VIRUS-L Digest Wednesday, 30 Nov 1988 Volume 1 : Issue 26

VIRUS-L Digest Wednesday, 30 Nov 1988 Volume 1 : Issue 26

Today's Topics:
Re: More on Morris
Re: Zenith/hardcard problem response (PC)
Intro to concepts of virus
Re: Flushot. (PC)
RE: Hardcard vs. virus protection (PC)
re: Local TV broadcast
Re: Zenith/Hardcard problem (PC)
Availability of Internet Worm report

---------------------------------------------------------------------------

Date: Wed, 30 Nov 88 08:11:06 MST
From: Alan T. Krantz <[email protected]>
Subject: Re: More on Morris

Uh - I'm not sure where I'm suppose to send it - maybe you'd want to
read it. In this issue (#17) someone compared the act of Morris to
Union Carbide. I think there are a couple of differences. First,
Morris wasn't seeking any direct gains - at least not in terms that
can be quantified. Second, estimate of 'damage' are difficult to take.
Would a person (or persons) who was detained (or put to work) during
the Virus attack lost XXX time (would have been doing XXX time of
productive work)? While I admit that some damage was done and that
Morris should be punished - I think an issue as to what will be
accomplished by the punishment should be brought up. First, I don't
think that it will serve as a strong deterrent given the class of
people who commit crimes such as Morris. That is to say there seems to
be a different mentality involved here than say someone who plans to
embezzle money via a bank or corporation computer. (I'm not putting a
value judgement here - just trying to justify why I think punishment
won't be a strong deteriant). Second, will punishment reform Morris.
Well, I don't think sending him to jail will do much good. He appears
to have a bright future ahead of him (assuming he can continue at
Cornell) and he seems to be a benevolent sort. So, I guess the
question I have is what will be accomplished by sending him to prison
- - or what sort of punishment does the 'hang`em' crowd have in mind?
Personally, I'd like to see him do public service - maybe teaching at
a local high-school.

alan krantz

------------------------------

Date: Wed, 30 Nov 88 10:16:21 ECT
From: Ken Hoover <[email protected]>
Subject: Re: Zenith/hardcard problem response (PC)

In reply to the question about the Zenith PClone with the hard card:

I think it sounds like some kind of device driver problem. I
haven't worked directly with hard cards, but ask him if his hard card
has an installable driver (It would be in his CONFIG.SYS file) to
access it properly. If that's the case, then the driver would have to
be installed on his 2.11 diskette too.

- Ken Hoover

(UG) T.J. Watson School of Engineering
SUNY-Binghamton
Binghamton, NY.

[Ed. There are a couple proposed solutions to this problem in this
digest; I hope that it helps out. From the sound of things, this sort
of incompatability with the hardcard wouldn't provide much utility in
the form of virus protection.]

------------------------------

Date: Wed, 30 Nov 88 10:16:59 EST
From: "John P. McNeely" <JMCNEELY@UTCVM>
Subject: Intro to concepts of virus

Hello all,

I am new to the Virus community and was wondering if I could get a
little help from any willing people. I have read material about virus'
and some of the effects they have, but I have yet to find anything
which tells a person about the principles of how virus' are developed
and how they are destroyed. If anyone out there has a good definition
to all of this, I would really appreciate your insight.

Thanks,

John Mc. <MACII>
<JMCNEELY@UTCVM>

P.S. It would probably be best to send replies to me instead of to the
list, assuming everyone out there is an expert, they would just
get bored.

[Ed. There are a couple of books emerging which seem to be a pretty
good place to start, including Compute!'s book, "Computer Viruses",
which was mentioned in a recent VIRUS-L digest.]

------------------------------

Date: Wed, 30 Nov 88 10:39 EST
From: Ain't no livin' in a Perfect World. <KUMMER@XAVIER>
Subject: Re: Flushot. (PC)

> One question, does anyone have an opinion (from use, please!)
>on the reliability of FluShot+ 1.4 for the IBM PC and compats?

Here at Xavier University we use the flushot on all our DOS
disks that we check out to users and also on our self booting
hard-drive PC's, and so far, no viruses have shown up. So it would
seem to be effective.

Tom Kummer
Student Consultant, Xavier University, Cincinnati, OH.

