VIRUS-L Digest Tuesday, 14 Mar 1989 Volume 2 : Issue 64 Today's Topics: Virus hysteria. Re: PC Boot Sector Viruses Reply on notarization File lock protection? (Mac) --------------------------------------------------------------------------- Date: Mon, 13 Mar 89 08:40 EST From: Cincinnati Bengals. Subject: Virus hysteria. I was wondering if anyone has comments on the way reports of viruses seem to be given too much attention by the media. As an example, when our Mac's were hit by the nVIR virus, a local newspaper, the Cincinnati Post, place a report of the virus on the front page. The virus was a relatively minor occurance, start-ups were being disabled, applications were being altered, but no loss of data. Surely this is newsworthy, but front page? This seems comparable to placing reports on the front page every time the common cold breaks out on campus. Comments? Tom Kummer ------------------------------ Date: 13 Mar 89 22:14 -0100 From: Jeff Raynor Subject: Re: PC Boot Sector Viruses In issue #61, Y. Radai discusses the "bouncing ball" virus and its spread outside of his area to other European countries. This made me think about the transmission method of these beasts. A straight-forward boot sector virus would only be spread by the boot sector (physical media) and so wouldn't propogate across serial lines ("electronic media": modems, BBS, "long distance" networks) - but might on local nets. I would be interested to hear from those unfortunate to be infected: Was the infection via an infected disk? Was the "culprit" disk identified? Was the disk created by a user? Was the disk formatted by a user? Was the disk from a software house? Was the disk received by post or by person? I realize that its naive to assume that you can only get infected with .EXE viruses via a line or boot sectors with physical media. I would have thought that the disadvantage of propagation of the boot sector types would have favoured the .EXE types. However, most of the PC viruses currently causing damage seem to be the boot sector types. Anyone in netland like to comment? Jeff Raynor EAN: RAYNOR%RZSIN.SIN.CH Paul Scherrer Institut, Zurich, Switzerland. ------------------------------ Date: Mon, 13 Mar 89 17:49:05 EST From: Jefferson Ogata (me!) Subject: Reply on notarization > .... Many mechanisms can be used to protect the software that > might check a "cryptographically sealed" program. The simplest > is to restart a computer with the verification software on a disk > with the write protect tab set. Other schemes are possible and > are independent of the cryptography and data formats. That's fine if you only want to check things once in a while; but what are these other schemes? And how do you protect your operating system? And you're ignoring the context of the remark: keeping programs in an encrypted state until execution. Surely you don't propose to reboot the computer every time a program is executed. The difference between keeping programs in an encrypted state and just computing signatures on them is that the former actually deters the spread of a virus, while the latter merely allows you to detect it. > I am proposing a hierarchical notarization system... I must assume you are referring to the type of system described (rather lucidly) in the last issue by William Murray, which relies upon an already existing network of trusted sources. I can see this as viable in some ways. But I'm not clear on how it would help the average user who has very few "trusted" sources. Even software houses have distributed viruses inadvertantly of late. >> ... Such signatures would be just as easily corrupted as the >> programs in question. > Wrong. Read any recent article on public key cryptography. Public-key cryptography works fine when you have a method of distributing the decryption key uncorrupted. But in the case of a signature list coming from a bulletin board (for example), using a public-key method just abstracts the problem one more step. You STILL need a clean channel for transmitting the decryption key; else anyone can modify a decrypted version of the signature file, encrypt it again with another public key set and distribute the new decryption key with the new signature file. This is a trivial step for anyone who actually desires to modify the signature file. Public-key cryptography is just begging the question. And once again, if you have this uncorruptable method for transmitting the decryption key, you may as well transmit something simpler, like file size, various checksums and crcs, or the entire program. It again boils down to whom you can trust. - - Jeff Ogata ------------------------------ Date: Mon, 13 Mar 89 16:48 EST From: "Mark H. Anbinder" Subject: File lock protection? (Mac) MacUser magazine reported in the Tip Sheet section of their April issue that locking individual files using the Locked bit of the Finder info (using the Locked button in the Get Info window, or a file utility program) will prevent virus infection. I don't remember whether they said "prevent" or "help prevent," so please don't correct me if I missed a word. My question -- will this really accomplish anything? Can any known viruses infect an application file that has its Locked bit set? Mark H. Anbinder Department of Media Services Cornell University ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253