VIRUS-L Digest            Wednesday, 16 Nov 1988        Volume 1 : Issue 11

Today's Topics:
Ye Compleat Vyrusse
Request for info on CHRISTMA EXEC (IBM mainframe VM/CMS)
Re: 1-Header problems, 2-Nightline broadcast, 3-Computer Virus Book
Working with the press
Re:  1) "Great hackers...." 2) Viruses in military computers

---------------------------------------------------------------------------

Date:         Wed, 16 Nov 88 09:34:45 EST
From:         Sean T Montgomery <STMONTG@PUCC>
Subject:      Ye Compleat Vyrusse

I'm only a recent subscriber, so please bear with me if this has been
discussed into the ground.  I would be interested in receiving as
complete a list as possible of microcomputer (preferably Macintosh)
"anti-viral" programs, and/or a list of servers or persons who have
these programs available thru E-mail.  I would like to have a copy for
my own sake, and also for sending to people who show up on one net or
another saying "Help!!! I've got a virus!!! What do I do!!!"  Case in
point: nVIR can be removed a number of ways, some simpler than others
(the KillVirus INIT seems to beat everything else). I'd like to find
out what other virus killers/protectors are best for other situations.
Thanks.

------------------------------

Date: 16 November 1988, 10:05:17 EST
From: David M. Chess                                 CHESS    at YKTVMV
Subject: Request for info on CHRISTMA EXEC (IBM mainframe VM/CMS)

How time flies!  *8) It was actually last December (around Christmas
time, for some reason).  There is pretty extensive discussion in RISKS
DIGEST around that time.  No need to restate it all here, I suspect?
DC

------------------------------

From: J. D. Abolins <OJA@NCCIBM1>
Date: 16 Nov 88
Subject: Re: 1-Header problems, 2-Nightline broadcast, 3-Computer Virus Book

1) I was the one who has passed on the computer security info request
  Liisa R. Before this list was digested, my messages would get a
  header somewhere along the line, now they don't. So I'll remember to
  enter manual "headers".

[Ed. Sorry for the confusion there.  I don't know why your mailer
didn't send out a proper header...]

2) I also saw the ABC TV NIGHTLINE broadcast. I am formulating a letter
  with comments to send to Mr. Kopple, Fred Cohen, Steve Wozniak, and
  Mr. Sherezin. The comments are basically-
  A. Thanks for the broadcast and its coverage of computer viruses
  B. Comments in an attempt to wade through the cross-communications
     that ensued.
  C. An outline of issues related for computer viruses.

  While it will most likely have little impact, it's worth a try.

  I keep in mind that the interviewees faced several challenges that
  I and other viewers don't have- a late hour interview (for Fred Cohen
  and Mr. Sherezin), interview via separate satelite hookups, and the
  time constraints of a live TV interview.

  For those who didn't see the program, let me describe the debate or
  cross-communications that occured. Ted Koppel, the interviewer,
  asked the interviewees about the risks of computer viruses.
  Unfortunately, Mr. Koppel's question used the scenario of a "hacker"
  using a virus in a bank's computer system to extract money from
  other people's accounts and place into his/her own account. Steve
  Wozniak, a long-time advocate of free-wheeling computer creativity,
  protested that the risk was practically non-existant, that computer
  fund theft cases have almost always been comitted by insiders, and
  that banks have extensive security and auditing sageguards. Fred
  Cohen countered Steve Wozniak's claims by emphasizing that the
  safeguards are not 100% effective and that computer viruses pose a
  real threat. After several volleys between the two men along these
  lines of thought, Fred Cohen claimed that Steve Wozniak was making
  his claims of low risks because he has an affinity for the "hackers"
  and their mindset.

