# Systems librarian and automation review.

For years it has been believed that electric bulbs emitted a substance of energy called light. Recent information, however, has proven otherwise.

The Physics of Dark

Electric bulbs don't emit light--they suck dark. Thus we call these bulbs dark suckers. In addition to proving this fact, the Dark Sucker Theory also presents a number of other basic theorems concerning the properties of dark. For example, the speed of dark is greater than the speed of light, and dark has greater mass than light.

The basis of Dark Sucker Theory is that electric bulbs suck dark. Take the dark suckers in the room where you are now. There is less dark right next to them than there is elsewhere. The larger the dark sucker, the greater its capacity to suck dark. Dark suckers in a parking lot have much greater capacity than dark suckers in a room.

As with all things, dark suckers don't last forever. Once they are full of dark, they can no longer suck. This is proven by the black spot on a full dark sucker.

A candle is a primitive dark sucker. A new candle has a white wick, but you will notice that after the first use the wick turns black, representing the dark which has been sucked into it.

If you hold a pencil next to the wick of a burning candle, the tip will turn black because it got in the way of the dark flowing into the candle. Unfortunately, these dark suckers have a very limited range.

There are also portable dark suckers. The bulbs in these units can't handle all the dark by themselves. They must be aided by a dark storage unit. When the dark storage unit is full, it must be emptied or replaced before the portable dark sucker can operate again. If you open one of these filed canisters, you will see there is, indeed, a great quantity of stored dark on the inside.

Dark has mass. When dark goes into a dark sucker, friction from this mass passing through another mass will generate a certain amount of heat. It is commonly known that an operating dark sucker generates heat. The dark suckers with the greatest capacities force the dark to travel through the impeding mediums at greater rates of speed, so they develop greater amounts of heat. Thus, it is not wise to touch an operating dark sucker.

Candles present a special problem. Though the dark does not have to travel through a solid substance like the glass forming an electric bulb, the dark must travel into a solid wick, instead of a void as found inside a bulb. As we all know, this process generates a great amount of heat. In fact, flammable items which come into contact with an operating candle will be set on fire because of the amount of heat generated. Thus it can be even more dangerous to touch an operating candle.

Further proof of dark's mass is illustrated by the smoke generated by inefficient or extinguished candles. The intermediate state of dark during its destruction is a visible soot or smoke.

Once again, casual observers will attempt to refute the mass of darkness since smoke generally rises. The same physical laws that allow clouds to float, when water is heavier than air, cause smoke to rise. In an unclean area, it is easy to note the "rain" of soot that accumulates on surfaces.

Though many are not aware of the incredible technology behind candles, they illustrate another of the many characteristics of dark. Consider the fact that dark suckers absorb and store light. At first glance this may seem like a childish myth, since an operating candle eventually reduces to nothing. Proponents of this argument fail to realize that the candle is actually destroying the dark it sucks!

Why, then, does a room full of dark not become empty of dark after a short time? Because dark regenerates itself. It is important to note that the speed of regeneration is proportional to the volume of dark already present.

For example, in a closet where the volume is small, th candle will be capable of sucking dark faster than the dark can reproduce itself. In a huge carvern, however, a candle will not be able to keep up, thus we need dark suckers of greater capacity when we use them in large spaces.

Further support for the destruction of dark is illustrated by the previous reference to dark storage units. Though most inexpensive storage units. Though most inexpensive storage units will become full, and therefore become useless, the higher priced ones cana be attached to a charger which empties the canister by destroying the dark inside. The canister is then able to used again.

Dark is also heavier than light. If you swim just below the surface of a lake, you will see a lot of light. As you swim deeper and deeper you will notice it gets darker and darker. When you reach a depth of approximately 50 feet, you are in total darkness. This is because the heavier dark sinks to the bottom of the lake and the lighter light floats to the top.

Finally, we can easily prove that dark is faster than light. If you were to stand in an illuminated room in front of a closed dark closet, then slowly open the closed door, you would see the light slowly enter the closet. But since the dark is so fast, you are not able to see the dark leave the closet.

