VIRUS-L Digest Wednesday, 4 Apr 1990 Volume 3 : Issue 68 Today's Topics: scan60 (PC) Re: Death of a Virus New files on MIBSRV (PC) RE: Death of a virus Request for Anit-Viral Software (Amiga) Anti-viral software for PC Small Pox VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. Please sign submissions with your real name. Send contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@CERT.SEI.CMU.EDU. Ken van Wyk --------------------------------------------------------------------------- Date: Tue, 03 Apr 00 11:03:00 -0500 From: Bob Babcock Subject: scan60 (PC) I tried SCAN60 on the virus-infected version of CHKDSK which was mailed to the VALERT list; SCAN did not detect the infection. I have not peersonally verified that the file contained a virus, but a partial disassembly with a debugger showed that the file has been modified, and past messages on this list have indicated that a virus was found in this file. ------------------------------ Date: 03 Apr 90 00:00:00 -0500 From: "David.M.Chess" Subject: Re: Death of a Virus Dave Ihnat writes: > elimination of the conditions that lead to viruses basically means > redesigning the computers that are attacked to eliminate the > simplistic hardware model that allows full access to the single user. Unfortunately, viruses do not depend on this hardware model; viruses can spread in any system that allows both programming and information sharing, regardless of whether or not programs have direct access to the hardware, whether or not the system is assumed to be single-user, and so on. See various papers by Fred Cohen on the subject. As long as (roughly) some programs sometimes have write-access to some other programs, viruses can spread. Dave Chess IBM T. J. Watson Research Center ------------------------------ Date: Tue, 03 Apr 90 12:24:20 -0500 From: James Ford Subject: New files on MIBSRV (PC) The following files have been placed on MIBSRV.MIB.ENG.UA.EDU (130.160.20.80) for anonymous FTP in the directory pub/ibm-antivirus. SCANV61.ZIP - McAfee's SCAN 3.1V61, scans for 85 virii. (update) SCANRS61.ZIP - McAfee's tsr SCAN 1.4V61 " NETSCN61.ZIP - McAfee's NETSCAN V61 " CLEANP61.ZIP - McAfee's CLEAN UP program " AVS214.ZIP - AVSEARCH - Virus Search Program V2.14 - Scan for 75 virii. DETECT31.ZIP - The Detective R3.1. File tracking/virus detector. Can be used on Novell Networks. (update) EXPEL11.ZIP - EXPEL V1.1 by Toltech. Virus control device that sample/ track options. HACKTHES.ZIP - A thesis paper on the Computer Underground. Text includes information on hackers, pirates, phreakers, etc. HACKER.THESES - Same as above, but not ZIPed (generic ascii text file) Comments: EXPEL11's virus tracker/extracter looks interesting. Since I don't like to keep a live virus around, I really don't know how effective it is. Perhaps a virus guru can give us a better opinion of this particular option of this program? The SCAN series of programs were download directly from McAfee's BBS on 4/2/90 at 10:30pm. SCANV60 will remain on MIBSRV until 4/7/90 in case requests are pending at BITFTP@PUCC. The files were reZIPed using the - -ex option of PKZIP for maximun compression. NOTE: A user has written "Why are the versions of SCAN on MIBSRV, Simtel20 and (add your favorite BBS) different in size when they both say they get files from Homebase?" They have not been ZIPed for maximun compression (ie, PKZIP -ex -a (zipname) *.*). With PKZIP, you can have 4 levels of compression. Level 1 makes a ZIP file *fast* but doesn't compress it very much. Level 4 takes the longest to make a ZIP file, but does max compression. So you could actually ZIP the same files 4 times and get 4 different ZIP sizes. If your worried about McAfee's files, just run his VALIDATE program on them. If the two generated numbers match whats posted on his board (or in the docs), then the files are good copies. - ---------- The usefulness of any meeting is in inverse proportion to the attendance. - ---------- James Ford - JFORD1@UA1VM.BITNET, JFORD@MIBSRV.MIB.ENG.UA.EDU THE University of Alabama (in Tuscaloosa) ------------------------------ Date: Tue, 03 Apr 90 13:57:00 -0600 From: david paul hoyt Subject: RE: Death of a virus > I think when a discussion of a virus and how to deal with a virus > is talked about it is a good idea to take a look at the first disease > that man has been able to eliminate totally... It was possible to eradicate smallpox because three conditions existed. 1) Smallpox had only one host (humans). 2) Smallpox had only one vector (humans). 