Return-Path: Received: from csmes.ncsl.nist.gov ([129.6.54.2]) by first.org (4.1/NIST) id AA00514; Mon, 19 Oct 92 11:32:17 EDT Posted-Date: Mon, 19 Oct 1992 10:55:56 -0400 Received-Date: Mon, 19 Oct 92 11:32:17 EDT Errors-To: krvw@cert.org Received: from Fidoii.CC.Lehigh.EDU by csmes.ncsl.nist.gov (4.1/NIST(rbj/dougm)) id AA06105; Mon, 19 Oct 92 11:26:48 EDT Received: from (localhost) by Fidoii.CC.Lehigh.EDU with SMTP id AA46371 (5.65c/IDA-1.4.4); Mon, 19 Oct 1992 10:55:56 -0400 Date: Mon, 19 Oct 1992 10:55:56 -0400 Message-Id: <9210191311.AA07383@barnabas.cert.org> Comment: Virus Discussion List Originator: virus-l@lehigh.edu Errors-To: krvw@cert.org Reply-To: Sender: virus-l@lehigh.edu Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas From: "Kenneth R. van Wyk" To: Multiple recipients of list Subject: VIRUS-L Digest V5 #164 Status: R VIRUS-L Digest Monday, 19 Oct 1992 Volume 5 : Issue 164 Today's Topics: CPAV false positives (was FLIP) (PC) Stoned On Non-dos Partition (PC) Stoned on non-dos partition (PC) Flip (PC) Terminator 2 and Gobler (PC) How to tell if CPAV is infected? (PC) antiviral code for an .EXE (PC) New PC Trojan in Superpower game (PC) Request info on FORM (PC) Windows 3.1 virus detection (PC) Re: Maltese Amoeba virus (PC) Re: FLIP (PC) NAV 2.1 -- MtE False Alarms (PC) Scan/Clean vs. F-protect (PC) Oliver virus ... (PC) Re: A less virus prone architecture re: A less virus prone architecture software protection in libraries Re: driver's licence Re: driver's licence VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. (The complete set of posting guidelines is available by FTP on cert.sei.cmu.edu or upon request.) Please sign submissions with your real name. Send contributions to VIRUS-L@LEHIGH.EDU. Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. A FAQ (Frequently Asked Questions) document and all of the back-issues are available by anonymous FTP on cert.org (192.88.209.5). Administrative mail (comments, suggestions, and so forth) should be sent to me at: . Ken van Wyk ---------------------------------------------------------------------- Date: Sat, 10 Oct 92 02:59:05 -0000 >From: pd@nwavbbs.demon.co.uk (Peter Duffield) Subject: CPAV false positives (was FLIP) (PC) rslade@sfu.ca writes: >Incidentally, further to Microsoft's inclusion of portions of CPAV in >MS-DOS version 6, someone who has seen a beta copy indicates that >VSAFE will be included. Fortunately, VSAFE is the activity monitor >portion, and does not do any signature scanning. Alas, it is still seen as infected with Flip by other scanners :( Peter - -- Peter Duffield pd@nwavbbs.demon.co.uk (Internet) Voice: +44 244 545669 BBS: +44 244 550332 8,N,1 North Wales Anti-Virus Support BBS, FidoNet: 2:250/201, VirNet: 9:441/110 === PGP 2.0 == public key available on request == Key ID 991AB1 === ------------------------------ Date: Mon, 05 Oct 92 05:38:02 -0000 >From: Nemrod_Kedem@f0.n972.z9.virnet.bad.se (Nemrod Kedem) Subject: Stoned On Non-dos Partition (PC) > The machine at work is currently running on non-standard PC-MOS > version 6.1 to 6.2. > This is bad. > A stoned virus has somehow attatched itself to the hard disk and copies > itself to all the floppies inserted in all the floppy drives. > I would appreciate anyone getting back to me about how Stoned works, > or where it may rest on the hard disk. The simple solution of deleting > the partition and reinstalling won't work because the program we use > has a database, backed up and infected. Use a phisical disk editor to inspect track 0, side 0, sector 7. Stoned virus usually copies the original MBR to that sector. If it seems like the original MBR, just copy it over the infected MBR at cylinder 0, side 0, sector 1 and reboot the system. Regards, Rudy. ------------------------------ Date: Tue, 06 Oct 92 14:58:00 -0000 >From: Carlos_Baptista@f0.n351.z9.virnet.bad.se (Carlos Baptista) Subject: Stoned on non-dos partition (PC) NK Use a phisical disk editor to inspect track 0, side 0, sector 7. NK Stoned virus usually