VIRUS-L Digest             Tuesday, 18 Apr 1989         Volume 2 : Issue 92

Today's Topics:
hardware write locks
Review of THE COMPUTER VIRUS CRISIS
Amiga Floppy Write Protection
possible new VIRUS (PC)
The Laplink III Virus (PC)

---------------------------------------------------------------------------

Date:    Mon, 17 Apr 89 15:41:50 CDT
From:    "Len Levine" <[email protected]>
Subject: hardware write locks

>From:         Bruce Ide <[email protected]>
>
>If the virus needs to access the disk to spread why not have the
>computer manufactorers modify their HARDWARE slightly so that any disk
>writes are questioned? It would get irritating to users, true, but if
>you don't specify save and a write occurs, I expect it would be
>questioned and perhaps the user would even have enough sense to deny
>access... This idea as I have it now is very rough... With some
>polishing, it might be ok, but you've probably had ones like it
>before, and I could probably read all about it if I felt like digging
>through several years worth of archives :)

There are such products commercially available.  They permit tracks on
the hard disk to be markded as read-only, track by track.  Because of
the use of FAT, however, this requires that entire logical devices be
made read-only or read-write.  I have one such commercial device and
it works just fine.

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Leonard P. Levine               e-mail [email protected] |
| Professor, Computer Science             Office (414) 229-5170 |
| University of Wisconsin-Milwaukee       Home   (414) 962-4719 |
| Milwaukee, WI 53201 U.S.A.              Modem  (414) 962-6228 |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

------------------------------

Date:    Mon, 17 Apr 89 17:11:46 EST
From:    Mark Paulk <[email protected]>
Subject: Review of THE COMPUTER VIRUS CRISIS

The following review was done for IEEE Computer and may be of some
interest to the VIRUS-L readers. I have added some of my notes which
summarize the errors and misleading statements I saw in the book after
the review. If anyone notes any factual errors in the review, please
e-mail me, and I'll try to correct them before publication.

- - ------------------

THE COMPUTER VIRUS CRISIS
  Philip Fites, Peter Johnston, and Martin Kratz
  (Van Nostrand Reinhold, New York, NY, 1989, 171 pp.)

The objective of THE COMPUTER VIRUS CRISIS is to inform personal
computer users about the virus phenomenon. It is written for people
without in-depth technical backgrounds. THE COMPUTER VIRUS CRISIS
defines viruses, worms, and Trojan horses, and the types of thing that
viruses have and can to do computers. Famous viruses such as the
MacMag, nVir, and Brain viruses are described. High risk practices are
discussed, and "safe hex" practices recommended. Software for
preventing, detecting, and recovering from viruses is discussed, and
anti-viral software packages are listed, along with contacts for
obtaining the software.

I looked forward to reviewing this book. Computer viruses are a hot
topic.  Viruses have allegedly been written by 14-year-olds (the
HyperAvenger virus).  Approximately 350,000 Mac uses were reportedly
hit by the MacMag virus.  Unfortunately THE COMPUTER VIRUS CRISIS is
not the book that I want.

THE COMPUTER VIRUS CRISIS is aimed at a non-technical audience.
Schoolteachers, accountants, or managers may find it fascinating, but
for software professionals the technical content is minimal. As such
its value to a professional audience is small. The list of antiviral
software packages may be of value, but such a list quickly becomes
dated. One concern is the statement in some package descriptions that
"no indication is given in the documentation as to whether this is
freeware, shareware, or a commercial product." I have to feel that the
book was rather hastily put together if the status of the antiviral
packages is not available.

In reviewing the technical content of the book, I counted 18
statements that I considered misleading or erroneous. These errors
ranged from the fairly trivial to what I consider serious mistakes.
For a trivial example, Fred Cohen being credited as having coined the
term "virus." Len Adleman is generally credited with having coined the
term; Dr. Cohen is credited with doing the first serious research in
computer viruses.