Knowing Fred Cohen's work, at least in part, I understood what he was
  driving at. But many viewers may have gotten lost in the debate
  between Fred Cohen and Steve Wozniak. As said before, the risks of
  computer viruses was presented wrapped in a poor scenario. Also the
  terminology could have been better defined by ABC TV. The term
  computer virus was defined much too broadly. Also, the term "hacker"
  has too many connotations for safe use, especially with the
  diverse backgrounds of the interviewees. (This is a lesson I am
  keeping in mind for my articles.) To some, like Mr. Wozniak,
  "hacker" means a creative, inquisitive programmer who MAY be
  mischevious and wanton. To others, a "hacker" is DEFINITELY a
  programmer who engages in illicit and illegal activities.
  (Also remember that Apple Computers, co-founded by Mr. Wozniak,
  thrived on the "hackers" of Mr. Wozniak's definition.)

  With the bank fund transfer scenario, one of its problems is that
  it is not a typical form of virus impact or design goal. Mr.
  Wozniak was right about bank computer fraud; it has been done
  with at least the help of insiders and the programs were not viruses.
  THey may be Trojans, worms, or simply modifications to exisitng
  software (as in the "salami slicing" technique.)Someone during
  the broadcast alluded to the "Fort Worth, TX" case (the Burleson
  case) as an example of a virus used for banking computer fraud.
  Quite inaccurate, but understanble statement since the definitions
  were not pinned down. (Plus,I am lot more finicky about the
  definitions than most people who report the computer cases to the
  public. It seems that the reporters and even the computer specialists
  will lump other harmful programs with viruses. Perhaps, it is done
  so not to "confuse the viewers/readers with too many terms"; plus
  the term virus is very catchy.)

The more common forms of virus damage and design goals include
  general disruption of systems, subtle tampering that may reduce
  the percieved trustworthiness of computer systems,economic
  dissipation, and electronic flagging of one's "accomplishment"
  (as wanton as it is.)

With what I've said, I want to emphasize that I am not flaming
  Ted Koppel either. He admitted in the broadcast that he is not
  at all familar with computers. Mostly likely, he got a ten or
  fifteen minute briefing before the show.

3) I've started reading the COMPUTER VIRUS book (from COMPUTE!
  Book Publications, copyright 1988, price about $16 US.)
  It seems to be a good general introduction to the subject
  writen for average computerist. It covers MS-DOS, Mac, Amiga,
  and, to some degree, Atari ST computer viruses.

  Case histories are given. (The Hebrew University case was
  adequated treated without the sensationalism of some other
  accounts.)A sensible list of preventative measures are given.
  (I can recognize some of Pam Kane's contributions here.) Plus
  an overview of anti-virual software.

  The only "minus" comment is the cover artwork. This is a matter
  of differences in taste. So don't judge the book by its cover.
  (Nor a posting by its length. (: -)

------------------------------

Date: Wed, 16 Nov 88 12:16:52 CDT
From: Len Levine <[email protected]>
Subject: Working with the press

With respect to the Nightline interview, I would like to say this.  I
have been interviewed by the press several times in the past and
during this episode I was interviewed for many hours by several local
reporters.

I worked for two hours with each of two Television reporters with
cameras on for all of that time.  What resulted was a one sentence
live shot taken from a two hour interval on each station.  Some of my
comments were used by the reporter and, as luck would have it, were
taken correctly and in context.  The sessions went well.

Two days later, I was on the phone for an afternoon with a reporter
from the Sunday Milwaukee Journal.  The result was about 1/4 page with
my interview handled well.

Finally, a few days later, quite an expert now, I was interviewed live
on the radio (local talk show) for 20 minutes with a commercial break
in the middle.

People who saw the shows and read the paper said that I was treated
fairly and that the reports came off well.

Some advice:

1.  Spend a good deal of time with the press.  If you have not done so
before, teach them all about the issues, they want to learn and,
professionally, pick things up quickly.  If you are off the air, get
them to explain back to you what they heard and correct them if they
get it wrong.