copies the original MBR to that sector. NK If it seems like the original MBR, just copy it over the infected MBR NK at cylinder 0, side 0, sector 1 and reboot the system. Can you tell me a name of an Phisical disk editor, please? Thanks! * OLX 2.1 TD * Carlos Batista * Blaster BBS Co-SysOp * 351-1-3878640 - --- Squish v1.01 ------------------------------ Date: Tue, 06 Oct 92 14:58:00 -0000 >From: Carlos_Baptista@f0.n351.z9.virnet.bad.se (Carlos Baptista) Subject: Flip (PC) Hi! Can anyone tell me if the Flip Virus, is such inofensive as he appears? My computer was infected by it, and in a 2 hours I get free of it with no special effort thant of running SCAN after a boot... CPAV and Scan v.89 doesnt' detect anything, but I'm afraid that the problem is still here... it was so easy... * OLX 2.1 TD * Carlos Batista * Blaster BBS Co-SysOp * 351-1-3878640 - --- Squish v1.01 ------------------------------ Date: Sat, 10 Oct 92 16:27:15 +0100 >From: Robert Turner Subject: Terminator 2 and Gobler (PC) Hi One of our students came in the other day, reporting a virus that our scanner didn't pick up on (Solomons' Guard - Memory resident). This was Terminator 2, and it had been reported by a piece of software called 'Gobler' or something similar. Now, none of the virus stuff that either myself or a friend working for British Gas (where the student claims he got the virus) has a record of this virus. They all mention Terminator, but not Terminator 2. Does anyone have any knowledge of either this virus, or of the validity of the report? Both myself and my friend would be most interested as between us we are responsible for the virus-free state of almost 1500 PCs. Thanks in advance, Rob - -- _________________________________________________________________________ / | \ | Rob Turner, PC Support | email : Robert.Turner@brunel.ac.uk | | Brunel University | | | London, England | Wonko the Sane was right ! | \____________________________|____________________________________________/ ------------------------------ Date: Mon, 12 Oct 92 11:52:31 -0400 >From: A.APPLEYARD@fs1.mt.umist.ac.uk Subject: How to tell if CPAV is infected? (PC) It is well known that CPAV gives many false positives due to its contained unencrypted search strings. How then can a user tell if the (file(s) that he keeps his copy of CPAV on) are actually infected? ------------------------------ Date: Mon, 12 Oct 92 12:12:02 -0500 >From: kodiak@matt.ksu.ksu.edu (Bryan D. Nehl) Subject: antiviral code for an .EXE (PC) I remember hearing of C code that you could add to your program that wouldn't let it run if it detected that it had been changed. Any idea where I can find this code? It would be great if the source is available for both Unix and DOS. Bryan. /* === Bryan Nehl ========== kodiak@Kodiakpc.Manhattan.KS.US =========+ [ USDA-ARS-NPA-WERU ][ bdn@chepil.weru.ksu.edu ] [ 913.532.6233 or 913.532.6495 ][ kodiak@matt.ksu.ksu.edu ] +_______________ ...!rutgers!matt.ksu.ksu.edu!kodiak _______________ */ ------------------------------ Date: 12 Oct 92 18:06:35 +0000 >From: ggw@cs.duke.edu (Gregory G. Woodbury) Subject: New PC Trojan in Superpower game (PC) One of my co-workers runs a BBS in Pittsboro NC. They got hit by a trojan that was embedded in a game called "superpower". The zip file purports to be a game for bbs sytems (such as WWIV, TBBS, RA, etc) but when unzipped it shows several secondary zips, which when uncompressed and run even with scanning, trashes the boot block, partition table, FAT and Root directory of the disk it was running from. Post-mortem examination of the drive with Norton showed the basic information in the disk information window and the partition tables as being replaced with "Your disk is screwed, that's what you get for running superpower" (one word in each field down the display.) The original zip file was disposed of before the damage was done, and the actual source of the trojan was not on a local area BBS. Best reflections point to a possible origin in Pennsylvania. The game was run