It is a little-known fact that dark has many other uses. For example, it is dark that makes many machines work at all. When a machine fails unexpectedly, it often will emit a mass of smoke (escaping dark) after which it will no longer work. Obviously, it was the dark that made it work in the first place.

If you could capture the smoke and stuff it back into the machine, it would work again. But this is impractical. The machine will not operate until new dark is placed in the machine, sometimes in small dark canisters soldered onto circuit boards. These boards often have on them "capacitors." These units are actually small dark suckers. The name comes from their "capacity" to suck dark.

Although we need no become too metaphysical in a scientific paper, the escaping smoke represents what amounts to the soul of the machine. This is much more common than we realize -- witness the phrase, "the darkness of the soul."

Another example of dark powering machines is the automobile, which does not run on gasoline at all. It runs on dark. It is true that oil has a lot of dark in it. That's how the original mistake was made. During the day these machines work just fine, but at night most of the dark escapes. That is why these machines must turn on their dark suckers. This sucks enough dark back into the automobiles to allow them to travel.

In Nature we see many examples of balance. Indeed, the entire ecology movement shows us how delicately balanced our ecosystem is. Dark suckers also have their balancing force in nature: black holes. Everyone knows that black holes suck light. Thus the order of the universe is preserved.

The following credits were included in the Dark Sucker information release received. The credits themselves have been revised over time as much as the text. The information on dark as fuel for machinery and black holes, which needs further research, was added by a local Dark Sucker theorist who wishes to remain in the dark.

The preceding was copied from the On-Line Digital Music Review, which copied it from the AMA National Newsletter (December 1989), which copied it from the AMES Sundusters Club Newsletter, Denny Goodrich, Editor, Ames, Iowa. Original author unknown.

The resulting document was forwarded to a reputable university in Longview, Texas, by a noted Dark scholar from Kilgore, Texas. We thank John Niesner for forwarding the current pool of knowledge to us so we could research and expand the theory to a more credible position. Certain issues not addressed in the original theory have been added by university staff. Additionally, further research has found further proofs supporting the original thesis, and has been included also.

Further revision wa made by staff at the OKMC Library, Lexington , Kentucky and transmitted to this editor by Jon Hagee, who, I suspect, is responsible for some of this as well.

Can your computer catch a cold? It can catch something much worse than that. Strange as it may seem, computers can catch viruses much more destructive than a mere cold. If you are particularly unlucky, your computer can catch a virus that destroys all the data on your hard disk before you are even aware anything is wrong.

A human virus is composed of a chunk of DNA (code) that can replicate itself and spread through bodies (systems) immune to typical antibiotics such as penicillin. In the same manner, a computer virus is a chunk of code that can replicate itself and spread through systems immune to typical checking programs such as the Norton Utilities, CHKDSK, and similar programs that assume the universe is benign.

Jusk like a human virus, a computer virus spreads through contact with another system, normally -- though not exclusively -- via a floppy disk that has been used in an infected system. Another route of infection can be through the phone lines as you download a program from a bulletin board system.

Some viruses disguise themselves as legitimate programs, that, when run, unleash their powers of destruction or harassment. These are Trojan horses by virtue of their disguise. In fact, a favorite disguise for Trojan horses is as a virus disinfectant tool. When a user attempts to invoke the disinfectant to clean up a virus attack, it just makes things worse, like bleeding used to when releasing bad humours from the body.

The Stoned Virus

Were were just hit with a variant of the Stoned virus, a relatively harmless piece of code that displays a message on the computer screen: "Your computer is now stoned. Legalize Marijuana." That's all it does, except for the small fact that it can spread from computer to computer simply by placing a clean floppy into your computer and performing a directory command.

The Stoned virus is sneaky, too. It writes itself to the boot sector of your disk, where it is relatively difficult to detect. No file sizes increase, and the virus does not announce its presence until you reboot the system. By that time, of course, it's too late.

