Please forward my anwer to whoever it may concern.
On Sat, 19 Aug 2000, Nick FitzGerald wrote:
>
> First, reporting such things without providing a good return
> address is extremely bad form. In fact, that is why I ignored
> your original post...
>
> > It has been setup and tested: Arachne will delete all contents of
> > C:\DOS. I reinstalled my system on my DOS machine, ran the
> > self-extracting archive containing Arachne, ran "setup.bat" and
> > proceeded to install it. After entering some info on the setup wizard,
> > the computer dialed the number I instructed it too (but obviously the
> > rest of the login info was bogus, just in case). Arachne died, said
>
> Well, I tried all this a few times too, and came up with nothing
> like what you suggested. Admittedly, I installed it on one of
> my typical OS installations, not quite a default one...
>
> > the PPP login failed. When Arachne collapsed upon itself, the contents
> > of my C:\DOS directory were erased and DONOTPAN.IC! was created. This
Yes - if your TEMP variable points to C:\DOS, than your DOS configuration
is somewhat destructive, this is true. This is why Linux is so much more
logical than DOS or Windows, with all temporary files in /tmp, all
variable length files like logs in /var, all system binaris in /bin and
all application binaries in /usr/bin
DOS allows you to virtualy "cut the branch you are sitting on" - this is
Czech saying, I don't know if my translation is good.
dontpan.ic! is just file which is created to test if temporary directory
is writeable. To set TEMP=C:\DOS in your AUTOEXEC.BAT is one of the most
stupid things I have ever seen.
> As it turns out, this is probably the most important piece of
> information you have provided...
>
> > might have happened anytime during the installation. Arachne also has
>
> I doubt very much that it occurs during installation...
It can occur while cleaning cachne, but ONLY if your TEMP was set to
C:\DOS
> > a "DOS shell" which I tested.
>
> ....or from using this prgram option.
>
> > Do not use it if you value your C:\DOS directory.
Do not use ANY complex program, if your AUTOEXEC.BAT includes
self-destructive settings! ;-)
> Did you, perchance, use the "Clear cache" option? On the F8 key
> as a shortcut?
>
> This is the only way I could make the program do anything like
> deleting all the files in any directory, and even then, it did
> not leave a file named "DONOTPAN.IC!".
This file is intended to test if TEMP directory is writeable. Nothing
else. Arachne is not doing anything mysterious or hidden. No info about
new users sent secretly to me. Nothing like things Microsoft programs
would do to you. But of course, it depends on you, if you prefere to
trust corporations or rather individuals. At least, both kind of entities
can make mistakes, that's true. In last version, I improved TEMP directory
handling so much, that I decided to enable Cache2TEMP by default. It looks
like this decission is so important, that it has to be made by initial
setup wizard, as well as for example decission, if arrows should move
mouse cursor, or scoll HTML page. I will add one more setup screen to
initial setup wizard, that's it...
> How did I partially reproduce your reported effect?
>
> Simple -- I set the DOS environment variable TEMP (it has to
> be TEMP, *not* TMP) to "C:\DOS", run Arachne in that
> environment, click the "Utilities" item on the "Arachne
> Desktop" then click the "Clear cache" button.
This is stupid, Stupid, STUPID !!! You create self-destructive enviroment,
and then complain about Arachne being Troyan horse! You can simply add
line "del C:\DOS\*.*" to your Autoexec, and then complain about
COMMAND.COM being Troyan horse :-(
> A bit of detective work quickly shows that this causes
> C:\ARACHNE\SYSTEM\DGI\CLR.BAT to run with ".\cache.idx" as the
> first parameter and "cache\" as the second and fourth params
> and "c:\dos\" as the third parameter. The pertinent line in
> C:\ARACHNE\SYSTEM\DGI\CLR.BAT is:
>
> if %%f in (%3*.*) do del %%%f
Yes, exactly.
> My initial expectation was that the "%%%" was a syntax error,
> but it still works as it should.
There should be %%f, in fact. Not three %s..
> Now, *why* would you have your TEMP environment variable set
> to your DOS installation directory?
YES ! Why ?
