Possibility of Amiga virus launched under emulator impacting host Windows PC?

Hey all - great forum - have been lurking for a little while, so thought I'd sign-up.

Was wondering, as the thread title asks, what if, while running WinUAE etc, I launch a game (ADF file) via df0 or df1 of WinAUE, and it contains a virus, what might realistically occur as a consequence?

> Will the virus remain exclusively in the emulated envirnoment, and only infect ADF files used from that moment etc until the emulator is closed/terminated?

> Can the virus code in any way actually impact upon the Windows PC that hosts the emulator? If so what can one expect to see?

I used ADFScan 1.8e to scan some ADF files I had, and none I had used to date were infected, but some others I was just collecting were.

But can an Amiga virus in any way damage a Windows PC (the OS, files, boot sectors etc), or is its impact limited to the emulator?

Thanks for reading!

[Codetapper]

In theory if you had a virus that systematically went through all drives (including shared PC drives) opening files, writing random data to them, and closing them (or simply deleting them) then the answer is yes!

[jotd]

Quote:

Originally Posted by Codetapper

In theory if you had a virus that systematically went through all drives (including shared PC drives) opening files, writing random data to them, and closing them (or simply deleting them) then the answer is yes!

True. But it would be stupid to mount C and D drives under WinUAE. People usually dedicate a directory and do not share all their Windows data.

About an amiga virus affecting boot sector of the PC it's just impossible because WinUAE does not allow block write of non-Amiga hard drives.

Thanks for your fast repsonses!

Yes as per above, I don't mount any drives, but use WinUAE to set up and save individual configurations for each game, merely including the relevant ADF(s) via df0 and df1 - all the game ADFs in use are in one directory only.

But interesting topic - thanks again for your feedback and info!

[mailman]

Quote:

Originally Posted by jotd

True. But it would be stupid to mount C and D drives under WinUAE. People usually dedicate a directory and do not share all their Windows data.

Not quite. I may be wrong but in the past there was a scene diskmag called Taboo. I guess that the problem was with the issue 3 or 4. Inside it has a code which formatted disk C: only if the mag was run under WinUAE (it detected it). There was a huge revolta about this because "infected" version was put on Aminet. A few days later it was replaced by the version which was free of this code. This code you could call a virus and I think it doesn't matter for it whether you had or hadn't Windows' disks mounted.

[hamster]

I did a scan myself with ADFScan and came across 7 viri on my collection (400 adfs). The tool though doesn't clean or offer to isolate them. I might install a scanner in the workbench itself on a .hdf. But at least ADFScan alerts us to the infections.
Interesting about that windows / Amiga OS cross platform virus damage is possible. I would have thought they would be harmless on the windows side. I guess today virus authors could in theory engineer more aggressive versions.

[mrbob2]

Im not much of a coder etc but id say the amiga virus would stay in the amiga environment as the virus doesnt "know" pc code as its written in "amiga language" and wouldnt know to look for pc drives etc....anyway, another question......IF the virus got onto pc would AVG or AVAST for example know what it is or that its a bad thing and remove it?.......

Re PC antivirus scanners, good point- but my NOD32 didn't see any viruses in the infected ADF files, so I'm figuring since these viruses aren't PC-platform based, then PC-based AV's won't see them.

I have an idea- I'll post back soon.

ADD: I just sent an ADF file infected with BLIZZARD_1.0 to the online scanning site http://virusscan.jotti.org/

..It came up clean from all (20) online scanners.

So that then leads to my next question: what are good AMIGA ANTIVIRUS programs, and can they clean the infected ADFs, and spot new infections?

[Toni Wilen]

I can include automatic virusscanner in winuae which would scan inserted disks automatically (and files if using directory filesystem) but there is no virus scanner (or detection library) with sources.

Quote:

Originally Posted by Toni Wilen

I can include automatic virusscanner in winuae which would scan inserted disks automatically (and files if using directory filesystem)

Could you?!?! That would be just awesome!! WinUAE rocks, and has brought my friends and I countless hours of retro pleasure! Emerald Mines, Silkworm, Pacmania etc etc ... all due to the existence of WinUAE! So yes an automatic virusscanner would be most appreciated! Thanks Toni!

