VIRUS-L Digest Monday, 28 Nov 1988 Volume 1 : Issue 22

VIRUS-L Digest Monday, 28 Nov 1988 Volume 1 : Issue 22

Today's Topics:
Survey Followup
Need for public file server
Security in NFS
Prosecution of Morris
new legislation
Re: Survey
VIRUSES AND PIRATES

---------------------------------------------------------------------------

Date: Sun, 27 Nov 88 13:54:29 EST
From: Ron Dawson <053330@UOTTAWA>
Subject: Survey Followup

Hello,

I would like to thank all of those that have so far filled out the
questionnaire that we have sent. I would also like to remind all those
that are still interested in participating to send their replies to
053330@UOTTAWA. If, for some reason, you have 'lost' your copy of the
questionnaire, just write us a note, and a new copy will be sent.
Thank You for your time.

- - Ron Dawson
Systems Science
University of Ottawa
[email protected]

------------------------------

Date: Sun, 27 Nov 88 16:59:29 EDT
From: Jean <SSAT@PACEVM>
Subject: Need for public file server

In the past few weeks it has become apparent that some source of files
ON DISK should be made available. What files you ask? Well to start
with compiled and properly operating copies of UUENCODE, UUDECODE,
DEBRAIN, FLUSHOT etc and perhaps the last archive file from virus-l.

This would make life simpler for a lot of people!If someone would take
the time to send me UUENCODE, UUDECODE, DEBRAIN and whatever else they
feel is appropriate on a 5 1/4 (360k or 1.2Mb) disk I would be happy
to copy them and make them available to anyone who needs them.

My mailing address is: Jean Coppola
Pace University - Wilcox Hall
861 Bedford Road
Pleasantville, New York 10570

------------------------------

Date: Mon, 28 Nov 88 12:45:24 MEZ
From: "Dr. Gregor Reich" <A8411DAA@AWIUNI11>
Subject: Security in NFS

SHERK @ UMDD has written some times ago (Oct 16th)
> A Network File System offers Unix
> style security for our users programs and data (i.e. a user can run
> a program from a execute only disk and still have read/write access
> to his data files on the server).

Is this really so ?? I have not so long ago looked at the SUN
NFS-documentation for PC's because we are trying to implement the same
thing (Unix Fileserver for PC's). As I understand it the "execute
only" mode is only if you are working on the UNIX-system with remote
login. If you try to execute programs on the PC than this file has to
have "read-only" permission. Has anyone experience with this sort of
things ? Information on this topics would be welcome.

Gregor Reich (A8411DAA @ AWIUNI11)
Institute for Analytical Chemistry University of Vienna

------------------------------

Date: Wed, 23 Nov 88 15:25:08 EST
From: Manfred Hartmann (STECS-DAC 2134) <[email protected]>
Subject: Prosecution of Morris

$20 million ??????????????????

Wow, for that kind of money, everyone should contribute and set
up a small prototype network, give all hackers access to it, post a
reward for anyone that can defeat its security, and as attempts are
made, make corrections to the real ARPANET software. Although it will
never make ARPANET totally secure, it would, over time, plug many of
the holes and give the hackers a challenge as well as a reward (both
recognition and possibly financial). Don't know if it would work--
something like that might be impossible to manage---just an idea.

Fred Hartmann
US Army Combat Systems Test Activity

------------------------------

Date: Sat, 26 Nov 88 16:37:56 EST
From: Don Alvarez <[email protected]>
Subject: new legislation

I'm writing this from memory, so I might not get it all exactly
right, but a friend of mine in the AI Lab just told me about a
new bill before congress. It's the "Computer Virus Eradication
Act of 1988 (89?)", and the author is Rep. Herger (R-California)
(us californians got to stick together). I think the number of
the bill is HR-5061, but don't hold me to that. Supposedly,
the bill calls for up to 10 years imprisonment for anyone who
knowingly releases a virus.

I should know more about the bill after
the holidays, and will keep you posted...

Don Alvarez
[email protected]

I gather this isn't the first thing Herger has done with respect
to viruses/etc., so hopefully the bill will make some sense.

------------------------------

From: Martin Ward <[email protected]>
Date: Thu, 24 Nov 88 11:52:58 GMT
Subject: Re: Survey

I think that my comments on Questions 4-10 may be of interest to others. I
believe that this part of the questonnaire is far too vague for the results
to be of any value. ( <-- contentious statement intended to provoke response!)
What do other people think?

Comments:
Questions 4-10: What am I comparing against? I may believe I have a lot of
knowledge, but there may be much more knowledge, the existance
of which I am not aware of! The three answers 1, 5 and 9
(none, some, expert) seem to cover all the possibilities,
does really mean that I know half of the total knowledge
in that catagory? Does an expert on viruses know "all there
is to know" about viruses? Or does the ability to write any
sort of virus automatically put you in the expert catagory?
If I can deal with half the known viruses (known to whom??)
does that make me half-way to being an expert? If I wrote
a nifty virus detector called KILLVIRUS do I rate myself
as an expert? If I have used KILLVIRUS successfully, where
do I rate myself? If I know where to find KILLVIRUS but
have never had to use it does that affect my rating?
If I have never heard of KILLVIRUS or any other virus-removing
programs how will I know how ignorant I am?

Martin.

My ARPANET address is: martin%[email protected]
JANET: [email protected] BITNET: martin%[email protected]
UUCP: ...!mcvax!ukc!easby!martin

------------------------------

Date: 28-NOV-1988 09:57:08 GMT
Subject: VIRUSES AND PIRATES
From: Olivier Crepin-Leblond <[email protected]>

The following is taken from the reader's letters page in the November 1988
issue of IEE Review (volume 34, number 10) published by the Institution
of Electrical Engineers (UK). I thought it might be interresting to
type it in...

">... The concept of an electronic 'virus' was foreseen by the computer
> pioneer John Von Neumann in 1949 in a paper titled 'Theory and organisation
> of complicated automata'.
> The staff of Bell Laboratories in 1959 played a bizarre recreational
> computer game, after hours, called 'STORE WARS' - a sort of electronic
> germ warfare.
> A terrible revenge was launched into the American computer world by
> Amjad Farooq Alvi, a graduate of Punjab University, a self-taught
> Computer expert, who in 1985 switched from repairing personal computers
> to producing customised software. To his dismay, it was copied and used
> without permission around his home city of Lahore in Pakistan.
> Copyright in Pakistan does not extend to computer software.
> He created a 'virus', a self-replicating program that would 'infect'
> an unauthorised user's computer, disrupt his operations and force the
> user to contact Alvi for repairs. The Alvi brothers then started
> copying commercial programs and selling the 'bootleg' copies at a
> steep discount. Pakistani customers were sold clean, uncontaminated
> copies. However foreigners, particularly Americans, were sold 'virus'-
> ridden versions.
> ... "

Can anybody confirm these events ?

Olivier Crepin-Leblond - [email protected]
Computer Systems and Electronics Eng. 2
King's College London
U.K.

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253