VIRUS-L Digest Monday, 28 Nov 1988 Volume 1 : Issue 21
Today's Topics:
local tv broadcast
Re: German laws on computer crime
Software on the LISTSERV (PC)
internet beating
How good is Virex? (Mac virus remover)
Virus History
Passing Viruses
---------------------------------------------------------------------------
Date: Mon, 28 Nov 88 14:58 EST
From: Mitchel Ludwig <
[email protected]>
Subject: local tv broadcast
Last Tuesday (Nov. 22, 1988), Loren Keim was interviewed by a
local (Bethlehem, PA) television station regarding the release of his
anti-virus packages. As someone fairly familiar with the workings of
some of the more popular packages, I was wondering if you would
enlighten us as to what, exactly, makes yours any better than the
rest, Loren?
I was particularly interested in the mention of the fact that,
by some type of key encryption, you expect each package to be
'different'. More specifically, I believe you made mention that if a
virus was able to penetrate the defenses offered by your package, it
would most probably be because of the encryption key used by that
particular user. You went on to say that this would not mean that the
same virus would be able to get by the same program if it were used
with a different key. Now forgive my possible ignorance, but it seems
to me that if a virus could bypass an encryption algorithm, the key
used wouldn't matter. It's possible that I misunderstood what was
said, it's even possible that what you (Loren) said is possible, but
if it is, then I'm in need of some serious enlightenment.
Additionally, (and finally... :-) you made mention of
anti-virus packages you plan on releasing for the larger machines.
I've done quite a bit of work on security on UN*X machines, and
without seriously restricting user privileges, I can't really seem to
come up with any real practical ways of securing a system beyond those
which the system already uses. As far as I've been able to tell, you
would have two choices available to you when setting up security
separate from that provided by the system. Either you would have to
set the particular security program readable to all (which sets us up
for problems) or give a user's login process momentary higher access
(which set us up for disaster...) Again, I may be mistaken, and if
so, enlightenment would be appreciated.
Anyone else have any ideas? Anyone else see the broadcast?
Anyone else know what I'm talking about?
Mitch
BITnet :
[email protected] Phonet : 215-861-2637
INTnet :
[email protected] Slonet : Box 72 Lehigh Univ.
UUCP : lehi3b15!rastro!mfl Bethlehem, PA 18015
------------------------------
Date: Fri, 25 Nov 88 10:34:56 +0100 (MEZ)
From: Otto Stolz +49 7531 88 2645 RZOTTO at DKNKURZ1
Subject: Re: German laws on computer crime
To: Cliff Stoll cliff at LBL
cc: Virus discussion list VIRUS-L at LEHIIBM1
In-Reply-To: Your message of Thu, 24 Nov 88 09:43:19 PST
Hello there!
The following remarks pertain only to the Federal Republic of Germany
(not to the German Democratic Reepublic) and are given under the proviso
that I'm no lawyer and hence may well overlook or misunderstand some
regulation.
> Is it true that under German law, an offense takes place only if files
> are erased?
No, this isn't true. According to +303a of German Criminal Code, he who
illegally CHANGES data (not necessarily in files, but on machine-readable
media, e.g. a boot sector, a FAT, ...) can be punished with 2 years
emprisonment. According to +303b, the same fact (and also physical
damage done to computer media or equipment) can by punished with up to
5 years, if the inflicted data-processing is essential for a company or
authority, other than the one the perpetrator is employed in.
These regulation enhance or qualify the usual +303 (damage to property).
> That it is not a violation to simply enter a computer and read infor-
> mation?
Though this situation is not covered by the above-mentioned rules, there
are many regulations in German law to handel particular cases falling
into this broad category. However, most of these regulations to not
apply specifically to computer-stored or -handeled data; normally they
apply to specific nature of the data, regardless wether they are stored
on magnetic media, written down on paper, or whispered into your ear.
Commercial secrets are protected by law against unfair competition.
These may neither be disclosed unauthorized, nor read by intrudors.
Also, trade-marks are protected: you may not e.g. use the Microsoft
Logo for your own programs, and you may even run into trouble, if you
imitate their menu-technique too closely. In such cases, it doesn't
matter, whether you actally copied the programs (menu) or data (logo)
from their computer, or developped them yourself. Cf. also patenting
law.
Artistic, scientific, and technical presentations are protected by
copyright law. As opposed to US regulations, there's no need to state
the copyright explicitly in the publication itself, nor to register the
opus somewhere. You only need to produce something sufficently new.
The law enforces that the original author be mentioned in copies,
citations, performances, and adaptions. The law generally forbids
unouthorized copies and performances (there are exceptions). Some
lawyers argue, that even the loading of a program or data from secondary
to primary storage (in due course of running, or displaying it, respec-
tively) constitutes an unauthorized copy. I think, this is ridiculous,
but you never know the outcome of a law suit, beforehand! However, I
reckon, the running of a program (e.g. a computer-game) may constitute
an unouthorized performance (similar to a video, a movie, or a piece
of music).
A broad class of protected data are "Data Related to (natural) Persons".
Many of those are protected by special regulations (e.g. professional
descretion of doctors, lawyers, or confessors; privacy of mail and other
communication). If you break into a computer of a hospital and read
patient's data, you will prosecuted according to the pertinent regula-
tions of criminal and/or social law; if you illegally read data (as
notes addressed to 3rd parties, or traffic-related data) from a Federal
Post-Office and Telecommunication Authorities' computer, you will be
prosecuted under "break of the tele-communication secret".
