------------------------------------------------------------------------ COOL FTP FILE OF THE WEEK | You may need this file . . . ------------------------------------------------------------------------ Virus Simulator Ver 2C -Audit and demonstrate anti-virus protection. Rosenthal Engineering's absolute necessity for anyone serious about virus defense, security and training. "Unreservedly recommended!" by Computer Virus Developments Quarterly. Used in tests conducted by National Software Testing Labs. for Software Digest and PC Digest. Written about in Computerworld, Virus Bulletin, Virus News Int., Telecomputing etc. You can find this as VIRSIM2C.ZIP on the following FTP site: ftp.crl.com/users/su/supportu/virsim2c.zip ------------------------ Virus Simulators . . . | ------------------------ I almost always pick the FTP File of the Week. I usually pick it from a cool web page I saw or the ASP CDROM. Last week I picked it from the ASP CDROM. If you remember, it was the virus simulator. I admit I didn't run the program and test it, but maybe I should have . . . From: jpatanen@hit.fi (Jani Patanen) Reply-To: jpatanen@hit.fi ========================================================================= I find advocating (sorry, wrong word) this product dangerous. It says in the documentation: ============== The simulators all produce safe and controlled dummy test virus samples that enable users to verify that they have installed and are using their =============== There is only one problem. Those are not real viruses, so only thing one can test is the false alarm rate of a program. If a scanner flags files created by this "virus simulator" as a virus, then it's false positive as it's not really a virus. with tests like these even a terrible scanner may get good results and good scanner that identifies those files as non-viruses gets bad results. Mr. John Doe looks at the results and then starts using the terrible scanner. ========CUT=======QUOTE======= VIRSIM.COM generates controlled programs infected with the signatures (only) of several viruses. Virus Simulator's ability to harmlessly =======END QUOTE============= Who's signatures? There is no universal virus signature that every scanner uses. Files created by "virus simulator" contains some strings that the author of the simulator thinks, a scanner should pick as those strings appear in the real virus. There is only one problem: Not every product uses same search string. I ran a small test. I created some 400 files with the simulator. This is what F-Prot 2.21 got out of them: Results of virus scanning: Files: 412 (268 KB) Scanned: 412 (268 KB) Infected: 16 That's 3.9% hit rate! Yet F-prot detects more than 90% (usually in 96-99% region) of the real viruses that has been used in different tests. TBAV reported 95 infected files (about 23%). yet it detects as much real viruses as F-prot. (hit rate in same over 90% region). I went and looked for virus-l FAQ, and here's what it says about simulators : F6) What are "virus simulators" and what use are they? There are three different kinds of programs that are often called "virus simulators". None of the three generate actual viruses. The first kind demonstrate the audio- and video-effects of some real computer viruses. The second kind are programs that simulate a virtual environment--a virtual computer, with virtual disks, virtual files, and virtual viruses on them. The user of such programs can manipulate the simulated objects, letting the simulated viruses infect the simulated files on the simulated disks, watching every step of the process, without a danger of "real infection". The third kind are programs that generate files containing scan strings used by some scanners to detect real viruses. The idea is that those scanners will detect the generated files too, thus letting the user get the feeling of what discovering a virus is like, but without the danger of risking a real infection. There are three ways in which virus simulators are usually used: 1) For educational purposes. The second kind of virus simulators are very useful and valuable for this purpose, provided the simulated environment is realistic enough. The first kind are also somewhat useful--mainly teaching the users what the video- or audio-effects of particular viruses are like. There is the danger, however, that users will get the incorrect impression that every computer virus demonstrates itself in some visible or audible way. The third kind of virus simulators are not useful for this purpose--they do not show how computer viruses work, do not show what computer viruses do, and because their virus fragments are not reliably detected as viruses by many good scanners, may give the wrong impression of a scanner's value. 2) As an installation check that antivirus defenses are installed and working. The first and second kinds of virus simulators are unsuitable for this, because they do not trigger any antivirus defenses. Even the third kind of virus simulators have a rather limited value in this regard, as the files generated by them often fail to trigger virus defenses, which are designed to protect against real viruses. Unlike the producers of such simulators, many believe it is the job of the producer of an antivirus product to provide the means of checking whether their product is installed and working. This position is based on the authors knowing their products better than anyone else and that updated check methods will normally be provided as the antivirus defenses employed in any given product change. 3) As a test of the quality of the antivirus defense--usually a scanner. Again, the first two kinds of simulators are unsuitable for this purpose because they do not trigger antivirus defenses. The third kind of virus simulators often do, from which many users get the impression that they are suitable for these testing purposes. This is a serious misconception. The files that such programs generate are not real viruses; antivirus programs, particularly virus-specific ones like scanners, are designed to detect real viruses. Therefore, one must not draw a conclusion from the ability or the inability of a product to detect "simulated viruses" of the third kind--the fact that they are detected does not necessarily mean that a real virus will be detected, and the fact that they are not detected does not mean that the real virus it is supposed to represent will not be detected! One exception to the above are simulators that do not generate files containing scan strings, but which simulate the different kinds of attacks that real viruses use, but without being able to replicate. Examples of such attacks include different methods of tunnelling, stealth, attacks against integrity checkers, and so on. Such simulators are useful for testing antivirus products that are not virus-specific, especially if the simulator exercises a wide range of known attacks. ------------------------------------------------------------------------ COOL FTP FILE OF THE WEEK | You may need this file . . . ------------------------------------------------------------------------ A MUSICAL TUTORIAL v1.2 - An excellent way to promote and encourage musical study using a graphically oriented environment. Treble / Bass note & chord sight reading. Associate notes to piano keys. Chord dict. Musical games. Play, view and print scales, chords, and broken chords. User log. Play classics. Print sight reading test papers. Key signatures, Etc. Makes music lessons fun for children or adults. VGA required. You can find this as MTDOS12.ZIP on the following FTP site: ftp.crl.com/users/su/supportu/mtdos12.zip ------------------------------------------------------------------------ COOL FTP FILE OF THE WEEK | You may need this file . . . ------------------------------------------------------------------------ From Diapers To Diplomas Version 2.2 An electronic 'Baby Book'. Keeps track of Birth Information, Vital Statistics, Growth, Special Friends, Teachers, Awards, Special Events, Accomplishments, Medical and Dental Records, and more. Many print-outs. Very easy to learn and use. It is compatible with nearly any IBM PC, printer, and monitor on the market. Shareware -- $19.00 You can find this as DIADIP22.ZIP on the following FTP site: ftp.crl.com/users/su/supportu/diadip22.zip If you requested a program from a previous issue, it is now up on the FTP site! Grab it now! ------------------------------------------------------------------------ COOL FTP FILE OF THE WEEK | You may need this file . . . ------------------------------------------------------------------------ APT Mailing Assistant for OS/2 Print envelopes and labels with POSTNET bar codes on HP compatible laser, deskjet, or Epson compatible dot matrix printers. Supports multiple address files, import/export, bulk mailing and printing of bulk mail permit. Registered version is CASS certified. You can find this as APMAO115.ZIP on the following FTP site: ftp.crl.com/users/su/supportu/apmao115.zip If you requested a program from a previous issue, it is now up on the FTP site! Grab it now! þ