under Windows, but the disk was trashed anyway. The drive had to be low level formatted to restore proper operation. The victim in this case was eddie@cds.duke.edu. - -- Gregory G. Woodbury, System Programmer, Duke Center for Demographic Studies ggw@cds.duke.edu | ggw@cs.duke.edu also at The Wolves Den and other sites. (...!duke!wolves!ggw) [The Line Eater is a Boojum snark!] ------------------------------ Date: 12 Oct 92 14:50:35 -0500 >From: schilligl@iccgcc.decnet.ab.com Subject: Request info on FORM (PC) HI, Does anyone Know what the FORM virus can do to a system? Larry Schillig ------------------------------ Date: Mon, 12 Oct 92 16:27:20 -0400 >From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Windows 3.1 virus detection (PC) Having been forcably converted from DesqView (and DVX) to Windows, some sandbox time was spent over the weekend with surprising results. One of the discoveries was a way to induce DOS to run a .BAT file on opening a MS-DOS Window (blue screen, set proper PATH & SET variables, open in pre-windows directory, set special PROMPT, etc.) but that doesn't have anything to do with viruses 8*) The interesting fact was that with the addition of a 200 Mb drive to my personal machine I no longer had to use a compressed drive on that PC permitting the fast(er) 32bit disk access possible with Windows 3.1 - - quite a speed improvement but also a shock: The first time Windows loaded after being told, a black screen appeared notifying me that Windows could not use the 32bit access since "something" possibly a VIRUS was present. This turned out to be my DISKSECURE program which traps Int 13 during BIOS load, but means that nearly all MBR and BSI infectors (as well as anything else that traps Int 13) will probably trigger the same screen if loaded after Windows 3.1. Of course, if such programs are present before Windows is installed, then it will not select 32 bit as evidenced by the line "32BitDiskAccess=off" in SYSTEM.INI, however the majority of modern 386 PCs using uncompressed MFM, RLL, & ISA drives *should* be able to use the fast access. It will be interesting to see if the disk compression bundled with DOS 6.0 will also block this. (Note: SafeMBR does not go resident & does not bother Windows 3.1) Now I *know* how to fix the problem with DiskSecure & will be providing a module soon to allow 32bit Windows disk access, but even so, people hearing reports of Win 3.1 suddenly failing on 32 Bit Disk access should be suspicious of a possible virus infection. Cooly (66 degrees F in here today), Padgett "Windows" appears to be the registered property of Microsoft corporation, despite possible opinions to the contrary. ------------------------------ Date: 06 Oct 92 13:27:30 +0000 >From: jason.hatley@f858.n800.z3.fido.zeta.org.au (Jason Hatley) Subject: Re: Maltese Amoeba virus (PC) Hello der, well the maltese amoeba virus infects .COM and .EXE files. On March 15 and November 1 each year it will stuff up the first 4 sectors of the first 30 cylinders on your hard disk. I would be a good idea to gt NAV to get rid of it b4 the end of the month! - --- Maximus 2.01wb * Origin: < The Keyboard BBS > - V32-V42bis, Call 08-344-5354 (3:800/858) ------------------------------ Date: Tue, 13 Oct 92 08:05:18 -0400 >From: "David M. Chess" Subject: Re: FLIP (PC) > From: HIIND@delphi.com > Since it is almost impossible > for Anti-Virus developers to test for these types of inconsistancies > it makes it very important to cold boot between Anti-Virus Tests. It certainly is a pain to test for this sort of thing. For a developer to test to make sure that all other popular anti-virus tools aren't leaving bits of viruses in memory is time-consuming and no fun. On the other hand, it's comparatively *easy* to make sure that one's own tool doesn't leave virus fragments around (any competent programmer can set things up so that the signatures scanned for never appear "in clear" in memory at all). I can't think of any justification, with the marketplace now as mature as