This page is a wiki. Please login or create an account to begin editing.


22 posts / 0 new
Last post
Arthegall's picture
Offline
Joined: 2011 Dec 31
Preserving Viruses/Malware

It crossed my mind today that as we scrupulously purge our archives of all Classic Mac viruses and Trojans, we are at real risk of losing them completely for historical purposes.

Rectifying this is now a big priority for me.

Does anybody have copies of infected files?
Please Dropbox them to me so I can put together an archive of these materials.

Comments

m68k's picture
Offline
Joined: 2016 Dec 30

I hope you are kidding here! Malware is called that for a reason and I for one would shun *any* archive that intentionally hosts infected files.

There is only *one* reason I can think off why anyone who is not a scientist would try to get access to the bubonic plague - and its not a good one.

Arthegall's picture
Offline
Joined: 2011 Dec 31

I’m an archivist and a cybersecurity professional.

Part of computer history is the history or malware.
With emulation and the tools we have available and the way disk images work, there’s zero risk of these old viruses spreading.

m68k's picture
Offline
Joined: 2016 Dec 30

There is *always* a risk of malware damaging a running system - that's why its called "malware". I spend 3+ years to get my MaxOS 8.1 just right. I fine tuned it with many hundreds of apps and yes, sometimes I do trust stuff I download from the Garden, so as not to always virus/trojan scan it, before running it. Call me lazy but one reason why I love my vintage Mac setup is because I don't need to be as paranoid with it as I do have to be with Windoze.

Of course with someone like you around that all goes out the window (what-a-pun) and now I might have to tripple scan every DA I'll stumble upon. Sorry, but I spend too much time on my setup to feel any kind of sympathy for the idea of a "data destruction archive".

Sounds to me like you want to reintroduce the evil snake to paradise, after the arch-angel drove it out - just for the sake of principle.

WhosIt.There's picture
Offline
Joined: 2014 Aug 23

In all the 'hundreds' of years I have been using numerous Mac computers in a large variety of situations and other users computers, I have never even seen any Mac malware "in the wild" - they are ALMOST completely theoretical and scaremongering (usually by the malware makers trying to sell their apps!). In fact the only malware warning I've ever had was for some Word documents on a floppy disk, way back in the System 7 days, from a Windows user, and that couldn't have infected my Mac anyway.

Windows computers on the other hand get inundated with malware simply by turning them on! I've seen some that have so much malware installed that the computer slows to a crawl ... and yet none of the so-called anti-malware applications can ever see or remove them! The only way to get rid of it was manually trawling through the system files.

cbone's picture
Offline
Joined: 2011 Sep 17

Two instances: the first was when I was in college and got my first taste of Mac computing, very few floppies carried infected items, all system 6.x. The second time was when I worked for an Apple distributor in Latin America. We routinely would get a virus or two, but never in the volume of Windows PCs. Most were very easy fixes and the trigger was opening infected files or programs, all in system 7, mostly in the 68k days. After that, the Internet days meant AOL and later other ISPs. Hardly anything Mac had any viruses during the PPC era.

m68k's picture
Offline
Joined: 2016 Dec 30

The number of Mac viruses and trojans might be few, but they do exist "out there". All the more reason *not* to concentrate that evil in a central archive, to help it spread throughout the vintage world.
I want my peace of mind and not having to worry about some disgruntled juvenile using such an "archive of doom" to infect every vintage Mac SW collection w/o a top notch anti-virus check mechanism.

lilliputian's picture
Offline
Joined: 2010 Jul 29

At least I hope the "I love you!" bug is saved somewhere!

m68k's picture
Offline
Joined: 2016 Dec 30

Does it give you a telephone number?

SkyCapt's picture
Offline
Joined: 2017 Jan 11

I've seen viruses running on my PowerMac OS 9/X system, like the "AutoStart" viruses from 1998 - they function in OS 9 and in Classicmode. Seems dumb that the OS allow viruses to exist in the first place. Antivirus is a "necessary evil" and those guys probably do write a lot of the viruses themselves so they can promote their warez.

I get a lot of pop-ups on my 'smartphone' saying it's infected with a virus, and I need THEIR help. It's dressed like it comes from "Google". But the pop-ups all come from one site, and the same site gives me an equal number of "You've Won a Prize!" pop-ups. There are many servers constantly scanning internet content for malware, we end users almost don't need to check because their antivirus is more powerful than ours. And... the "false positive" warnings show up more than any real danger does.

