From: Kenneth R. van Wyk (The Moderator) Errors-To: LUKEN@IBM1.CC.LEHIGH.EDU To: VIRUS-L@IBM1.CC.LEHIGH.EDU BCC: VIRUS-L@IBM1.CC.LEHIGH.EDU Subject: VIRUS-L Digest V2 #6 Reply-to: VIRUS-L@IBM1.CC.LEHIGH.EDU --text follows this line-- VIRUS-L Digest Monday, 9 Jan 1989 Volume 2 : Issue 6 Today's Topics: Any Friday the 13th Virii? Some thoughts on VIRUS-L & comments on hard disk format (PC) HARdware SECurity-L summary: Nobody wants it Comments re: Government standards for software Anti-virals-for-micros inquiry (PC) --------------------------------------------------------------------------- Date: Fri, 6 Jan 89 09:17:10 EST From: msmith@topaz.rutgers.edu (Mark Robert Smith) Subject: Any Friday the 13th Virii? I recently saw some info on UseNet about a virus that activates on Friday the 13th. Since we'll have one of these next week, could you all please send in whatever info on detection/removal of all virii that activate on this date? thanks. Mark - ---- Mark Smith (alias Smitty) "Be careful when looking into the distance, 61 Tenafly Road that you do not miss what is right under your nose." Tenafly, NJ 07670-2643 {backbone}!rutgers!topaz.rutgers.edu!msmith msmith@topaz.rutgers.edu R.I.P. Individual Freedoms - 11/8/88 ------------------------------ Date: Thu, 05 Jan 89 01:57:46 EDT From: Stephen D. Cohen Subject: Some thoughts on VIRUS-L & comments on hard disk format (PC) Some notes on the VIRUS-L mailing list and submissions there to, but first an introduction, I am Stephen D. Cohen I am a systems engineer with a small R and D firm in northern New Jersey. I have a degree in Computer Engineering (EE core until Senior year, with extra emphasis on software) from Lehigh university. I have been interested in viruses, worms, and computer security in general for about 5 years now. I have been a subscriber to this list off and on since spring of 88. The reason that I have to cancel subscription from time to time is a simple matter of cost to me, and proper etiquette from my fellow network users. I AM IN NO WAY ASKING FOR CONTRIBUTIONS OR IN ANY WAY PLEADING!! I am merely alerting you all to the existence of users who are not institutional, do not have multi-million dollar corporations providing them with network connections, and for whom access to computer networks requires a long distance phone call. What I am about to say can be considered flaming or raving if one wishes to take it that way. I need to get this off my chest. I requested from Ken Van Wyk that a partially decomposed digest of VIRUS-L would be a nice thing to have, that is, one with some of the deadwood striped out of it. Ken thought it was a good idea, but that the effort required on his part would be to great. I can empathize with that, and am thus suggesting that we, the VIRUS-L readers and contributors, take the initiative to eliminate the deadwood ourselves. Some particular examples in the last few digests I received follow: 1. On Monday 12 Dec 88, Victor ET Christensen posted a 250 line message containing the full text of a couple of articles from a well known journal for which citations were given! Could he not have left it at the citations or posted the file to a server for anonymous FTP? 2. The continuing (personal) debate about the CHRISTMA exec between Otto Stolz and Dan Hankins accounted for at least 250 lines of text in the last 10 digests. Shouldn't we be having this discussion (argument?) in a private forum, i.e., individual E mail? 3. Some of the Trailers are getting out of hand. I am not talking about the people with one or two line cute expressions at the end of there messages, nor the people who sacrifice personal demographic information for the sake of humor. I am talking about the 10 line monstrosities with pictures of New York state on them showing us where Syracuse is (within a few hundred miles) in case we cared, didn't own an atlas, don't know any one who owns an atlas, or don't know how to use a library to gain access to one. I single out this example, but many others exist. I guess what I am trying to say is that this forum would be more effective for all if the information content could just be raised a few points, and some of the white space (brown space?) eliminated. Enough of my ravings. I feel much better now. A few notes on issues that I have been reading about. Low level formats of fixed disks: I have seen several questions appear about low level formatting a hard drive. It is important to note that this will only solve some viral problems, and may not solve anything if not approached correctly. After performing a low level format (actually a diskwipe from the Norton Utilities from a ``clean'' system would do just as well) it is important that all software be reloaded from trusted original disks. DO NOT JUST RELOAD A BACKUP! Reloading a backup may remove some of the DOS boot block viruses like the BRAIN virus, but will do nothing for viruses infecting other programs. Remember, 40% or more executable files for an IBM-PC with the ``.COM'' extension begin with a long jump (read, are easily infected by viruses). I can not stress enough the importance of reloading software, especially the operating system, from the original distribution media