The virus first showed up on one of our PC-SIG CD-ROM systems out in a branch library. We warned against this possibility when we first installed the system, and thereby hangs a tale.

This computer is on a Navy base near us where our library holds the contract for public library service. The Command listed a computer as a required item in the contract specifications. They also wanted dBASE IV, Lotus 1-2-3, and WordPerfect all installed on the system.

My eyes bugged out when I saw the specifications. Although I have seen public use computer systems work well (Tacoma Public Library is one good example), the circumstances of this particular installation spelled disaster. Not only would the system be subject to certain virus attack, the Command also wanted us to give away three of the top selling programs in the country to anyone who walked in the door.

So I suggested an alternative. Place the PC-SIG CD-ROM of 2,000 sharewarer programs in the library for about the same price. That way I could lock the hard disk and prevent tampering. The library would not be responsible for safeguarding the copyright claims of three big guns in the industry, yet the base library would have a functional system that couuld legally provide literally thousands of programs to those interested.

The Command accepted the suggestion, or so we thought. When it came time to install the system, it turned out they had "misunderstood" our intentions. They REALLY wanted the computer to write letters home to Mom. They thought the public domain programs would be available on that particular system to use, not just to copy.

Never mind the fact that this was all carefully spelled out in our contract response; the fact is, contracts are negotiations. We also had trouble with the base wanting us to restrict access to minors for videotapes, make children's library records accessible to parents, censor political matter, and other potentially compromising situations. The end result was that we held firm on access to minors, but compromised on the PC.

We installed a spreadsheet (PC Calc), a database (WAMPUM, which writes dBASE-compatible files), and a word processor (PC Write) on the system. These are all public domain or shareware programs.

We completed the installation with our menu program to allow access to these programs and the CD-ROM, which we had already purchased by the time these discussions took place.

In other respects, the computer was bare bones. We included the programs necessary to run the system, but didn't include FORMAT.COM or any auxiliary programs.

We figured we'd have to haul the system in every three months or so and clean it up, just like we used to do with our other PC-SIG system until we got smart and locked the hard disk. We warned against the possibility of a virus attack, but we had the distinct impression no one believed us.

Signs went up by the computer informing all users they should not store data files on the machine and that we could not be responsible for any virus they managed to pick up while using it. We also stated that the system was subject to immediate removal for clean-up purposes.

Exactly three months after we installed the system we began hearing reports that a virus had infected the computer. One patron said he thought we had a virus. Another patron said we didn't have one at all. But the second time someone said we did, we hauled the system into the central library, ran a virus scanner on the PC, and sure enough, a virus poked its head out of the boot sector to proclaim our computer was stoned.

Great. Now what?

Show no mercy, that's what. Massive retaliation was in order. One surefire way to rid a computer of a virus is the computer equivalent of chemotherapy. You do a low-level format of the hard disk. This wipes out everything, period. Then ou restore from clean back-ups. You do have back-ups, don't you?

In this case, the process was relatively painless. Since we had anticipated problems, we had made a couple of cleam back-ups of the entire hard disk before allowing it to leave the Deep Thought dungeons. All the software fit on six floppies with the PC Tools PCBACK UP program.

It was a relatively simple matter to go through the entire formating process, both low-level and high-level, then restore the programs to the hard disk and run the virus scanner again. Our machine was sober.

This scorched earth policy of dealing with virus attacks works well, but we had prepared for it. First, the hard disk was nowhere near full. That meant our back-ups were modest in size. Second, we did not need to save any programs or data. We'd warned potential users not to store data on our hard disk. And third, we had this nifty little program called a virus scanner that confirmed the existence of the virus for us.

However, if a virus infect a computer with valuable information on it, eradicating the infection can be much more difficult than the method outlined above. In this case you want to get the good information off the computer without letting the virus infect it, or you want to get rid of the virus without damaging the good information.

Of course, the best way to guard your computer from virus attack is through a protection program that will detect and block a virus from entering your system in the first place.