it is, for any serious anti-virus program to still leave virus fragments around in memory on a clean system. - - -- - David M. Chess \ Femmes aux tetes de fleurs High Integrity Computing Lab \ retrouvant sur la plage la IBM Watson Research \ depouille d'un piano a queue ------------------------------ Date: Tue, 13 Oct 92 13:48:22 +0000 >From: doc@magna.com (Matthew J. D'Errico) Subject: NAV 2.1 -- MtE False Alarms (PC) Norton Anti_Virus version 2.1 is reporting False Alarms for Mutation Engine virii against widely distributed files, such as Adobe Type Manager fonts for example... The folks at Norton Technical Support say that if the file is not a .COM or .EXE and/or is less than 2KB in size, then not to worry... They also claim that a new testing algorithm is being prepared for a soon-to-be-released maintenance update... Just thought I'd try to avert some panic ! Regards -- - -- Doc +-------------------------------+---------------------------------------+ | Matthew J. D'Errico | DOMAIN: mderrico@magna.com | | Magna Software Corporation | uucp: uunet!magna!mderrico | | 275 Seventh Avenue | CompuServe: 70744,3405 | | 20th Floor +---------------------------------------+ | New York, NY 10001 | Voice : 212 / 727 - 6737 | | USA | Fax : 212 / 691 - 1968 | +-------------------------------+---------------------------------------+ ------------------------------ Date: Tue, 13 Oct 92 10:52:33 -0400 >From: "Paul D. Bradshaw" Subject: Scan/Clean vs. F-protect (PC) I recently did a test on McAfee's Clean vs. f-protect for the universities local electronic virus conference. I thought some of you here on virus-l might like to see my results. Basically, I was pointing out that scan and clean don't identify viruses very well, as well as that f-protect will do a better job of disinfecting a boot sector virus anyway. ________________ cut here __________ When I try to disinfect a disk infected with azusa with the command Clean [stoned] it says it can't find the virus. But, when I try to disinfect a disk infected with michaelangelo with the command Clean [stoned] it butchers the boot sector. Actually Clean butchered the boot sector no matter what command line prompt I gave it. You can draw your own conclusions from that. I created three disks infected with the Michaelangelo virus, and tested (a) Clean [stoned], (b) Clean [mich], and (c) f-protect on it. The results of my little experiement are listed below. 1) Clean will run with the incorrect virus identifer. 2) This may be because stoned and michaelangelo are a lot the same. 3) F-Protect correctly disinfected my disk, while Clean butchered the boot sector on my disk. This happened with both clean [stoned] and clean [mich]. 4) I used Cleanv95, and F-Protect v2.05. These are the two most current releases of each product. Below is the NDD report for each disinfection session. _______ Norton Disk Doctor run on 1.2 meg 5 1/4 inch diskette after clean [stoned] was run. SYSTEM AREA STATUS ----------------------------------------- Boot Record Program is Invalid Status: NOT Corrected; Skipped Invalid Disk Table in Boot Record Status: NOT Corrected; Skipped _____ Results of Norton Disk Doctor run on disk disinfected with clean [mich] FILE STRUCTURE STATUS ----------------------------------------- No Errors in the File Structure SURFACE TEST STATUS ----------------------------------------- Surface Test not performed SYSTEM AREA STATUS ----------------------------------------- Boot Record Program is Invalid Status: NOT Corrected; Skipped Invalid Disk Table in Boot Record Status: NOT Corrected; Skipped _______ Results of NDD after f-protect disinfected the same disk as above. SYSTEM AREA STATUS ----------------------------------------- No Errors in the System Area FILE STRUCTURE STATUS ----------------------------------------- No Errors in the File Structure SURFACE TEST STATUS ----------------------------------------- Surface Test not performed __________________________ Please note that in both cases where I used Clean my boot record, and