VIRUS-L Digest Tuesday, 29 Nov 1988 Volume 1 : Issue 24
Today's Topics:
Re: General virus query
RE: Auto-Configuring PC's
Attitude of Alvi brothers re: Brain virus (PC)
On the local front...
Free Virus booklet
RTM: Hacker or Hero?
---------------------------------------------------------------------------
Date: Tue, 29 Nov 88 10:05:19 EST
From: Joe McMahon <XRJDM%
[email protected]>
Subject: Re: General virus query
In response to Dave's question about viruses:
I don't collect viruses, and do not plan to do so. I distribute the
anti-viral software; my tale on it is that you don't want viruses around
at all, even if you know where they are.
- --- Joe M.
------------------------------
Date: TUE NOV 29, 1988 12.39.02 EST
From: "David A. Bader" <DAB3@LEHIGH>
Subject: RE: Auto-Configuring PC's
The IBM AT's (and clones) use CMOS ram to store information needed on
bootup (number of disk drives, type of hard disk, monitor type,
memory, etc.). If you remember a program from a while back, FluShot
Plus 1.2 (the latest version of FSP is 1.4, BTW.) had a problem doing
CMOS checking on AT's. It read the information in, but did not write
it back correctly, and thus, corrupted the memory. On the next bootup,
one could go crazy trying to figure out why the computer would not
find a hard disk, or something like that (I know I spent an hour in
shock.). Anyway, if this program could mistakenly do that, there is a
*fairly* good chance that a small little virus could do that also.
:-) *** PLEASE NOTE *** This problem with FluShot Plus has been
corrected in FSP version 1.4 .
David Bader
DAB3@LEHIGH
------------------------------
Date: Tue, 29 Nov 88 12:00 EDT
From: Stephen Tihor <
[email protected]>
Subject: Attitude of Alvi brothers re: Brain virus (PC)
> He created a 'virus', a self-replicating program that would 'infect'
> an unauthorised user's computer, disrupt his operations and force the
> user to contact Alvi for repairs. The Alvi brothers then started
> copying commercial programs and selling the 'bootleg' copies at a
> steep discount. Pakistani customers were sold clean, uncontaminated
> copies. However foreigners, particularly Americans, were sold 'virus'-
> ridden versions.
> ... "
This was discussed on RISKS a few weeks ago. The story there was that
Alvi sold bootleged copies of American Software since there is no
software copyright in Pakistan. But in a moral act when a foreigner
bought a copy planing to take it back to the States or the EEC (he
assumed) where it would be illegal he gave him a virus infected copy
since that was stealing the software. A very legal attitude.
------------------------------
Date: Tue, 29 Nov 88 10:29 MDT
From: "CARLA M. CALLAHAN, (303) 492-8176"
<CALLAHAN_C%
[email protected]>
Subject: On the local front...
I have been very interested in reading about the different viruses
that seem to be cropping up in different universities around the US
and Europe, but there is one element of all this that no one seems to
write to Virus-L about. Dealing with a virus technically is one
thing, but what about politically? When do different institutions,
after discovering that they have a virus, announce it to users? How
do you announce it? Do you find that pandemonium breaks out? How
up-front have you been with your local users about the viruses that
have been sighted in other locations other than your own?
These are difficult questions for us from a non-technical standpoint
because here at CU, we have a computing magazine and there is a lot of
debate about how much the users should be informed. Some staff think
that if you talk about viruses openly, you are inviting "copycat
viruses", or a panic from that section of the community that has less
understanding about what "having a virus" really means.
I would welcome your comments. Lord knows we could all use some
suggestions...
Carla Callahan callahan_c%
[email protected]
------------------------------
Date: Mon, 28 Nov 88 17:39:01 CST
From: "Mark S. Zinzow" <MARKZ@UIUCVMD>
Subject: Free Virus booklet
To: Virus Discussion List <VIRUS-L@LEHIIBM1>
This is from the November 23, 1988 issue of BUSS The Independant
Newsletter of Heath/Zenith Computers #157, p. 2.
Free Booklet on Computer Viruses
"A new booklent on computer viruses is availa-
ble free from Computer Security Institute. The
pocket-sized, eight-page booklet, 'A Manager's
Guide to Computer Viruses: Symptoms and
Safeguards,' is aimed at individuals with man-
agement responsibilty who are concerned
about protecting the organization's computer
systems.
"The booklet describes what computer
viruses are, how they operate, types of damage
they can cause to programs and data, and how
to detect their presence. It also discusses ways
of protecting against them--how to keep viruses
from infecting computer systems and how to get
them out if they are found. The booklet includes
a list of commercially available products de-
signed to detect, combat, and/or repair damage
caused by computer viruses.
"To obtain a copy of the booklet, write
Vanessa Gilmore at Computer Security Insti-
tute, 360 Church St., Northborough, MA 01532.
Important: Each request must include a self-ad-
dressed, business-size envelope with $0.25
postage affixed."
Although the newsletter bears no copyright notice, I will assuage
my guilt for quoting the article in its entirety with a personal
endorsement that I've read the newsletter for about five years
and have always found it full of little gems well worth the
subscription. Here is the publication info.:
BUSS
Published by Sextant Publishing Company
716 E Stree, S.E., Washington, DC 20003
Editor: Charles Floto, 202/544-0484
8 issues for $19 ($24 overseas)
16 issues for $29 ($40 overseas)
Published 16 times a year
Subscription Action Line: 202/544-0900
- -------Electronic Mail----------------------------U.S.
Mail--------------------
ARPA:
[email protected] Mark S. Zinzow, Research Programmer
BITNET:
[email protected] University of Illinois at Urbana-Champaign
CSNET: markz%
[email protected] Computing Services Office
"Oh drat these computers, they are 150 Digital Computer Laboratory
so naughty and complex I could 1304 West Springfield Ave.
just pinch them!" Marvin Martian Urbana, IL 61801-2987
USENET/uucp: {ihnp4,convex,pur-ee,cmcl2,seismo}!uiucdcs!uiucuxc!uiucuxe!zinzow
(Phone: (217) 244-1289 Office: CSOB 110) ihnp4!pyrchi/ \markz%uiucvmd
------------------------------
Date: Sat, 26 Nov 88 13:19:44 PST
From: pjs%
[email protected]
Subject: RTM: Hacker or Hero?
A few thoughts on the current "penalty debate":
"Homer W. Smith" <CTM@CORNELLC> writes:
>In fact
>we should give him the opportunity to help us prevent such occurances
>in the future and thus make amends to us and justify his existance to
>the rest of the world. [...] I vote for mercy with amends and community
>service.
Just a practical note here... the virus infected approx. 6,000 systems;
if we assume that it cost an average of 4 person-hours to decontaminate
and secure each system (ignoring subsidiary elective efforts such as the
decompiling, FBI investigation, etc), that's 24,000 hours of amends for
RTM, or 12 years of full-time work. A little steep, don't you think? :-)
The "he didn't do any damage, he did us a favor by pointing out holes
in our security" argument has a flaw. If someone exploits a bug in my
burglar alarm, doesn't steal or damage anything, but (closest parallel
I can think of to the RTM worm) fills every room with helium balloons
so that when I return I can't move around until I've taken them all
down, I don't think there would be much debate in a court of law that
the offender was guilty of burglary and some penalty would be imposed.
Not as great as it would be if there had been theft/damage, though.
Just because you know of a bug in my security doesn't mean you have to
exploit it to inform me of it.
[I'm sneakily avoiding revealing my actual opinion in the matter. I just
like to examine lines of reasoning.]
Peter Scott (pjs%
[email protected])
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253
