VIRUS-L Digest             Tuesday, 29 Nov 1988         Volume 1 : Issue 23

Today's Topics:
More on nVIR (MacIntosh)
MORRIS BROKE THE LAW?
Local News Program with Loren Keim
general virus query
Auto-configuring PCs
How do you remove nVir from hard disk? (MacIntosh)
Warning init available (MacIntosh)

---------------------------------------------------------------------------

Date: Fri, 25 Nov 88 08:18 EDT
From: "$CAROL@OBERLIN (BITNET)" <$CAROL%[email protected]>
Subject:   More on nVIR (MacIntosh)

We had a chance to try out various virus detection programs today on
an infected SE hard disk.  Some expected and unexpected results:

VirusRX (Apple's own detection program) does NOT detect the nVIR
virus.  Interferon 3.0 and VirusDetective both caught it.  nVIR
Vaccine removed it successfully from an infected MacWrite application,
but had no effect on system files.

While checking some of the user's floppy disks for infection, I
discovered that Interferon is unable to examine MFS disks. Virus
Detective gave the same disk a clean bill of health.  Should I assume
the disk is virus-free?

By the way, this virus arrived here via "shared" (read pirated)
software from another college.

Robin Russell
Oberlin College Computing Center
prussell@oberlin

------------------------------

Date:         Fri, 25 Nov 88 18:39:58 CST
From:         John Boncek <MMBONC@LSUVM>
Subject:      MORRIS BROKE THE LAW?

A number of folks have written in indicating that "MORRIS BROKE THE LAW"
by spreading his virus on the internet.  some points to consider:

(1) the federal government hasn't brought criminal charges against morris
   yet;  the question whether "MORRIS BROKE THE LAW" is open until
   resolved by a jury!

(2) AS I understand the current federal statute, both criminal intent
   and actual damage must be proved in order to sustain a conviction.
   It may be difficult for a government prosecutor to prove both
   beyond a reasonable doubt.  (On the issue of "actual damages" ...
   consider the case where a user inadvertently causes havoc on a system;
   or the case where the operating system itself is damaged.  Doesn't
   the computer center allocate the same programmer hours and computer
   cycles to the task of correcting the problem??  What makes the appearance
   of a virus different from any other problem occurring on a system??)

   Also remember that the government must
   prove, beyond a reasonable doubt, that it was MORRIS, and not
   someone else, who actually committed the acts in question.
   There is a whole lot of circumstantial evidence ..
   the FBI has impounded tapes, disks, etc. from CORNELL; a number of
   morris' friends have been talking to the newspapers .. but no one
   (as far as I know) actually saw him doing anything......

   I strongly suspect that the government will offer morris a deal
   (e.g. a plea bargain to some misdemeanor) rather than risk having
   him win an acquittal on the felony charges.

(3) As to civil charges....In an action in tort, most american courts
   allow recovery for damages "proximately caused" by someone's action;
   intent is generally not an issue.  Assuming that someone can prove that
   it was morris who caused the virus to propagate, and that actual
   damages occurred, civil damages could be awarded.

   The more interesting question in the civil case is jurisdiction.
   Again assuming that Morris propagated the virus:

         - Morris is a resident of Maryland
         - Morris was physically present in New York
         - The virus was apparently propagated from a computer in
           massachusetts
         - "damages" occurred in a number of states (New York, New
           mexico, california, illinois, massachusetts, etc.)

   Where can an action against morris be brought?  Whose law applies?
   For example, morris was physically present in new york, but propagated
   apparently propagated the virus from massachusetts.  Did his "act"
   occur in New York or in Massachusetts?  Is his "presence" in
   massachusetts sufficient to give the massachusetts courts jurisdiction?
   Who has jurisdiction over (say) New mexico damages?  Morris' only presence
   there was by electronic mail!

   Also consider...let's assume that someone argues that morris "negligently"
   caused him damage.  Can morris counterargue that using Berkeley unix 4.3
   with "known security flaws" was also a negligent act, offsetting his
   liability for damage????  Consider whether researchers can sue their own
   computer centers for negligence in not protecting their systems from
   infection from a virus!!!!!

Egads!

------------------------------

Date:     MON NOV 28, 1988 20.07.09 EST
From:     "Loren K Keim   -- Lehigh University" <LKK0@LEHIGH>
Subject:  Local News Program with Loren Keim

Well, Mitch, its quite a while since we last heard from you.
Please, please, lets not start annother bitter war of flames
back and forth here.

Actually, you've either read a LOT into that TV interview,
or your read one or two of our reviews in the other magazines
I've been in recently.  A transcript of the TV interview
follows:"

Keim:  "Well, we've seen a school in Israel lose 7000 hours of
  research and thats a lot of research, we've seen lots of
  companies lose money, we've seen a lot of records wiped out,
  we've seen a company in Germany whose research was actually
  stolen.  The computer actually, the virus attacked, gathered up the
  research , called up another computer and mailed it out."