Data Related to Persons that do not qualify for special rules (as above)
are protected by the "Laws to Prevent Mis-Use of Person Related Data
during Data-Processing". There are several such laws, pertaining to
data-processing for private purposes (including companies) and by
various authorities (remarkably, the only area apparently not covered
by any such law is data-processing by churches and religious communities
for their own purposes). The maxim of these laws seems to be, that
processing of person-related data is generally forbidden, if not allowed
by some specific law, by consent of the person reffered to, or if the
data are evident (Beware: your name and address may well be evident, but
if they are to be put on some particular list it is not+all evident
that you should belong to this very list -- hence putting evident data
on particular lists or into files falls under these laws). According to
+41(1)2 of the Federal Law to Prevent ..., and similar Paragraphs in
the other laws mentioned, "he, who ... recalls person-related data, that
are not evident, or takes them from a collection that is enclosed in a
container, will be punished with imprisoning up to one year, or with a
fine".
You see, in German Law it doesn't matter whether you break into a com-
puter, or brake privacy in other respects: the regulations pertain to
the nature of the data not to the medium of recording.
> I have heard these rumors, but I do not know if they are true.
Please excuse any contribution from my side to mis-conseption in these
issues. As I have posted remarks to VIRUS-L which may have raised
these rumours, I send a copy of this note also there.
Best regards
Otto
------------------------------
Date: Mon, 28 Nov 1988 15:19:02 EST
From: Ken van Wyk <
[email protected]>
To: virus-l
Subject: Software on the LISTSERV (PC)
I just got some additional software for the LISTSERV file list (thanks
to David Bader) which is now available to all. The new files are:
FSP_14 UUE FluShot + version 1.4
CHKUP18 UUE Checkup version 1.8
TRAPDISK UUE Trapdisk version ???
DPROT102 UUE Disk Protect (?) version 1.02
As with all the files on our LISTSERV, these are free for the taking.
As such, they're on an as-is basis.
Ken
P.S. One of the local BITNET links has been unavailable for most of
the U.S. Thanksgiving weekend, so if you don't see your submission(s)
in this digest, they'll undoubtedly be coming along shortly since the
floodgate has just been opened... :-(
------------------------------
Date: Mon, 28 Nov 88 15:16 EST
From: Mitchel Ludwig <
[email protected]>
Subject: internet beating
In light of the recent slew of kill him/thank him messages
regarding the internet virus/worm/whatever, I would like to express my
opinions via the following quote taken from a Monty Python skit. The
quote is taken entirely out of context, and has no relevence
whatsoever (is that really a word?) but it will suffice to get my
point across...
"Oh Lord, we beseach thee. Prey tell us who croaked the
Bishop of Lestor..."
"He did it, the one in the red sweater."
"Right, arrest that man.."
"It's a fair cop, but society's to blame."
"Fine, we'll arrest them too."
Now, did I say irrelevent or what? But if you replace the
Bishop of Lestor with the word Internet, and the one in the red
sweater with our Internet whacker, we have an interesting parallel.
True there was a large waste of manpower... True there was a large
amount of downtime... But now that it's over let it be over. Think
of the extra time being wasted deciding whether or not he should be
knighted or damned for all eternity. After three weeks of virus-l
being monopolized by this sort of thing, it would be nice to start
seeing more about what's going on. If anyone has any *NEW* info
regarding what happened, I'd love to hear it, but reducing the list to
a browbeating session really isn't my idea of a good time. But that's
only my opinion...
Mitch
BITnet :
[email protected] Phonet : 215-861-2637
INTnet :
[email protected] Slonet : Box 72 Lehigh Univ.
UUCP : lehi3b15!rastro!mfl Bethlehem, PA 18015
------------------------------
Date: Mon, 28 Nov 88 09:43 EDT
From: "$CAROL@OBERLIN (BITNET)" <$CAROL@OBERLIN>
Subject: How good is Virex? (Mac virus remover)
Does anyone have experience yet with a program called "Virex" from HJC
software?
According to MacWEEK, it's supposed to remove nVIR, SCORES and Peace
viruses. They don't say if this includes system files. It's
described in their blurb as the "great grandchild" of Interferon and
sells for $99.95.
Responses to PRUSSELL@OBERLIN or to the list. Thanks.
------------------------------
Date: Sun, 27 Nov 88 13:43:53 EDT
From: John Planck <34TVIGX@CMUVM>
Subject: Virus History
Hello,
I am interested in doing a brief paper (5 pages) on the history
of computer viruses. If you know of any books or articles that
address the origin and pioneers of computer viruses I would very much
like to know of them. Thank You.
Regards,
John Planck
Acknowledge-To: <34TVIGX@CMUVM>
------------------------------
Date: Thu, 24 Nov 88 11:28 MDT
From: "David D. Grisham" <DAVE@UNMB>
Subject: Passing Viruses
We at UNM have been dealing with what appears to be
a mutated or modified version of nVir. As a result I have
had multiple requests for a 'copy' of the strain. All of
which I have filed for future action. In discussions with
my administration, it has been decided to NOT mail any
virus to anyone until- the local FBI office gives us an OK,
that the requestee has been confirmed as a legitimate researcher
for the firm s/he claims to be, and I get the time to send registered
mail to these individuals.
Question- what do others of you do with similar requests?
dave
*----------------------------------------------------------------------------*
| Dave Grisham |
| Senior Staff Consultant/Virus Security Phone (505) 277-8148 |
| Information Resource Center |
| Computer & Information Resources & Technology |
| University of New Mexico USENET
[email protected] |
| Albuquerque, New Mexico 87131 BITNET DAVE@UNMB |
*----------------------------------------------------------------------------*
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253