Yes Back Up, Again

First on the list of any good protection plan is an adequate series of back-ups. We've harped enough about this problem in the past. Our suggestion is that in addition to your normal back-up routine, you also construct a back-up of all program files in their respective directories. This is because you've probably spent a great deal of time configuring them for your own situation.

To ensure all this tweaking time won't be lost, create a back-up of your configured applications. You could, for example, use PKZIP to crunch the files to a manageable size and store them away some place.

Secondly, make a "boot floppy" that includes all the programs and drivers necessary to boot your system into normal operation. This floppy will include the system files, COMMAND.COM, the AUTOEXEC.BAT and CONFIG. SYS files, and any memory managers, terminate-and-stay-resident (TSR) programs, or other tweaks you've added to your system. Test it on your system to be sure it works. Now put a write protect tab on this floppy and store it away somewhere. In fact, make two. Hide one of them a little better that the other.

Your normal back-up program should help here, too, unless you're faced with a dormant virus that suddenly attacts. Unfortunately, if it has waited a few months before acting, you might have neatly backed up the virus along with everything else on your system.

That's why a good back-up scheme has a cascading series of back-ups that can take you back in time. If you happen to run daily back-ups (I know you don't, but let's just pretend), you would hold one of the dailies back as a "weekly" and one of the weeklies back as a "monthly" and one of the monthlies back as a "quarterly." The trade frequently calls these "fathers" and "grandfathers." The point is that you can go back to a time when the virus was still dormant, then perhaps get rid of it before it si unleashed to harm your system.

Methods of Attact

Back-ups are only one level of protection against viruses. They are defensive. There are also offensive methods you can take to search for and destroy viruses. How this is accomplished depends on your situation and is complicated by the wide variety of viruses in general circulation, many of which work differently.

A list published in December, 1990 by McAfee Associates listed 241 known viruses. Many are variations on a theme, but they are often distinct enough to require different approaches for eradication.

For example, the first strains of the Stoned virus only affected floppy disks. "Stoned'B," the one we enjoyed just recently, had been modified to affect hard disks as well.

Viruses "work" in many ways. One of the more common methods is for the virus to attach itself to a good program. The infection affects .EXE and .COM files and may not show up until the program is run.

The simplest defense against these viruses is a checking program that keeps track of the size changes, you know something has happened to that program.

Another method of attack is for the virus to write itself into the existing code of a file. The file size doesn't change at all, but some of the bytes in the file are different.

One way to defend against this type of virus is to include a cyclical redundancy check (CRC) on the bytes of the file itself. This means a program will read every byte of a file, add them up, and come up with a number that represents every byte in the file. If any byte has been changed, the checking program will pick up this fact and report an infected file. This is, in essence, the equivalent of parity checking in data communications. It isn't foolproof; it's just another tool in the anti-virus arsenal.

A virus also may infect the boot sector or partition table of a disk. Sometimes, simply using the DOS SYS command will overwrite a virus in this area of the disk. The Stoned virus, in theory, can be eradicated this way; we were just too paranoid to rely solely on this method.

The code inside a virus can perform nearly any task, including wiping out a hard disk entirely, changing a few bytes in critical files, or simply displaying a message on the screen. "Legalize marijuana" is one message. Others abound.

"Bloody! June 4. 1989" for example, was discovered in December of 1990. It refers to the massacre in China, where many demonstrators were killed. This virus may destroy data on the hard disk, but its message appears to be the major point of the virus.

If your computer is infected with this virus, it won't even show up until you've booted the system 128 times. After that, the message will appear after every sixth boot. This shows how tenacious some viruses can be. They infect a system and stay quiet. This means they have plenty of time to spread to more and more systems before they are ultimately discovered.

Other viruses may not trigger until after a certain date. The "Friday, the 13th" virus is a case in point. It stays hidden and infects lots of .COM files until it is run on a Friday the 13th. Then all hell breaks loose. Depending on the strain, you could lose the entire hard disk.

Virus Information

The most comprehensive document on virus information we have seen is the Virus Information Summary List written by Patricia Hoffman. This list changes often. The latest one we have is dated January 8, 1991 and contains information on all viruses known to Ms. Hoffman.