[eLowar]

Quote:

Originally Posted by Toni Wilen

I can include automatic virusscanner in winuae which would scan inserted disks automatically (and files if using directory filesystem) but there is no virus scanner (or detection library) with sources.

TOSEC Amiga contains many disks flagged as virus infected. It is my understanding that the majority of Amiga viruses use custom boot sectors. So for a start you could mass-extract virus boot sector signatures from TOSEC Amiga and then just compare the boot sectors of inserted disks against these.

In fact I have a relatively recent TOSEC set and can do it if you think it's worthwhile.

[rgen]

Quote:

Originally Posted by Toni Wilen

I can include automatic virusscanner in winuae which would scan inserted disks automatically (and files if using directory filesystem) but there is no virus scanner (or detection library) with sources.

Maybe you can ask the author of the xvs.library? At least a list of bootblock virus signatures would be useful.

[mailman]

Quote:

Originally Posted by mrbob2

Im not much of a coder etc but id say the amiga virus would stay in the amiga environment as the virus doesnt "know" pc code as its written in "amiga language" and wouldnt know to look for pc drives etc....anyway, another question......IF the virus got onto pc would AVG or AVAST for example know what it is or that its a bad thing and remove it?.......

It depends what action virus will take. If its action is to format c:\, then I think it wouldn't stay in Amiga environment only. But if we are talking about a virus which is going to stick itself into a file and reproduce each time by running the file and sticking to other files or the virus which is going to show us a nude chick on the screen, then you shouldn't bother thinking about it because it's not going to work

[Codetapper]

Quote:

Originally Posted by Toni Wilen

I can include automatic virusscanner in winuae which would scan inserted disks automatically (and files if using directory filesystem) but there is no virus scanner (or detection library) with sources.

There was also a very crude virus detection system that consisted of a table of about 3 longwords and their offsets to detect bootblock viruses. It simply looked at the 3 longwords, and if matched, announced a virus. The data file for it was very simple, it might have been Bootblock.library or something. That could be easily converted to C if required but of course would only handle bootblock viruses.

[jotd]

Quote:

Originally Posted by mailman

Not quite. I may be wrong but in the past there was a scene diskmag called Taboo. I guess that the problem was with the issue 3 or 4. Inside it has a code which formatted disk C: only if the mag was run under WinUAE (it detected it). There was a huge revolta about this because "infected" version was put on Aminet. A few days later it was replaced by the version which was free of this code. This code you could call a virus and I think it doesn't matter for it whether you had or hadn't Windows' disks mounted.

That looks like an urban legend. Detecting WinUAE from an amiga application is possible, but running a format C: from an amiga application is just not possible.

[eLowar]

Quote:

Originally Posted by jotd

That looks like an urban legend. Detecting WinUAE from an amiga application is possible, but running a format C: from an amiga application is just not possible.

Yeah, I think someone already mentioned that the emulated environment basically only has access to the files made available to it through the WinUAE (as it were) settings, too. So while a virus could destroy all those files (technically), it is impossible (barring improbable exploits) for it to access any other files, let alone execute a program on the host OS.

So I would agree with jotd that this one's an urban legend.

[killergorilla]

Although, some games (such as Yolanda, Vixen, Brattacas) are so shit that they may frustrate you to the point of formatting your PC yourself, so that you never have to play them again.

[eLowar]

Quote:

Originally Posted by killergorilla

Although, some games (such as Yolanda, Vixen, Brattacas) are so shit that they may frustrate you to the point of formatting your PC yourself, so that you never have to play them again.

That's a very sophisticated type of hybrid virus that's not well understood by modern virology and psychology yet. Beware of these, there is no known fix. Indeed, instead of just formatting your hard drive they may even cause physical damage to your hardware, punch holes into your walls and scare your cat.

Quote:

Originally Posted by eLowar

That's a very sophisticated type of hybrid virus that's not well understood by modern virology and psychology yet....may even cause physical damage to your hardware, punch holes into your walls and scare your cat.

LOL! Hmm - I remember one of these hybrid viruses from about 1984 when I had a Commodore 64 - came about when I played Jeff Minter's MATRIX - damn infuriating!!!

- still hate playing it today on my Vice C64 Emulator...