ClamAV (comes with Tiger Server) and with updated database claims to know 750 thousand malwares, (Virex) spends the majority of its time looking at PDFs (why?), but it is the not-known viruses that scare me. Most of those 750000 are surely mutations of one another. How hard is it to bend one byte or two and have a "new" virus go undetected? ClamAV ignores resource forks, there exist old viruses it gives up issuing warnings about.

I admit I collect and contain the viruses I cross paths with. But a central archive for them to be shared, naw. Bad idea, we don't need that, these things won't go away, theyll always be in private collections.

WhosIt.There's picture
Offline
Joined: 2014 Aug 23

ClamAV (comes with Tiger Server) and with updated database claims to know 750 thousand malwares

98%+ of those are of course Windows malware. Of the remaining <2% which is reported Mac malware, almost all of them are theoretical and never actually seen anywhere in the wild. This near-complete lack of mac malware is one of the many many reasons why using a Mac is far better than using Windows.

The malware makers are always one step ahead and the anti-malware makers always playing catch-up. There's no doubt that there's more malware out there in Windows world that has never been noticed by anyone. Even when the anti-malware does SUPPOSEDLY do know about them, the Windows malware can still get installed and never seen (let alone removed!) by the anti-malware.

SkyCapt's picture
Offline
Joined: 2017 Jan 11

DELDB of the AutoStart viruses was interesting to watch. It was detected by Virex, then I watched it mutate by itself through self-modifying code to where it was no longer detected. I wrote a holy-shit! message about it when I first witnessed that. The story behind the virus was said that it had been disassembled and classified as non-harmful and it's known when it mutates it is actually disabling itself semi-permanently. But I cannot be certain if Virex is outright not seeing the mutation, or, is so smart it knows the DELDB is no longer of concern and even chooses to not warn me.

DELDB was really somebody's idea of an anti-virus. What better way to hunt and kill viruses than to imitate one, waiting for the arrival of similar ones. This approach could be an efficient way to counter the whole set of mutations that surround a single design. There is a bad virus named "DB" and DELDB was another virus which hunted and killed DB, it was DELETE DB.

m68k's picture
Offline
Joined: 2016 Dec 30

Believe it or not - thanks to scripting madness these days PDFs can carry viruses just the same as any WinWord file. Heck, just last year an Israeli firm developed a malware video file to infect WhatsApp users in the Uigar region of China (paid for by the Bejing government).

Damn it, trying to concentrate that kind of sheyit in a public archive is like asking for the world's deadliest poisons to all be made available in a single pharmacy. There is knowledge out there, that's supposed to be kept restricted for good reason.

melomac's picture
Offline
Joined: 2018 Feb 26

Hi! I am sharing the same interest with computer viruses and would totally appreciate we "quarantine" themrather than purely annihilating.

Classics viruses are still available on FMA: http://freaky.staticusers.net/virus.shtml

Arthegall's picture
Offline
Joined: 2011 Dec 31

Hopes dashed.

All the links are dead.

Arthegall's picture
Offline
Joined: 2011 Dec 31

Hopes restored!

Wayback Machine did the win!
Lots of great utilities on that site too!

m68k's picture
Offline
Joined: 2016 Dec 30

You found evil - how wonderful! Sad

m68k's picture
Offline
Joined: 2016 Dec 30

You don't "quarantine" somethimg by concentrating it in a public archive. Just the opposite, you make it available to any fruitcake with a cause! And you'll lay the groundwork for infecting low maintenance archives that thus far have been kept squeaky clean - simply because they never had to battle an infection to begin with.

scott Praed's picture
Offline
Joined: 2010 Oct 30

One of my Elf Forest had the seven dust or 666-A virus but mac garden have help remove the 666-A from my hard drives. I use Virex 6 and Virus Barrier x5 to remove all the 666-A virus
This game on mac garden had the 666-A virus was Secrets of the Pyramids. I think this game gave me the 666-A Virus. I download the first upload this game and play it. I don't know it had the 666-A Virus. I throw away old game of secrets of pyramids and download a new download of this game. This game is clean of 666-A virus.

ThinkIndifferent's picture
Joined: 2016 Sep 4

This is likely of interest:

https://archive.org/details/malwaremuseum

cbone's picture
Offline
Joined: 2011 Sep 17

OH! Now you've done it, TI!!! Shock

m68k's picture
Offline
Joined: 2016 Dec 30

Quote: "Through the use of emulations, and additionally removing any destructive routines within the viruses, this collection allows you to experience virus infection of decades ago with safety."

I doubt that would satisfy the cravings of the original poster. I for one am starting to tripple check *every" executable now, before allowing it into my system.