You may download the latest version of this list from CompuServe. The document is called VSUM.ZIP and appears in LIBRARY 3 of the IBMSYS forum. To get there, type "GO IBMSYS" at any CompuServe command prompt. If you're not a member of this forum, you'll have to join. There are many other documents relating to viruses in this library. Just search on the keyword "VIRUS" and you'll get hits on dozens of them.

Ms. Hoffman also can be reached at 1556 Halford Avenue, #127, Santa Clara, CA 95051 (408-246-3915 or fax 408-246-3915). She also runs a bulletin board system called Excalibur! at 408-244-0813. She apparently works closely with McAfee Associates, publisher of several anti-virus programs that help to shield you from viruses, or, if you already have an infected system, get rid of the offending virus.

McAfee distributes a virus detection program called VIRUSCAN, a virus protection program called VSHIELD, and a virus eradication program called CLEAN-UP through the shareware concept. This triad provides a defense against viruses.

Best of all, they are available through our Free Disk Offer (see sidebar). You can obtain these three programs, their documentation, and Patricia Hoffman's VSUM document by sending a self-addressed disk mailer, sufficient postage, and a formatted disk to us at the address listed in the sidebar.

These programs are shareware, but that doesn't mean you can use them forever. You get to look at them and use them to eradicate a virus, if you have one. But if you want to keep them around, you have to license the software.

We purchased a two-year site license for up to five machines for \$195. This gives us the right to use the programs on up to five machines, including our two CD-ROM units and two file servers for our LAN networks.

The site license entitles you to updates through McAfee's bulletin boards. This is essential because the mutation of viruses is very fast. New strains crop up all the time. Purchasing just one eradication program will not be sufficient a few months into the future. In fact, the version we are distributing will likely be out of date by the time you read this. That doesn't mean these programs aren't useful. It's just that there will be other viruses out by then.

VIRUSCAN

The VIRUSCAN program checks through your disks, including every program, to search for telltale signatures of viruses. If a virus is to print a message on the screen it has to be in the virus somewhere, even if it is encrypted. The SCAN program searches for these messages and other strings of data that indicate a virus. If one is found, it is displayed on the screen.

We now use this EVERYDAY on our errant PC-SIG system. Every morning we boot the system with a write-protected disk containing the SCAN program. If a virus is detected, we jerk the box immediately and give it another dose of chemotherapy.

Although this program does have an "erase" option that will get rid of the virus, it isn't the most effective eradication program by itself.

VSHIELD

The virus shield program is installed from the AUTOEXEC.BAT file as a memory-resident program that scans for viruses before they have a chance to infect the system. It takes about 36 kilobytes of memory, though there is a swap-out feature that reduces memory requirements to about 3 kilobytes.

The most comprehensive version of the program works in several ways. First, when you boot the computer it will immediately scan the program files, the disk, the boot sector and partition table, and the memory of the computer. It even scans itself looking for viruses.

If all is well, it installs itself as a TSR program sitting up in memory scanning for viruses. When a program is run, it first scans the program for viruses. If it finds one, it won't allow it to run.

In scanning program files, VSHIELD checks each program against a pre-assigned list that includes information on the length of the file and a validation code based on a cyclical redundancy check. Thus VSHIELD will know if a program file has been altered. This is particularly useful for new viruses.

You can make your own validity codes by running the program "VALIDATE" on files known to be virus free. VALIDATE gives you the date and size of the file along with two cyclical redundancy check codes. The VSHIELD program uses these codes to determine if the file has been altered.

There is an Achilles Heel in this process. VSHIELD can't shield against a cold boot from an infected floppy disk. In this instance, the computer will bypass the hard disk AUTOEXEC.BAT file, and the resulting protection, altogether. VSHIELD will find the virus the next time it is run, but by then it is too late.

This may be okay, however, because most viruses are not spread intentionally. Instead, a person with an infected disk spreads the virus without knowing it, just like a cold.