> Well, that was the default config for DOS 5.0 and 6.x (from
> memory -- definitely for 5.0... anyone sure of this detail
> for DOS 6.x??).
?@#$??#$%#??!@#!@# ???
Maybe I should try Arachne on default DOS installation sometimes. I always
tweak and optimized any DOS operating system installation very quickly...
If Microsoft ever pointed TEMP to C:\DOS, it only proves, that that
company is totaly incompetent to produce anything more complex than Basic
interpreters ... ;-)
> So, I'd say "mystery solved".
>
> Yes -- there *is* a little blue language buried in CORE.EXE,
What does "blue language" mean ? Anyone else got scared by registration
key passphrase ? Well, I think it's really time to XOR that nasty
string... ;-))
> but I'm prepared to give Arachne the benefit of the doubt on
> that. I ran it for quite some time on two test machines here
> and never saw any evidence of it modifying any files outside
> its own directories except if I set things up as described
> above. It certainly has no imemdiately obvious virus
> functionality pr infection.
Many people confirmed independtly, that EXE files in package are clean -
and I can guarantee, that there is no troyan virus functionality. There
are still few security holes, but they are not very serious, and not very
different from holes, which are in MSIE and even Windows NT - these are
caused by ill conception of some DOS and Windows functionality itself.
> I think we can count the claims that Arachne is a virus or
> infected with one, as false.
Yes please.
> However, Arachne can delete **all** files in your TEMP
> directory, and not **just those it created**. That is bad
> form and can lead to extreme problems as "Ringo" described.
Yes, this is because I enabled Cache2TEMP by default. I should do
something with this - but the problem is, sthat Cache2TEMP Yes can improve
Arachne performance so significantly, that I want to persuade everyone,
that TEMP should point to RAMdisk directory if they are about to use
Arachne.
> Arachne should *not* blindly nuke the TEMP directory and I
> hope its developers quickly rectify this. (BTW, if the TEMP
> environment variable is not set, Arachne uses its own cache
> directory for its temporary files, and in that config, the
> above behaviour is "safe", though still poor form.)
Arachne need two cache directories - web objects should be persistent
between sessions, but other temporary files can be easily re-created
localy, and should be stored on fastest available disk - usually RAM disk.
> Roughly, that is, leaving DOS 5.0 (and later??) in its default
> configuration is asking for trouble because, among other things,
> it sets the TEMP environment variable to the OS install
> directory. (BTW -- this is *far* from a new observation. It
> used to be the first thing I fixed on staff DOS machines, after
> deleting RECOVER.COM, when I worked at the univeristy computer
> centre...)
I am starting to think, that popularity of _MS_ DOS was one of the worst
things that could happen to PC industry. But DOS was still leaving more
freedom to programmers then Windows...
(but not necessary
of all CP/M-class systems, but definitely the Microsoft's one - I was
using 8bit CP/M 2.2 for some time around 1990, and the conception looked
much more consistent, that the one of MS-DOS - although they had no
scheme for directories in filesystem...).
> > ... I have the following on my Win98
> > computer:
> > Norton Antivirus 2000
> > Macafee Viruscan
> > Inoculate-IT
> > Trojan Remover 3.4.2
> > And none of them pickup up anything on Arachne's files.
>
> That is because this is not a self-replicating threat *and* even
> if it is serious enough to add to such products, the developers
> of those products ere probably not, heretofore, aware of it.
How such BATch file can be self-replicating ? ;-) Modify your clr.bat -
that's easiest fix you can do ;-).
Ok, I was not aware that TEMP=C:\DOS is default Microsoft's setting. I was
never using clean installation of older versions of DOS - they were always
modified and optimized a lot, so this never came to my mind. After all,
Arachne now works as a virus, which deletes MS-DOS and not DR-DOS, which
is good ;-))
Ok, I will change the default settings - or rather one more setup screen
will be added, which will prompt for usage of TEMP directory (using it as
CACHE - option C:\DOS will be detected), usage of Arrow keys (mouse or
scrolling) and maybe something simillar, which can confuse new users, who
are too lazy to read all fine-tuning setup screens...
--
http://arachne.cz/
(Arachne WWW browser for DOS+Linux / Webhosting / MP3streaming)
