****************************************** * * * CHKANSI2 - version 2.0 * * (C)Copyright 1988, Gilmore Systems * * * ****************************************** High Tech Solutions to High Tech Problems Gilmore Systems P.O. Box 3831 Beverly Hills, CA 90212-0831 Voice: (213) 275-8006 Data: (213) 276-5263 CIS [71350,1070] ------------------------------------------------------------------------ As some of you already know, we offer virus detection programs. We also run the "Virus Info Palladium" BBS. Since most of us already know about computer viruses and "trojan horse" programs, we won't discuss them here. We'll just mention that these programs must be executed on your computer in order for them to do their dirty work. We'd like to share with you, 2 of the most common MISBELIEFS about computer damage that our vast number callers have expressed: 1) Damage can ONLY occur when an infected or trojan program is run. 2) Damage CANNOT occur with data, text, or other non-program files. THESE STATEMENTS ARE WRONG! Although damage is MOST LIKELY to occur by running a program, damage may also occur by TYPING A TEXT FILE or other display file on your computer screen. Most people now have the ANSI.SYS device driver installed on their computer systems. You can check if this device driver is installed on your system by checking the file CONFIG.SYS on the root directory of your boot disk - if the CONFIG.SYS file contains a statement something like DEVICE=ANSI.SYS, it is installed on your system. This ANSI (American National Standards Institue) device driver is required by many programs. SO - WHAT's THE BOTTOM LINE? Before going into the bottom line, a brief understanding of how the ANSI.SYS device driver works is needed. Basically, you can think of this driver as a sort of TSR (like Borland's Sidekick, for example) - always in memory. But it's not activated by keystrokes - it monitors what's being sent to your display screen. It lets everything pass to the screen except for the one thing it looks for - ESCAPE SEQUENCES. Programs requiring the ANSI driver emit escape sequences to the screen to control such things as color, cursor positioning, screen mode, and other things just as a program emits escape sequences to your printer to activate or deactivate certain features such as print fonts, spacing, underlining, etc. Since these escape sequences are intercepted by the ANSI driver, they do not show up on the screen - you only see their effects. THE DANGER The danger lies with the fact that the ANSI device driver also responds to an escape sequence which can RE-MAP or RE-DEFINE ANY of your keyboard's keys. Not only is it capable of such nuisance things as turning your 'A' key into an 'P' or key, but it is also capable of re-defining ANY key to a complete character string - with carriage return. This means, for example, an escape sequence can be emitted to change your key to mean "ERASE *.EXE" - and if you press your key ANYTIME after the ANSI driver received the re-define escape sequence, you'll quickly find that all of your executable files in whatever directory you were in at the time are GONE! THERE's MORE! As if this isn't scary enough, a program does NOT have to be run in order to re-map or redefine any of your keys. ANY TEXT OR DISPLAY FILE MAY CONTAIN EMBEDDED ANSI CODES! All you need to do is type the file out to your screen, and the ANSI driver will intercept all imbedded codes - which may contain keyboard redefinition. Simply typing a text or display file onto your screen which contains embedded ANSI codes, is the same thing as a program emitting these ANSI codes. The ANSI driver doesn't care where it came from, all it knows is that it's being sent to the display screen, so it intecepts these codes and acts on them. WHAT CAN I DO? To be absolutely safe, you could turn off the ANSI driver by removing the DEVICE=ANSI.SYS from your CONFIG.SYS file and re-starting your computer, but then you'd probably find a bunch of unreadable garbage on your screen from some programs or from typing certain text or display files which have legitimate ANSI display sequences in them, but there's a much better way: CHKANSI2.EXE We've developed a program here which we call CHKANSI2.EXE (or just CHKANSI2 for short). Simply execute the program without any parameters, and instructions on its use will appear on your screen. As a brief synopsis of the program, CHKANSI2 goes through every byte of any questionable file you have - whether its a text, display, data, or any other file, and checks for escape sequences. It prints - in English - any escape sequences it finds and concludes with how many escape sequences it found, and out of those, how many are potentially harmful (those that redefine keys). Since an ANSI display file may contain hundreds or even thousands of escape sequences, see the program instructions (by running the program without parameters) for how to turn off the English display of all escape sequences except for those that redefine keyboard keys. Use CHKANSI2 whenever you've downloaded any text or display file from a BBS, or obtain same from a "friend". You should use CHKANSI2 to check files PRIOR to typing or displaying them on your display screen. OPERATING ENVIRONMENT CHKANSI2 is a bound executable (also known as FAPI or Family Application), meaning it will execute equally well under the DOS or OS/2 operating environment - whichever you prefer. For IBM and all compatible computers. CLOSING NOTES There is no charge, fee, or consideration for this program. CHKANSI2.EXE may be freely distributed as long as it is not altered, the copyright is not removed, and this documentation file is not altered and accompanies the program. The accopmanying file TEST2.TXT must not be modified and must also accompany the distribution. Keyboard key redefinition via ANSI.SYS is not actually part of the ANSI standard, but is unique to DOS and OS/2 and possibly a few other operating systems. We've included a text file - TEST2.TXT - in this distribution. This file contains imbedded ANSI escape sequences. You may run CHKANSI2 against this file to see how it works - DO NOT TYPE THIS FILE as it contains keyboard redefinitions. Just to make sure you don't type the file, we've put an End-Of-File mark as the first character in the file so that none of your keyboard keys get redefined. This distribution contains 4 files: CHKANSI2.EXE, CHKANSI2.DOC, TEST2.TXT, and READ.ME - Chuck Gilmore, Pres. Gilmore Systems End.