------------------------------

Date: Wed, 30 Nov 88 09:52 MDT
From: GORDON_A%[email protected]
Subject: RE: Hardcard vs. virus protection (PC)

To Paul Coen regarding the hard-card being invisible to MS-DOS 2.11:

Any program can bypass DOS and read or write directly to any
device through BIOS calls. Thus it appears to me that the drive would
probably *NOT* be protected by booting with the floppy and DOS 2.11.
Furthermore, some soft- that will be testing may require DOS 3.xx or
higher to work.

Allen Gordon
University of Colorado
Boulder

------------------------------

Date: Wed, 30 Nov 88 13:59 EST
From: Mitchel Ludwig <[email protected]>
Subject: re: Local TV broadcast

To any and all who might have taken my previous message to
Loren as a flame, I apologize. It was not meant to be taken as such.
Although I should have known it would be taken that way by Loren, I
mistakenly assumed that a request for information about Loren's
anti-virus program would be taken as such.

Since I was wrong, I will change my request. When will your
program be released? THIS IS NOT TO BE TAKEN AS A REQUEST FOR
PURCHASE!! I know Ken's policy concerning sale of merchandise over
this medium and I don't want anyone to take this wrong. All I want to
know is the projected date of his pc version of Innoculator. I would
like to know this because I have been compiling some work involving
the various methods used by the different anti-viral programs that
exist and if Loren's is going to be showing up soon, I'd like to
include it in the list.

I hope that the program is going to be released before the end
of January, as the 31st of that month is when I need to have my list
compiled. You did mention that the program had been completed (I
think... Considering how inaccurate I was with my last posting I might
be wrong) and if so, it shouldn't be too long before it gets released?

Lastly, Loren, could you please throw your postings through a
spelling checker before sending them out. You turned what could have
otherwise been a very interesting message (your reply to me) into a
fight for comprehension.

Again, sorry if it seemed like I was attempting to start a
flame war. Unless your overly paranoid, I don't see how you could
take it that way.

Mitch

Disclaimer? I don't need one. No body takes me seriously anyway...

------------------------------

Date: Wed, 30 Nov 1988 15:52 EST
From: Wim Bonner <[email protected]>
Subject: Re: Zenith/Hardcard problem (PC)

|From: Paul Coen <PCOEN@DRUNIVAC>

| Also, a friend of mine has a hard card, on a Zenith Z-157
| (100% PC compatable, supposidly). Using DOS 3.2, he can access his
| card. However, if he puts a floppy in drive A and boots off of it
| instead of the card, and the disk has the MS-DOS 2.11 system, it
| doesn't know that his card is there...anyone trying to do anything
| with drive c: is told that it is an invalid drive specification. Two
| questions: Why? and Can this be used to protect his hard card while

The probable reason that the disk cannot be accessed is taht under dos
2.xx disks larger than 10meg must have 4k clusters. The partition
table tells what type of partitions are on the disk. A 3.xx or 4.xx
disk has a different type specified in the partition table, and so Dos
2.xx will not recognize the partition as being a dos partition. It is
Still possible for a program to attack the disk, but much less likely.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- -=-=-=-=-=-=-=-=-=- 10,000 Lemmings can't be wrong! -=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Wim Bonner Bitnet:27313853@WSUVM1 Compuserve:72561,3135 (King-Rat)
The Loft - (509)335-7407 - 300/1200/2400 - 24hrs/day - PCboard 12.1/d
Acknowledge-To: <27313853@WSUVM1>

------------------------------

Date: Wed, 30 Nov 1988 16:46:13 EST
From: Ken van Wyk <[email protected]>
Subject: Availability of Internet Worm report

Gene Spafford of Purdue University has made available a very thorough
report on the recent Internet Worm, for which we all owe Gene a
wholehearted thank you. It was originally available by anonymous FTP
from a machine at Purdue, but they quickly got swamped with FTP
requests. I was one of the lucky individuals who got the file before
their machine went down, and I'd like to make it available to our
VIRUS-L readers. There's a problem, though, the file that I have is a
very large PostScript file. So, you would need a PostScript printer
to create anything readable from it (surely everyone has a PS
printer?...), and distribution via the LISTSERV would create problems
on BITNET since the file is larger than the maximum allowable (300,000
character) limit on BITNET. Sure, it can be broken into several
pieces, but I'd rather not.

If anyone can offer a reliable anonymous FTP site, that would probably
be the best solution. Ideas, comments, suggestions?

Of course, this could all be moot if interest in the worm has died...

Ken

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253