VIRUS-L Digest Monday, 9 Jan 1989 Volume 2 : Issue 6 Today's Topics: Any Friday the 13th Virii? Some thoughts on VIRUS-L & comments on hard disk format (PC) HARdware SECurity-L summary: Nobody wants it Comments re: Government standards for software Anti-virals-for-micros inquiry (PC) --------------------------------------------------------------------------- Date: Fri, 6 Jan 89 09:17:10 EST From: msmith@topaz.rutgers.edu (Mark Robert Smith) Subject: Any Friday the 13th Virii? I recently saw some info on UseNet about a virus that activates on Friday the 13th. Since we'll have one of these next week, could you all please send in whatever info on detection/removal of all virii that activate on this date? thanks. Mark - ---- Mark Smith (alias Smitty) "Be careful when looking into the distance, 61 Tenafly Road that you do not miss what is right under your nose." Tenafly, NJ 07670-2643 {backbone}!rutgers!topaz.rutgers.edu!msmith msmith@topaz.rutgers.edu R.I.P. Individual Freedoms - 11/8/88 ------------------------------ Date: Thu, 05 Jan 89 01:57:46 EDT From: Stephen D. Cohen Subject: Some thoughts on VIRUS-L & comments on hard disk format (PC) Some notes on the VIRUS-L mailing list and submissions there to, but first an introduction, I am Stephen D. Cohen I am a systems engineer with a small R and D firm in northern New Jersey. I have a degree in Computer Engineering (EE core until Senior year, with extra emphasis on software) from Lehigh university. I have been interested in viruses, worms, and computer security in general for about 5 years now. I have been a subscriber to this list off and on since spring of 88. The reason that I have to cancel subscription from time to time is a simple matter of cost to me, and proper etiquette from my fellow network users. I AM IN NO WAY ASKING FOR CONTRIBUTIONS OR IN ANY WAY PLEADING!! I am merely alerting you all to the existence of users who are not institutional, do not have multi-million dollar corporations providing them with network connectionires a long distance phone call. What I am about to say can be considered flaming or raving if one wishes to take it that way. I need to get this off my chest. I requested from Ken Van Wyk that a partially decomposed digeshave, that ie deadwood striped out ofthat the effort required on his part would be to great. I and contributors, take the initiative to eliminate the dead 1. On Monday 12 Dec 88, Victor ET Christensen posed a 250 line message containing the full text of a couple of articles from a well known journal for which citations were given! Could he not have left it at and Dan Hankins accounted for at least 250 lines of text in the last 10 digests. Shouldn't we be having this discussion (argument?) in a private forum, i.e., individual E mail? 3. Some of the Trailers are getting out of hand. I am not talking about the people with one or two line cute expressions at the end of rifice personal demographic information for the sake of humor. I am talking about the 10 line monstrositis with pictures of New York state on them showing us iles) in case we cared, didn't own an atlas, don't know any one who owns an atlas, or don't know how to use a library to gain access to one. I single out this t this forum would be more effective for all if the information content could just be raised a few points, and some of the white space (brown space?) eliminated. Enough of my ravings. I feel much better now. A few notes on issues that I have been reading about. Low level formats of fixed disks: I have seen several questions appear about low level formatting a hard drive. It is important to note that this will only solve some viral problems, and may not solve anything if not approached correctly. After performing a low level format (actually a diskwipe from the Norton Utilities from a ``clean'' system would do just as well) it is important that all software be reloaded from trusted original disks. DO NOT JUST RELOAD A BACKUP! Reloading a backup may remove some of the DOS boot block viruses do nothing for viruses infecting other programs. Remember, 40% or more executable files for an IBM-PC with the ``.COM'' extension begin with a long jump (read, are easily infected by viruses). I can not stress enough the importance oflly the l distribution me intact. viruses in general: In his letter of Monday 12 Dec 88, Michael J. MacDonald referred to a program that sounded clearly to be a virus as a worm. I think that there is quite a bit of confusion going around about these terms. I am not an ultimate authority on this subject, but I believe that the following definitions are correct. VIRUS: A piece of code that attaches to another rogram and replicates its, on to other pieces of code, or programs. Note that this definition does not require that the piece of code be damaging in the classical ways, i.e., hard drive reformat. It requires only the two criteria of reproduction, and host requirement. WORM: A piece of code that replicates itself elsewhere, not requiring any type of host code, i.e., a stand alone program. Note that some times a ``gang of programs'' wi``grapling hook'' program and then transferred itself using the hook. Enough ravings for one night. Thank you ave not offended too many people.f they are not of a construcRUS-L. - -- Stephen D. Cohen at!steve@rutgers.edu h 44 Center Grove Road Apt M-42 is patient. Randolph, NJ 07869 ------------------------------ Date: Fri, 6 Jan 89 13:51:28 CST From: B645ZAX@utarlg.arl.utexas.edu Subject: HARdware SECurity-L summary: Nobody wants it A couple of digests ago, I asked what you thought about a HARdware SECurity list (considering the recent disk drive conversation). I got four responses & saw one on a digest. The vote is 5-0 against a new list. Reasons cited: people didn't want to sub to yet another list, the issues are relevant to viruses, and there is already a security list. Enough said, send comment to me at: - -David Richardson uucp:...!{texbell.cs.utexas.edu, ames}!utarlg.arl.utex645u -- It is worth noting that the federal government is in fact rather deeply involved in the development of software standards; sometimes originating them, more often adopting standards of the American National Standards Institute or other responsible bodies. Government professionals participate on many of the committees which develop these standards. tandards developed with at least some government involvement includes the American Standard Code for Information Interchange, COBOL, FORTRAN, BASIC, PASCAL, and ADA. The government is also deeply involved in operating system standardization and communication protocols. What is significant is that the government does not force anybody to meet any staly buy products which meet applicable standards--and this preference has had some influence on the marketplace. It would be both unrealistic and undesirable to expect the govee every copy of . There are existing laws and concepts of liability which cover these situae seriously harmed by carelessly marketed or prepared software products could fail to recover (handsomely) in court. expressed here are strictly my own, and do not policy of my employer. Barry L. D. Newton National Institute of Standards & Technology ------------------------------ Date: Fri, 06 Jan 89 17:14 EST From: John BET> Subject: Anti-virals-for-micros inquiry (PC) As I am one of two regular users of an IBM PC XT (with an Inboard/386 motherboard and a 30Mb hard disk). My employer andpossibility (rems infecting our set-up. We try to practice "safe computing" -- we aren't pe, etc. -- but nonetheless we're wondering if some sort of protection might be prudent. What sort of anti-viral software could/would any of you recommend for a micro environment such as ours? (We operate under IBM DOS 3.20, incire necessary? Does fairly frequent connection to BITNET have any bearing on risk? (If so, is there any effective way of combatting that risk?) I apologize if my questionaivete, but I figure Virus-L is the best place to seek enlightenment! Thanks in advance for any help. Box 693 / South Bend, Indiana 46624-0693 + + + + + + + + + + + + + + + + + + + + + + + + + Views subject to recantation without notice. + + Ideas not guaranteed for workmanship. Their + + origin often unknown and besmployer and node IrishMVS not culpable. + + + + + + + + + + + + + + + + + + + + + + + + + ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253