Obviously, someone, somewhere, thought up these viruses on purpose, either for mischief, to spread a slogan, or even for political purposes. Preventing their purposeful spread from an infected floppy is next to impossible, in our opinion. If the infection is intentional, it will happen unless all floppy disk drives are removed from the machine permanently.

But the fact is, the perpetrator can't be everywhere at once. Many of these viruses originated overseas, some even in the Eastern Bloc. Although their propagation may warm the hearts of their originators, there is no reason to believe a modern day Johnny Appleseed is out sowing virus seeds in every computer in sight. The viruses are capable of doing that themselves.

CLEAN-UP

Once you have a virus, you need CLEAN-UP. This program goes on a search-and-destroy mission to ferret out any existing virus and eradicate it. This disinfectant works on all viruses identified by VIRUSCAN. In most cases it is capable of repairing any damage done by the virus as long as the hard disk hasn't already been formatted or some files zeroed into oblivion.

CLEAN-UP works in conjunction with the scan program. You first run the scan program to determine the code that CLEAN-UP uses to eradicate the virus.

These three programs -- the scanner (VIRUSCAN), the preventative program (VSHIELD), and the disinfectant (CLEAN-UP) -- work in concert to help protect your data. Although they are shareware in concept, registration provides the additional benefit of receiving help from McAfee Associates in case of a real virus attack. If you run into a virus, you can call McAfee Technical Support for hand holding as you attempt to remove the virus.

These programs can go a long way toward maintaining safe computer systems for both your organization and your public use computer systems. Remember, they are available through our Free Disk Offer on a trial-use basis.

McAfee Associates is located at 4423 Cheeney Street, Santa Clara, CA 950504 (408-988-3832 or fax 408-970-9727).

Virus Names

Here are just a few of the more clever virus names: Icelandic, Aids, Pakastani Brain, Jerusalem, Kamikaze, Leprosy, Dark Avenger, Anthrax, Perfume, Ping Pong, F-Word, Violator, Taiwan, Yankee Go Home, Lehigh, Pentagon, Golden Gate, and Christmas.

Mace VACCINE

The Mace Utilities include a program called "VACCINE" that helps prevent virus infections. Mace VACCINE has three levels of protection, each more restrictive than the last. It works in conjunction with a special SURVEY program that calculates the CRC values for all files on the hard disk, just like the VALIDATE program in the McAfee group of programs.

This program is another TSR program that sits in memory waiting for some other program to attempt to write to a file. When it does, VACCINE intercepts and asks the user if this is all right.

From an open systems point of view, this approach has a couple of flaws. First of all, it will cause numerous false alarms when the system is performing perfectly normally.

For example, if you attempt to sort a directory, or change the AUTOEXEC.BAT file, Mace will come roaring to the rescue unnecessarily. And every time you try to save a file using SideKick, VACCINE claims you're trying to overwrite COMMAND.COM. This is probably a conflict between the two TSR programs.

Secondly, this approach is designed for you to use on your own system. In a public use setting, particulary if there are evil-doers about, asking their permission to install their virus is like asking Iraq permission to publish American battle plans. Surely permission would be given. Mace even allows you to terminate the program itself if it finds a suspect program.

In comparison to McAfee, we must give Mace low marks for protection. It doesn't perform anything but the sentinel function, and it does that with only modest success. If you don't have anything else, it may be worth installing on a personal system, but you will need stronger medicine for a public system.

The Mace Utilities offer far more than just virus protection, of course, so it's not fair to judge the entire package by this one, small component. Mace is part of Fifth Generation Systems, 10049 N. Reiger Road, Baton Rouge, LA 70809 (800-873-4384).

Next Month

We've run out of room this month, but not out of virus material. Next month we'll cover Flu Shot, another shareware anti-virus utility, as well as Peter Norton's new anti-virus program. We'll also discuss some other aspects of fighting viruses, legendary Trojan horses, worms, and just plain old hackers.

Michael Schuyler is the systems librarian for the Kitsap Regional Library System, Bremerton, Washington, and co-editor of Library Workstation Report.