Reporter:  "Computer expert Loren Keim has worked to stop some of the
  peskiest computer viruses and he thinks that he nad his associates
  can develop software that will hlep to shield both large and
  small systems from viruses.

Keim:  "We figure out how viruses work, how they propagate, how
  they possibly CAN propagate, and we find any hole s that
  exist in a companies current computer security program and
  we plug these holes."

Reporter:  "Keim is getting ready to market a liine of
  comprehensive computer antiviral programs.  A different program
  must be written for each system and although, keim says, there
  are already antiviral programs on the market.

Keim:  "We have found easy ways around packages that we have s
  tested so far"

Rep:   "Oh"

Keim:  "Our program is written to watch for something to try and
   get around it, and it will stop tht."

Reporter:  "Keim says that he and his associates have 5 antivirus
   programs.  They've tested them against many viruses and stopeed
   them all."

- -----  [end]

As for our Unix package, it is not currently available, it is
in the works.   We have two separate Unix ideas we are working
on, and I think the second idea is excellent.  We discussed it
at length at the COmputer Virus conference, since you are local
to this area, you should have stopped in.

If anyone wishes detailed information about any of our packages
(Outlines for PC, Unix, VM/CMS/, VMS, and Mac are availabe upon
request), please write to eme.  (This is not a sales pitch).  But
I warn you that I will not go into exacting technical detail as
to how certain things work.  We like to call them trade secrets,
you'll have to completely dissassemble our packages to do that.

As for key encoded algorithms.   What I simply said (not ot
the press you mentioned though) was that our PC version
will allow for keys, random keys which will change the program
oin some ways from copy to copy.  In effect, efvery copy of
teh program will be slightly different, thus helping to
ensure that the program won't be broken.  However, this
is just one single level of defense isn a multi level system.

I hesitate to saytoo much because I don't wan t to be though
of as trying to "sell" m this package on the net.   I honestly
feel it will be the s best package available.  I really do.
Its effective, it doesn't clutter up the screen with
garbage, it doesn't require a special user interface.

Again, please forgive me if this sounds like I'm selling.

Loren Keim

------------------------------

Date:    Mon, 28 Nov 1988  22:13 EDT
From:    34EVEKA@CMUVM
Subject: general virus query

Hello there,
My name is John Lennon (no lie) and I'm a student a Central Michigan Univ.
and I have a question about viruses.
- ----If I have received a virus by mail how can I receive info about this
   particular virus.-----

------------------------------

Date:         Mon, 28 Nov 88 22:02:49 CST
From:         James Ford <JFORD1@UA1VM>
Subject:      Auto-configuring PCs

Most computers now have auto-configuring at bootup (ie, no more dip
switches to set for memory, drives, etc).  Can a program change this
configuration?  If so, what possible hardware damage could a virus or
trojan cause to your computer system by changing these values?

                      James

------------------------------

Date:     Mon, 28 Nov 88 18:44 EST
From:     "Back off man, I'm a scientist..." <FRANK@LOYVAX>
Subject:  How do you remove nVir from hard disk? (MacIntosh)

Hi y'all,

    My boss came in the lab a few ago, and said "Hey Frank, you had a
virus on your computer last year?  How did you fix it?"  I told her i
did a low-level format on my XT.  (At this point a frown came to her
face) Anyway, the point of this is that a friend of hers managed to
catch nVir on his PC.  Of course, he doesn't have any backups, and has
four years worth of work that can't be easily replicated.  Does anyone
know if it is possible to disinfect a hard drive contaminated with
nVir?


                         Thanks a lot,

                               Frank Gauthier
                               Academic Computing Serices
                               Loyola College, Baltimore.



P.S.  This could definitely be worth a serious Christmas bonus.  :-)

[Ed. Take a look at the next message...]

------------------------------

Date: Mon, 28 Nov 1988 22:06:20 PST
From: William Lipa <[email protected]>
Subject: Warning init available (MacIntosh)

I have written an init for use on Macintosh computers which checks for
the presence of the nVIR and Scores viruses each time you start the
system. If it finds an infected System, the user is presented with an
alert which describes the situation. One can Shut Down, Continue, or
(eventually) Repair the disk.

The program is designed to be transparent in use so that it is
suitable for novice users. Just throw it in your System Folder and
forget about it (unless you have a virus, that is). It does not yet
provide the same level of protection as Vaccine, however. It is for
those people who do not want to deal with a more technical defense
against viruses but who want some warning before all their
applications get infected.

I'll send it to whomever requests a copy.

Bill Lipa

Bitnet: lipa%polya@stanford
Arpanet: [email protected]

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.