A more serious example is the suggestion that you can be exposed to a
virus if you are on a net even if you practice "safe hex." While you
may be exposed to a worm program if your computer is networked,
viruses are not related to computer networks at all. A virus is a
program that reproduces by modifying existing programs and files. A
worm is a program that replicates itself through a network. The
distinction can blur at times, and the term virus has been misused in
the media so much that its technical meaning is seriously compromised
(the Internet worm was originally reported as the Internet virus).

Fites, Johnston, and Kratz define virus correctly in THE COMPUTER
VIRUS CRISIS, even pointing out that viruses need not be malicious (a
point frequently overlooked in today's turmoil). However, they state
that worms alter data and code whenever they can get access. Neither
viruses nor worms are inherently malicious. Shoch and Hupp's original
work with worms at Xerox PARC ("The Worm Programs - Early Experience
with a Distributed Computation," CACM, March, 1982, pp. 172-180) was
aimed at harnessing unused resources. Research in this area has
significant implications for parallel computing.

Fites, Johnston, and Kratz consult on computer security and legal
issues, and this bias leads to some interesting, if questionable,
statements. First, that most viruses spread through various violations
of copyright laws or licenses.  Second, that piracy has been a major
cause of a lot of problems, including buggy programs and vaporware
(the statement is also made that vaporware comes from releasing buggy
versions of program, but the definition in the glossary is correct).
Third, that games are specifically targeted by viruses. There is even
a brief discussion of security problems such as piggybacking
communication lines, traffic analysis, and the salami technique.

While I certainly would not wish to appear to condone software piracy,
viruses are eclectic in their attacks. They are just as happy to
attack a licensed spreadsheet program as a bootlegged game - and the
attack proceeds in the same manner. The only example of a specific
application being attacked that I am aware of is the ERIC and VULT
targeting by the Scores virus (ERIC and VULT were internal proprietary
trade secret developments at EDS that Scores checks for specifically).

THE COMPUTER VIRUS CRISIS reiterates one recommendation, however, that
I agree with wholeheartedly. "Backups are the single most important
action you can take to protect yourself against viral attack. They are
also the lowest cost."  Backups are vital even if you are never
infected by a virus. A disk crash can be much more damaging than a
virus.

In summary, THE COMPUTER VIRUS CRISIS appears to have been written
quickly. It has numerous inconsistencies and errors and is not written
for a technical audience. A non-technical audience, however, would
find the book of some value. A technical audience would find the
ongoing discussion on the VIRUS-L BITNET newsgroup, moderated by
Kenneth van Wyk of Lehigh University, of much more value until a
better book is written.

Mark C. Paulk
Software Engineering Institute

- - ----------------------------------------

Fred Cohen coined the term "virus" (5)

worms alter data and code whenever they can get access (6,155)

350,000 Mac uses were hit by the MacMag virus (9) basis?

exposed to virus if you are on a net even if you practice "safe hex" (11)

mainframes in different configurations even with same OS may not be very
vulnerable to virus (12)

Brain virus variation infecting Mac systems (30)

PLO virus infects Amiga systems (36)

anthropomorphic virus in example acting as worm (47)

virus may spread through e-mail (50)

IBM Christmas card was large high-res graphics picture (50)

viruses can hide in CMOS (60) misleading?

games are specifically targeted by viruses (77)

most viruses spread through various violations of copyright laws or
licenses (79)

virus can infect program during development (81) misleading?

vaporware comes from releasing buggy versions of program (84) def is
right (154)

piracy has been a major cause of a lot of problems, including buggy
programs and vaporware (85)

an original, non-bootable diskette ... there's no system on the
diskette to get infected (88)

some anti-viral packages: no indication is given in the documentation
as to whether this is freeware, shareware, or a commercial product
(143)

many viruses are also worms (155)

------------------------------

Date:     Tue, 18 Apr 89 4:14:57 EDT
From:     Sean Casey <sean%[email protected]>
Subject:  Amiga Floppy Write Protection

Someone stated a short while back that Amiga floppy disk write
protection could be disabled in software.