disk table was invalid. Corrupt. If my disk had been bootable before I ran the disinfection programs on it, then only the disk disinfected with f-protect would have been bootable after disinfection. Paul Bradshaw Computing and Communications Services Guelph, Ontario Canada acdpaul@vm.uoguelph.ca ------------------------------ Date: Tue, 13 Oct 92 16:27:14 +0000 >From: lubkt@synergy.CC.Lehigh.EDU (Binod Taterway) Subject: Oliver virus ... (PC) Has anyone heard of Oliver virus? Apparantly, Channel 10 news (Philly, I guess) had a story on this politics-minded virus that it is supposed to trigger today (10/13) at Noon. Any info? - -- - - Binod Taterway Sr. User Consultant (LUCC) E-mail: bt00@Lehigh.EDU ------------------------------ Date: Sat, 10 Oct 92 00:15:47 +0000 >From: rslade@sfu.ca (Robert Slade) Subject: Re: A less virus prone architecture In theory, a machine with a strict division between program and data stores would certainly be less prone to viral attack. The "non-existence" of the mythical CMOS virus is an example. However, this separation would have other consequences. For example, compilation of source into object and then running the object would require an intermediate step. Certainly not an insurmountable obstacle, but inconvenient. And, the more convenient you made it, the more prone it would be to viral attack. Regarding Ken's note: yes, sorta and yes. A model has been made of his earlier analytical engine, but I doubt that any serious attempt will be made to build the difference engine. As I understand it, it requires several hectares of land and at least six steam engines. However a computer model has been made, and Ada's original program has finally been run on it (after some debugging). ============== Vancouver ROBERTS@decus.ca | "Is it plugged in?" Institute for Robert_Slade@sfu.ca | "I can't see." Research into rslade@cue.bc.ca | "Why not?" User p1@CyberStore.ca | "The power's off Security Canada V7K 2G6 | here." ------------------------------ Date: Tue, 13 Oct 92 08:05:16 -0400 >From: "David M. Chess" Subject: re: A less virus prone architecture > From: rjk@world.std.com (robert j kolker) > The question I put is this. Is a computer, in which the program is > stored in a totally separate memory space from data, less prone to > virus attack or not. > I would appreciate your opinions on this question. Well, I'd certainly be interested in reading a concrete proposal. The thing that makes viruses possible is not that programs and data occupy the same *memory* space in the way that we usually think about memory. It's that they occupy the same *storage* space. That is, it's not the RAM layout that matters, it's the disk layout. Conventional viruses are possible because programs are allowed to alter other (stored) programs. If that weren't possible, it'd certainly impact the spread of viruses. On the other hand, you couldn't run a compiler, save a spreadsheet macro, or even edit a BAT file! - - -- - David M. Chess | "Some look at the world as it is, and ask High Integrity Computing Lab | 'why?'. I look at the world as it is, IBM Watson Research | and say 'Hey, neat hack!'." - J. R. H. ------------------------------ Date: Sat, 10 Oct 92 17:25:55 +0000 >From: leonard@alexia.lis.uiuc.edu (Patt Leonard) Subject: software protection in libraries Cross-posted to PACS-L@uhupvm1.bitnet Public-Access Computer Systems and VIRUS-L@lehiibm1.bitnet As a class assignment, I started the following bibliography of works related to protecting library computer systems from viruses, trojan horses, etc.; for my own edification, I'd like to complete this list. I'm looking for works that are specifically about libraries, whether public or academic, and which describe either systems accessible to the public, or limited to use by the library staff. Please send me references for any titles you would recommend. If there is sufficient interest, I will post the revised bibliography to this list. Thank you. Patt Leonard leonard@alexia.lis.uiuc.edu Grad. Sch. of