3) Smallpox could not survive outside of a host. To eradicate smallpox one (only) had to be assured that no human carried the disease. WHO has accomplished this. Currently the only copies of the smallpox virus is in the hands of national biological weapons researchers and perhaps some health workers. Assuming that no one is stupid enough to release smallpox from the labs, smallpox will never again show up in the human population. However, other viruses will; e.g. cow-pox and AIDS. The same conditions do not hold true for any computer virus. Take WDEF for instance. We could 'immunize' all current Mac's with Gatekeeper's Aid. This would eliminate all active occurrences of WDEF. However WDEF can lay dormant on a floppy. So when the world thinks that is safe from WDEF and stops inoculating (as we have with smallpox) it would only take one floppy that was hidden in someone's desk to re-infect the community all over again. In all probability, there will be someone to come along and write another virus to get around our immunization program anyway. So taking the such draconian measures, as WHO did in the 60's and 70's for smallpox, would be a waste of time for computer viruses. Besides the damage is pretty slight, when you compare it to smallpox. Perhaps my real point should be this Computer viruses are not the same thing as biological viruses. They both have the same word in them (virus), but then so do boardroom and bathroom. We may see similarities between the two, but they are really quite different. We shouldn't push the analogy too far. What would we say to the janitor who says "I clean the bathroom with this toilet cleaner, the boardroom and bathroom are both rooms, so I'll clean the leather seats in the boardroom with this toilet scrubber." Just because words have the same root, doesn't make them the same thing. david | dhoyt@vx.acs.umn.edu | dhoyt@umnacvx.bitnet ------------------------------ Date: 03 Apr 90 21:47:57 +0000 From: xrtnt@amarna.gsfc.nasa.gov (Nigel Tzeng) Subject: Request for Anit-Viral Software (Amiga) I am looking for an anti-viral program like the Macintosh Vaccine/GateKeeper programs for the Amiga. I am also looking for an anti-viral program that will check my hard drive for viruses on programs that I download directly to it. I am currently running the most recent version of VirusX but it does not seem to scan my hard drive. So far I am hoping that the large FTP archives are clean and merely backing up regularly. I know this isn't particuarly safe but I really do not want to recopy everything to a floppy so that VirusX will look at it. Do I have VirusX misconfigured? The disk checked count does not indicate that it is checking hd0:. Thank you for any information. I will post a synopsis of any information I get on comp.sys.amiga. Nigel Tzeng - ------------------------------------------------------------------------------ \c- - - A| Nigel Tzeng - STX Inc. - xrtnt@csdr.gsfc.nasa.gov // m| // i| Standard Disclaimer Applies: The opinions expressed are my own. \\ // g| \X/ a| "Producing a system from specifications is like walking on water... | It's a helluva lot easier if it's frozen" - Seen on a wall... - ------------------------------------------------------------------------------ \c- - - ------------------------------ Date: Tue, 03 Apr 90 14:41:00 -0600 From: Harold Esche Subject: Anti-viral software for PC I am putting together a diskette of anti-viral software for distribution to faculty, staff and students at the University of Calgary. Since I haven't had much experience with virus attacks I would appreciate any feedback on the pros and cons of the many programs for fighting viruses. I am looking for a program or a collection of programs that will be best suited for distribution for a wide variety of system configurations and levels of user expertise. - - Harold Esche ------------------------------ Date: Tue, 03 Apr 90 20:18:51 -0500 From: Henry Treftz Subject: Small Pox Okay, Okay..... I was wrong, perhaps Small Pox is not a good example of a virus treatment method. However the idea of taking a strong aproach to elimination and a strong aproach to treatment and prevention such as the World Health Org. did twords Small Pox I feel is still an effective method of dealing with a computer virus problem. Henry A. Treftz - -------------------------------------------------------------------------- Henry | a10hat8@cs.niu.edu arpa | Treftz | a10hat8@cs.niu.bitnet | Hi mom Nrth. IL| 460 Lincoln hall | Univ | DeKalb, IL 60115 | - --------------------------------------------------------------------------- P.S I do not represent NIU as an offical party, I am just a student also my poor spelling is NOT a reflection on our English Dept. rather it is just my lack of spelling ability ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253