sector Technology's Security Operations Division actually staffs
- and runs document and visitor control facilities for many
- Department of Defense agencies and Special Access Programs. Our
- personnel have clearances and the expertise to guide corporations
- or agencies active in the Defense Industrial Security Program
- through the ins and outs of this complex and ever changing
- program.
-
- Our Professional Services Division provides in-depth experience
- in system analysis, hardware integration and software design.
-
- Our business is Security, and whatever your security needs, we at
- Sector Technology are dedicated to supply your organization with
- the products and services needed to provide solutions.
-
- seminars/training
-
- Sector technology offers comprehensive series of security
- awareness seminars. These seminars may be structured as general
- in nature or designed to address specific security issues
- tailored to your organizational requirements.
-
- Our business is Integrated Security and Systems; Whatever your
- security needs.
-
- For more information on the products and services provided by
- Sector Technology, please contact us at our Corporate
- Headquarters listed below:
-
-
- Sector Technology
- Integrated Security Management
- 6 Skyline Place, Suite 900
- 5109 Leesburg Pike
- Falls Church, Virginia 22041-3201
- Tel: (703) 379-1800
- FAX: (703) 845-0323
-
-
-
-
- Additional products provided by Digital Dispatch, Inc.
- ------------------------------------------------------
-
- DATA PHYSICIAN
- --------------
-
- Data Physician is a set of programs designed to help protect
- your PC-DOS or MS-DOS computer system from software viruses and
- logic bombs. Together, they represent the state-of-the-art in
- handling these growing threats.
-
- Most of the Data Physician programs can be used alone or in
- concert, the latter which may result in some harmless overlap in
- protection. We include several different approaches to virus
- protection so that the user can find an approach that makes sense
- for his or her system configuration and the nature of the
- evolving virus threat.
-
- Below is a list of the major Data Physician programs, along with
- a brief description. The installation and use of each program is
- covered in more detail in later sections of this document.
-
- DATAMD is the original virus protection, detection, and removal
- program. It allows you to detect whether an unauthorized change
- has occurred in any file or system area on your disk, and also
- allows the removal of most types of viruses from previously
- protected programs.
-
- NOVIRUS works with the data created by DATAMD and runs virus
- detection in background mode while you perform other tasks on
- your system. This can be helpful if you have many files to
- monitor or if you want continuous security monitoring of the
- nature that DATAMD provides.
-
- VirALERT (same as VirWatch, included with Port of Entry) runs
- continually in the background to intercept changes to executable
- and operating system files (.EXE, .COM & .SYS files). VirALERT
- also watches for changes to the boot record, disk formatting
- attempts, TSR (terminate and stay resident) program
- installations, and other "sneaky" memory techniques used
- primarily by viruses. Unlike DATAMD, VirALERT catches changes
- before they occur on your system, but cannot remove an already
- present virus. The choice of which approach makes the most sense
- for your system depends on personal preference and the specifics
- of your system usage.
-
- SAFEBOOT (also included with Port of Entry) protects your
- operating system files and installs a custom DOS boot record that
- decrypts them into memory as needed. Many current viruses infect
- the operating system because it provides such a powerful vantage
- point. SAFEBOOT provides a critical layer of protection that
- should be used whenever possible.
-
- ANTIGEN allows DATAMD-like virus protection to be installed
- directly onto any executable program. Each time a protected
- program is run, it checks itself for tampering and is capable of
- removing certain types of viruses on its own. ANTIGEN is useful
- where the protected program needs to be widely distributed and
- you want it to continue to be protected.
-
- FILEPEEK allows you to inspect programs for suspicious-looking
- messages. Many viruses and other villainous programs contain
- messages that are used to taunt the hapless victim after it is
- too late for him or her to prevent damage. With FILEPEEK, you
- can preview new programs for material that seems out of context
- with their purpose.
-
- While it is impossible to predict the exact form that a software
- virus will take, there is one activity common to all viruses:
- they must write to the disk and change files or system areas in
- order to "infect". Data Physician is designed to detect these
- unauthorized changes. Even intelligent viruses that use file
- compression and/or checksum adjustment to try to hide their
- activity can be detected by the Data Physician algorithms.
-
- There are four major approaches taken by Data Physician to detect
- or otherwise protect against viral activity:
-
- 1) The DATAMD and ANTIGEN programs save a "signature" on each
- protected file that consists of a cryptographic checksum plus
- additional proprietary profiling data that allows both the
- detection of a virus-like change, and the ability to remove
- certain types of viruses from the infected file. Even in cases
- where multiple generations of a virus have infected the same
- file, these programs are normally able to restore the original
- file. NOVIRUS uses the file protection data generated by DATAMD
- to provide the same features while running in "background" mode
- on your system.
-
-
- 2) VirALERT intercepts and warns you of attempts to manipulate
- files or system areas. You can control the conditions under
- which these warnings are generated, and also choose the
- subsequent action to take.
-
- 3) SAFEBOOT protects the operating system files and customizes
- the boot record. If any of these files are changed or replaced
- by a virus, the remaining protected files detect and report the
- change.
-
- 4) FILEPEEK allows you to inspect programs for suspicious
- messages that viruses commonly contain.
-
-
-
-
-
-
-
-
-
-
-