Lib. & Info. Sci., U. of Illinois at Urbana-Champaign * * * * * * * * *** * * * * * * * * Bibliography of works related to software protection in libraries -------------------------------------------- Aucoin, Roger F. "Computer Viruses: Checklist for Recovery," _Computers in Libraries_, (Feb. 1989): pp. 4, 6-7. Practical, step-by-step instructions for recovering from an infection on an IBM-compatible microcomputer, and making back-ups. Balas, Janet. "Telecommunications [column]: Computer Security Revisited," _Computers in Libraries_, (Feb. 1991): p. 34. Introduction to the National Computer Systems Laboratory Computer Security BBS, which is sponsored by the National Institute of Standards and Technology. Barry, Maria C. "Computer Viruses: Interview with Frederick Cohen," _Special Libraries_, vol. 81 (Fall 1990): pp. 365-7. Cohen is with Advanced Software Protection, Inc. Butzen, Frederick, and Francine Furler. "Computer Security: A Necessary Element of Integrated Information Systems," _Bulletin of the Medical Library Association_, vol. 74 (July 1986): pp. 210-16. Drewes, Jeanne. "Computers: Planning for Disaster," _Law Library Journal_, vol. 81, no. 1 (Winter 1989): pp. 103-116. Article is about recovery from natural disasters, such as fires and floods, but includes advice about making backups and storing them off-site. Includes bibliography on recovering from natural disasters. Flanders, Bruce. "Protecting the Vulnerable CD-ROM Workstation: Safe Computing in an Age of Computer Viruses," _CD-ROM Librarian_, vol. 7, no. 1 (Jan. 1992): pp. 26-29. Describes the Norton Anti-Virus and Central Point Anti-Virus programs for protection against DOS viruses. Helsing, Cheryl, Marianne Swanson, and Mary Anne Todd. "Computer User's Guide to the Protection of Information Resources," _Information Reports and Bibliographies_, vol. 20, no. 2 (1991): pp. 13-16. Jaffe, Lee. "Reader's Soapbox [column]: Libraries Without Walls," _Technicalities_, vol. 10, no. 9 (Sept. 1990): pp. 5-7. Article for the most part summarizes a discussion which took place on the PACS-L list in Spring 1990 about the dangers/merits of providing dial-up access to library OPACS. Some non-technical remarks about the danger of unauthorized access to and use of the computer on which the library OPAC (online public-access catalog) runs. Johnson, D. _The Future of Electronic Educational Networks: Some Ethical Issues_. ERIC, May 1991. 15 pg. (ED 332 689) Considers issues of privacy and equal access to information on computer networks; includes some discussion of viruses on networks. Author recommends increased security balanced with user needs in e-mail, academic library services, and international networks. Koga, James S. "Security and the PC-Based Public Workstation," _Online_, vol. 14, no. 5 (Sept. 1990): pp. 63-70. Erratum, vol. 15 (Jan. 1991). Concerned with computer crimes and microcomputers for public use. Lincoln, Alan Jay. "Computer Security," _Library & Archival Security_, vol. 11, no. 1 (1991): pp. 157-171. Primarily summarizes general computer security literature, with some emphasis on government publications in the field. Describes security threats, and measures to preserve security, such as educating system users, and preventing unauthorized access to hardware. Machalow, Robert. "Security for LOTUS Files," _Computers in Libraries_, vol. 9 (Feb. 1989). Primich, T. "Coping with Computer Viruses: General Discussion and Review of Symantec Anti-Virus for the Macintosh," _Library Software Review_, vol. 11, no. 2 (March 1992): pp. 9-12. Describes two viruses which affect Macintosh: Scores and n VIR B. Also describes the SAM Virus Clinic and SAM Intercept anti-virus programs, and their applications in libraries. Soon, Ang, and Detmar W. Straub. "Securing CD-ROMs and the Microcomputer Environment," _Laserdisk Professional_, vol. 2 (July 1989): pp. 18-23. Stover, Mark. "Issues in CD-ROM Security," _CD-ROM Librarian_, vol. 4, no. 6 (June 1989): pp. 16-20. Valauskas, Ed. "Viruses and the Role of Responsibility," _Library