|
How Can You Stop a Trojan Horse?
by the Disk Doctor
--------------------------------------------
Copyright (C) 1987, the Disk Doctor.
First published in the Rochester (PC)^3 News:
Picture City PC Programming Club
PO BOX 20342
Rochester, NY 14602
The Disk Doctor may be contacted at this
address, or via CIS [73147,414].
This material may be reproduced for internal
use by other not-for-profit groups, provided
this copyright notice is included.
----------------------------------------------
I enjoy writing my Case Histories column,
and I have several humorous new episodes
in the works. I'll be back next month
with the funny stuff. This month, I
decided to discuss a serious topic. The
truth is, I couldn't think of anything
funny to say about trojan horse programs.
A Trojan Horse is software that you think
is useful, but once it gets inside your
computer, it maliciously erases your
disk(s) or worse. People who download
software off Bulletin Board Systems (BBSs)
are most vunerable. A trojan program
usually has a normal title, an interesting
description, and may appear to do
something useful. But while it runs, it
erases or formats all disk drives on your
system or worse! (It is possible to
execute low level commands that physically
and irreparably damage your computer
system.) We're talking about disk
terrorism, conducted on your very desktop!
Who knows what twisted minds would take
such a despicable action. Probably the
same creeps who put razor blades in
Halloween candy, or cyanide in Tylenol.
What can you do to protect yourself?
There are utilities that will write-
protect your hard drive. As mentioned at
the last meeting, this offers some
protection, but anything set in software
can be defeated in software.
Other utilities will print out all ASCII
text strings that appear within an .EXE or
.COM program. This will clue you ahead of
time of programs which contain messages
like "Arf. Arf. Got you!". Of course,
this will not protect you unless the jerk
delights in taunting the victim.
Actually,
the only safe solution is to pull the hard
disk controller card before you
experiment with new software. Or don't
experiment.
------------------------------------------
If you want to experiment anyways, you can
rely on common sense and cooperation.
Watch for these warning signs:
> no documentation other than a brief
description.
> a program you never heard of before
> a renamed, "enhanced" version of a
program you have heard of before
> no author's name, or anyone claiming
credit for uploading it
> outrageous claims, like doubling the
speed of your PC, or emulating an EGA on
a CGA monitor
> ridiculous file size - no word processor
worth anything has a file size of a few
thousand bytes
> a BASIC program which is stored in
"protected" mode so you can't LIST it
Now for the cooperation part of it:
> only use software from BBS's or a
library where the sysop tests programs
before making them public.
> only download software from a BBS where
users must register before uploading
files, the sysop verifies that no phoney
names are used, and the individual who
uploaded each file is traceable.
> if you discover a trojan, report it
immediately to all local BBS's.
> watch for the "Dirty Dozen" list (which
is now several dozen long) which is
updated periodically and found on BBS's
across the country. It lists trojans
and pirated software. Pirated software
may not ruin you, but it is illegal.
Rumors have it that software companies
put trojan versions of their programs on
BBS's to "discourage" piracy. In any
case, you are advised to pay for the
software you use, including shareware.
There is a lot of excellent public domain
software out there. Let's work together.
Don't let these crumbs spoil our fun.
------------------------------------------
What do you do after you run a trojan
horse? The remedy depends on the type of
damage done. Norton Utilities and other
undelete utilities will do no good against
certain types of disk damage.
It is possible to restore a high-level
formatted disk, but the process is so
tedious and time-consuming, it may be
not practical to retrieve more than a
small number of files.
There are utilities to recover from a
scrambled FAT or a high-level format, but
these only work when some backup is done
ahead of time (either manually or by
installing an automatic memory-resident
routine.)
For low-level formats, or overwritten
sectors, there is no remedy beyond a
recent backup. The single best prevention
remains regular back-ups. This is true
regardless of how your disk gets damaged.