This is not true. The floppy disk drive hardware has a hardware write
interlock. There is absolutely positively no way in the universe to
write to an Amiga floppy drive if the disk is write-protected.

An Amiga floppy is 100% protected from attacking viruses if it's write
protected.

This information was posted a while back to the Usenet comp.sys.amiga
newsgroup by at least one Commodore-Amiga technical staff member, and
by Dale Luck, one of the original designers of the Amiga 1000.

Sean Casey

- --
***  Sean Casey                         [email protected], [email protected]
***  What, me worry?                    {backbone|rutgers|uunet}!ukma!sean
***  ``A computer network should be considerably faster than a slug.'' -Me

------------------------------

Date:     Tue, 18 Apr 89 10:42:03 PDT
From:     [email protected] (Rollo D. Rogers)
Subject:  possible new VIRUS (PC)

This is a new one on me. Do you know anything about this possible new
virus?  I have contacted the originator of this E-mail msg and asked
for more details.
- -------

Original-Date:    17 Apr 89 21:04:15 GMT
Original-From:    [email protected]
Original-Subject: DEN ZUK virus

HELP!!!

I work for a University Department called Computer Competency.  Just
recently we have been starting to be attacked by the DEN ZUK virus.
It seems to render the disk useless after re-booting a few times.  I
am sure that we are not the first place that this virus has hit, so I
will not discuss the details.

What I need is help on how to get rid of the virus.  Any program,
technique, anything would be helpful.  This is rather a timely
problem, so help as soon as possible would be appreciated.

The department has just about conquered Macintosh viruses, it would be
nice if we could stop the IBM viruses before they really get started.

   Thank you for any help.
       Jeff Scott
       Computer Competency Department
       Ball State University

------------------------------

From:    "Len Levine" <[email protected]>
Subject: The Laplink III Virus (PC)
Date:    Tue, 18 Apr 89 14:21:09 CDT

Quoted without permission.  The April 10 issue of InfoWorld on
Page 11 has a 1/4 page article titled:

              New Laplink Capable of Reproducing
 Viruslike Data-Transfer Programs Self-Replicate on Remote PCs
                      by Mark Brownstein

Hoping to prove that not all computer viruses are bad, a pair of
data-transfer programs that use viruslike, self-replicating code
to reproduce themselves on remote PCs is being prepared for
release later this year.

Laplink III from Traveling Software will be capable of
replicating itself onto another system, according to Mark Eppley,
president of Traveling Software.

The $139.95 software, which is designed to pass data between two
PCs, will be capable of detecting if a target computer does not
have Laplink installed.  If the system detects that the target
computer does not have Laplink, it will install the program and
initiate the data transfers.

[ ... material deleted about speed, shipdate, another system
called Fast Lynx from Rupp Corp. that uses a 7 conductor serial
cable, and phone numbers ... ]

I called Traveling Software at 1-800-343-8080 and asked to speak
to a technical person.  I identified myself as a University
Professor in Computer Science and asked "Does this permit me to
connect my laptop with a desktop PC showing the A> prompt and
have my laptop transfer Laplink III to the desktop."  She said:
(here I raise my hand in affirmation) "Yes it does."  I then
asked if it was necessary to turn either machine on.  She was not
sure.  I then asked to speak to a specialist.

The specialist had a different story.  She said that the
newspaper article had some errors.  She said that it was
necessary to run Laptop III on the laptop and to execute some
mode commands on the desktop and (as I remember it) a copy
command.  She said that the advantage of the Laptop software was
that it was not necessary to have a disk with you that fit the
desktop in order to mount the software on the pair.  I agreed
with the technique and with the advantage of using such a system.

We may rest easy.  This new software does not sneak down the wire
and infect your office machine.  For a moment there I was in
grave doubt.

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Leonard P. Levine               e-mail [email protected] |
| Professor, Computer Science             Office (414) 229-5170 |
| University of Wisconsin-Milwaukee       Home   (414) 962-4719 |
| Milwaukee, WI 53201 U.S.A.              Modem  (414) 962-6228 |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.