2.  News reporters are alarmist by nature.  DOWNPLAY the news.  They
will pick up the most provocative remark you make.  Find a way of
discussing what you have to say in a quiet, amusing fashion, they will
use that.  Be careful and say nothing on camera that is wrong, even
when taken out of context.  (Very hard to do.)

3.  Spell your name to them.  Spell out the jargon words and explain
them.  Clarity is next to godliness.

Just some advise from a TV star.

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Leonard P. Levine               e-mail [email protected] |
| Professor, Computer Science             Office (414) 229-5170 |
| University of Wisconsin-Milwaukee       Home   (414) 962-4719 |
| Milwaukee, WI 53201 U.S.A.              Modem  (414) 962-6228 |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

------------------------------

From: J. D. Abolins <OJA@NCCIBM1>
Date: 16 Nov 88
Subject: Re:  1) "Great hackers...." 2) Viruses in military computers

1) A recent message included the statement "Great hackers go to
have balls." Hmmm.... does that limit "hacking" to males or do
hackers purchase golf balls, basketballs, footballs, etc. from
a sporting goods shop?

On the serious side, there wase an article posted few months ago
comparing the "tracker" against the "intruder". It pointed out that
there are many character differences between the two. That article
made many good points. Also, I recollect a comment by Don Parker
against the hiring of "hackers" (the illicit/illegal variety) in the
computer security field.

The publicized hiring of "intruders" would give the message that "one
good break-inis worth a thousand resumes in the mail."for job-seeking
computerists.

Of course, there are companies and other potential employers who have
a very different set of scruples or none at all. "He's brilliant!
He's a genius! And he will stop at nothing to get his goals! Perfect
for the job!" As Charles Colson of Watergate fame expressed, he would
have run over his mother with an automobile for the sake of Richard
Nixon.

2) Military computer virus threat: There have been several studies of
the potential hazards of viruses for military computers. I have no
special access to the results, so I am speaking from conjecture and a
mosaic of informtion.

It must be remembered that many military computer systems, especially
th e tatical combat types, are not the everyday PC's and Mac's. Many
are drastical different in hardware and software from the
multi-functional civilian systems including the ones used for military
administrative tasks- word processing, quartermaster inventories, etc.
They are not linked to each other in the conventional sense, so a
virus would not spread easily. So systems may use radio linking for
various functions, but the links are nowhere as wide open as that of
civilian links.  The introduction of a virus into a tactical system
would require either an insider or the infection of the systems used
to make or maintain the tactical system.

The way the military tactical computers interpret files would in many
cases require a virus designed specifically for them.

Drills may spot virus caused damage in some cases, should it happen.
Unless designed specificlally otherwise, I guess most viruses that
get into a tactical combat system would either do nothing or cause
a system crash. Usually, it should not fire off anything, unless the
system was a restraining system designed to fire in case of failure.

I have focused on tactical systems, such as the one used for artillery
solutions, the naval combat systems such as the ones made by Elbit,
the computers used for aircraft weapons systems and EW ( which are
very specialized processors and not full functionality computers),
etc. The situation with strategic systems is another story. They are
are likely to use full-functionaility systems, including ones of common
make. Using common types of computers increases the virus risk because
accidental infection from the general computing community is more
likely.

A variation of the virus hazard.... the scenarios revolve around a
virus affecting a military fire-control system so that it launches.
Yet a more likely virus impact can occur before the weapons system
makes it to production. Imagine if the CAD/CAM or CASE tools of a
goverment contractor were affected, especially with a subtle acting
code that skewed values ramdonly or specifically. The results can range
from delays and cost overruns to failure in the field.

Another variation, based on the action of many known viruses, the
virus (or Trojan code) catastrophically damages the programs used by
a military computer. Possible results, an artilery battery is suddenly
unable to obtain solutions via computer, a forward-sweep wing fighter
loses control, etc. But these are would have to custom designed
programs and are notlikely to occur.

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.