Workstation and PC Report_, (Jan. 1989): pp. 6-10. Concerned with Macintosh viruses. Includes bibliography of works on Mac viruses. Vasi, J. "Setting Up CD-ROM Work Areas. Part 2: Integrating CD-ROM Functions into Library Services," CD-ROM Professional_, vol. 5, no. 3 (May 1992): pp. 38-43. Discusses how to integrate CD-ROM functions into library services; includes some discussion of security issues. Wilkinson, David W. "CD-ROM Public Workstation Security: Reducing the Risk Factor," _Library Software Review_, vol. 10 (Nov./Dec. 1991): p. 407. Presented at the CIL Conference 1991. Wilkinson, David W. "Public CD-ROM Workstation Security: Contexts of Risk and Appropriate Responses," _CD-ROM Librarian_ (Jan. 1992): pp. 20-29. Describes measures taken at JFK Memorial Library, Calif. State Univ., Los Angeles, to secure the hardware and software of the CD-ROM end-user workstations, to protect against theft, piracy, misuse, and vandalism. Yerkey, A. Neil. "Password Protection for dBASE Applications," _Microcomputers for Information Management_, vol. 6, no. 1 (March, 1989): pp. 33-45. [From the abstract] "This paper discusses the differences between security and privacy, adn then describes several data security categories, such as physical protection of storage media, hardware-based system access control devices, DOS-level access control, function-specific password protection, and data encryption." "Unshielded Terminals Can Knock Out Security," _Library Journal_, vol. 110 (March 1, 1985): p. 30. "Viruses: No Small Pox" _OCLC Micro_, vol. 5, no. 1 (Feb. 1989): pp. 17, 28. Introduction to viruses and preventative measures, written for novices. Includes references to general computer virus literature. ------------------------------ Date: Sat, 10 Oct 92 00:22:30 +0000 >From: rslade@sfu.ca (Robert Slade) Subject: Re: driver's licence In article <0016.9210091201.AA28919@barnabas.cert.org> tyu@ecst.csuchico.edu ( ) writes: >I just got my California driver's licence, the new one with the >magnetic stripe on the back where an officer of the law can >see my whole life story in one stroke. >Strictly for information purpose only, is their any viruses >out there, that could infect the magnetic stripe on my >CA. licence? I could build a 'magnetic stripe read and write head.' >as long as it is legal in my state to do so. Nope, no, uh uh, wrong, won't work. Viral programs cannot infect swipe cards, ID cards or smart cards (at least, not until they get to be a whole lot smarter). These cards contain data only which is never interpretted as a program. Therefore, viral programs cannot "infect" and reproduce via that medium. See also CMOS. ============== Vancouver ROBERTS@decus.ca | "Don't buy a Institute for Robert_Slade@sfu.ca | computer." Research into rslade@cue.bc.ca | Jeff Richards' User p1@CyberStore.ca | First Law of Security Canada V7K 2G6 | Data Security ------------------------------ Date: Sat, 10 Oct 92 03:38:15 +0000 >From: habrams@nyx.cs.du.edu (Howard Abrams) Subject: Re: driver's licence tyu@ecst.csuchico.du ( ) writes: >Strictly for information purpose only, is their any viruses >out there, that could infect the magnetic stripe on my >CA. licence? I could build a 'magnetic stripe read and write head.' >as long as it is legal in my state to do so. As far as a virus goes.. doubtful... It most likely just contains some info on you and/or an Index to some information on you. It might be possible to 'infect' the computer by someother method that could 'erase' you from the computer. about the mag-stripe thingy.. I read about some guys that built one and re-incoded their credit cards with other peoples numbers.. >ps. I have no intention of breaking the law, state or fed. >nor do I advocate any body breaking law >This is for INFORMATION PURPOSE ONLY AND NOTHING ELES!! ^^^^^^^- SURE ------------------------------ End of VIRUS-L Digest [Volume 5 Issue 164] ****************************************** Downloaded From P-80 International Information Systems 304-744-2253