with the original write protect tab intact. viruses in general: In his letter of Monday 12 Dec 88, Michael J. MacDonald referred to a program that sounded clearly to be a virus as a worm. I think that there is quite a bit of confusion going around about these terms. I am not an ultimate authority on this subject, but I believe that the following definitions are correct. VIRUS: A piece of code that attaches to another piece of code or program and replicates itself, or a mutated copy of itself, on to other pieces of code, or programs. Note that this definition does not require that the piece of code be damaging in the classical ways, i.e., hard drive reformat. It requires only the two criteria of reproduction, and host requirement. WORM: A piece of code that replicates itself elsewhere, not requiring any type of host code, i.e., a stand alone program. Note that some times a ``gang of programs'' will work in cahoots, such as the internet worm that cast out a ``grapling hook'' program and then transferred itself using the hook. Enough ravings for one night. Thank you all for your ear, and I hope that I have not offended too many people. Comments and suggestions are of course welcome. But please make them by individual E mail if they are not of a constructive nature to the general forum of VIRUS-L. - -- Stephen D. Cohen Remember always that the gritty!fuzbat!steve@rutgers.edu ox is slow, but the earth 44 Center Grove Road Apt M-42 is patient. Randolph, NJ 07869 ------------------------------ Date: Fri, 6 Jan 89 13:51:28 CST From: B645ZAX@utarlg.arl.utexas.edu Subject: HARdware SECurity-L summary: Nobody wants it A couple of digests ago, I asked what you thought about a HARdware SECurity list (considering the recent disk drive conversation). I got four responses & saw one on a digest. The vote is 5-0 against a new list. Reasons cited: people didn't want to sub to yet another list, the issues are relevant to viruses, and there is already a security list. Enough said, send comment to me at: - -David Richardson uucp:...!{texbell.cs.utexas.edu, ames}!utarlg.arl.utexas. edu!b645zax bitnet:b645zax@utarlg internet: b645zax@utarlg.arl.utexas.edu ------------------------------ Date: Fri, 6 Jan 89 13:58 EDT From: Subject: Comments re: Government standards for software It is worth noting that the federal government is in fact rather deeply involved in the development of software standards; sometimes originating them, more often adopting standards of the American National Standards Institute or other responsible bodies. Government professionals participate on many of the committees which develop these standards. A very brief list of standards developed with at least some government involvement includes the American Standard Code for Information Interchange, COBOL, FORTRAN, BASIC, PASCAL, and ADA. The government is also deeply involved in operating system standardization and communication protocols. What is significant is that the government does not force anybody to meet any standard. It will, as a rule, only buy products which meet applicable standards--and this preference has had some influence on the marketplace. It would be both unrealistic and undesirable to expect the government to inspect and guarantee every copy of every software package sold. There are existing laws and concepts of liability which cover these situations. I cannot believe that anyone seriously harmed by carelessly marketed or prepared software products could fail to recover (handsomely) in court. DISCLAIMER: The opinions expressed here are strictly my own, and do not carry any approval or represent any policy of my employer. Barry L. D. Newton National Institute of Standards & Technology ------------------------------ Date: Fri, 06 Jan 89 17:14 EST From: John B Harlan Subject: Anti-virals-for-micros inquiry (PC) As someone new to the world of computing viruses, I'm in need of some advice. I am one of two regular users of an IBM PC XT (with an Inboard/386 motherboard and a 30Mb hard disk). My employer and I are both concerned about the possibility (remote as it may be) of a virus infecting our set-up. We try to practice "safe computing" -- we aren't promiscous in the swapping of software, etc. -- but nonetheless we're wondering if some sort of protection might be prudent. What sort of anti-viral software could/would any of you recommend for a micro environment such as ours? (We operate under IBM DOS 3.20, incidentally.) Or is such software necessary? Does fairly frequent connection to BITNET have any bearing on risk? (If so, is there any effective way of combatting that risk?) I apologize if my questions expose my ignorance or naivete, but I figure Virus-L is the best place to seek enlightenment! Thanks in advance for any help. John B Harlan JBHRGC@IrishMVS.BITNET Post Office Box 693 / South Bend, Indiana 46624-0693 + + + + + + + + + + + + + + + + + + + + + + + + + Views subject to recantation without notice. + + Ideas not guaranteed for workmanship. Their + + origin often unknown and best left that way. + + My employer and node IrishMVS not culpable. + + + + + + + + + + + + + + + + + + + + + + + + + ------------------------------ End of VIRUS-L Digest *********************