VIRUS-L Digest   Tuesday, 16 Jan 1990    Volume 3 : Issue 12

Today's Topics:

Re: Shrink-Wrapped Software
Some more thoughts on shrink-wrapped software...
Re: RE: Shrink wrap...still safe?
Protecting software from contaminatation
AFD Listserv that has SCANVx.arc (PC)
Internet worm writer to go to trial Jan 16th. (Internet)
WDEF in Ireland (Mac)
Re: Shrink-Wrapped Software
Biological analogy source requested

VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed.  Contributions should be relevant, concise,
polite, etc., and sent to [email protected] (that's
LEHIIBM1.BITNET for BITNET folks).  Information on accessing
anti-virus, document, and back-issue archives is distributed
periodically on the list.  Administrative mail (comments, suggestions,
and so forth) should be sent to me at: [email protected].
- Ken van Wyk

---------------------------------------------------------------------------

Date:    Mon, 15 Jan 90 08:33:19 -0500
From:    Brian Piersel <[email protected]>
Subject: Re: Shrink-Wrapped Software

On Sun, 14 Jan 90 18:02:00 -0500 <[email protected]> said:
>Vendors can help by using labelled shrink-wrap.  To the extent that
>users come to expect such labelling, the re-wrap strategy becomes less
>effective and efficient for the retailer.  Users can protect themselves
>and discourage this risky practice by refusing to deal with retailers
>that offer them the right to return.

Another way vendors can help is to sell software on write-protected
diskettes. I always (or almost always) write-protect the master
diskette before putting it in the disk drive, to insure that nothing
happens to my original, anyways. This would also prevent the disk
from being infected.

+----------------------------------------------+
|  Brian Piersel                               |
+----------------------------------------------+
| BITNET:  SPBK09@SDNET                        |
| INTERNET:  SPBK09%[email protected] |
+----------------------------------------------+
| IBM = Itty Bitty Machine                     |
+----------------------------------------------+

------------------------------

Date:    Mon, 15 Jan 90 12:00:43 -0500
From:    [email protected] (David Gursky)
Subject: Some more thoughts on shrink-wrapped software...

What is really most amazing about the problem of a potential vandal infecting
a commercial application, and returning it to an unsuspecting vendor is the
ease with which the vendor can detect the problem.  Consider the following
scenario:

1 -- An application is returned to a vendor.

2 -- Proof of purchase is produced, vendor agrees to accept product, but does
    not yet refund purchase price.

3 -- A second copy of the shrink-wrapped application is removed from the
    shelf.

4 -- The disk(s) from the returned copy are then byte-by-byte compared against
    the disk(s) in the shelf copy from step 3.

5 -- If no major changes are found (some users still run the applications
    straight off the master disk, and some of those applications modify them-
    selves in some minor fashion), the consumer's money is then (and only
    then!) refunded.

    If major problems are found, perhaps only a portion of the purchase price
    is refunded, or none at all, depending on how the store wishes to actually
    implement the procedure.

Likewise, an office that purchases multiple copies of an application can
perform a similar function on incoming shrink-wrapped software.  A direct copy
(especially when done at a machine that is "clean") should be very effective
at uncovering vandalized software.

------------------------------

Date:    15 Jan 90 16:42:17 +0000
From:    [email protected] (Leonard P Levine)
Subject: Re: RE: Shrink wrap...still safe?

Many vendors are now selling software on un-notched disks.  My most
recent copy of wordstar, my copy of spinrite and even one shareware
product have come to me on disks that cannot be written to except with
modified computer hardware.

Such software can only be infected at the factory, and the probability of
that is becoming increasingly small.

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Leonard P. Levine                  e-mail [email protected] |
| Professor, Computer Science             Office (414) 229-5170 |
| University of Wisconsin-Milwaukee       Home   (414) 962-4719 |
| Milwaukee, WI 53201 U.S.A.              FAX    (414) 229-6958 |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

------------------------------

Date:    Mon, 15 Jan 90 12:02:02 -0500
From:    Peter Jones <[email protected]>
Subject: Protecting software from contaminatation

On Sun, 14 Jan 90 18:02:00 -0500 [email protected] said, in
VIRUS-L Digest   Monday, 15 Jan 1990    Volume 3 : Issue 11:
>Subject: Shrink-Wrapped Software
>
>Shrink-wrap that is applied by the vendor would help to serve that
>purpose.  However, few original vendors use labelled shrink-wrap and
>many distributors and retailers can apply shrink wrap.

If vendors used read-only diskettes, contamination of the distribution
diskettes would become almost impossible for casual users. The user would have
to tamper with the write-protect switch on his diskette reader to allow
alteration of a diskette.
Early Apple-IIs are the only machines I know of in which diskette write
protection can be overcome by software.

Peter Jones     MAINT@UQAM     (514)-987-3542
"Life's too short to try and fill up every minute of it" :-)

------------------------------

Date:    Mon, 15 Jan 90 15:35:00 -0500
From:    <[email protected]>
Subject: AFD Listserv that has SCANVx.arc (PC)

       HI!

               I have learned of the AFD feature on listserv. I was wondering
      if there is a site that has it setup in such a way that i can get
      SCANVxx.arc as an afd. I've tried rice but the server there only
      has it as part of the simtel20 archives. (and those you must use
      special /pdget type commands for) Also, I don't think you can specify
      wildcards on an afd so how would we get the latest version of scan.

       I'm sure others would be interested in doing this!

       Please send a copy of any replies to me direct as I don't subscribe
       to this list. (too much volume)

       Thanks!

               Jeffrey Perry
               Computer Science Student
               Northeastern University Boston, ma
               [email protected]

------------------------------

Date:    16 Jan 90 03:47:00 -0500
From:    "Damon Kelley; (RJE)" <[email protected]>
Subject: Internet worm writer to go to trial Jan 16th. (Internet)

       I just wanted to inform the readers of this list that Robert
T. Morris of Arnold, Maryland is going to trial this January 16, 1990
for unleashing (was it "The Great Internet Worm?") a worm that
immobilized a certain computer network in November of 1988.  Mr.
Morris is a student who was suspended from Cornell University because
of his actions.

       When I read the article that I got the above information from,
I was a bit shocked that the jurors were deliberately picked by the
U.S. Justice Department lawyers because didn't know *anything* about
computers.  Would the jurors understand enough of the computer talk
thrown between defense and prosecutor to reach a truly informed
verdict?

       My mother and I discussed the issue.  I said that the trial
would be unbalanced and handled badly because every little techie term
would have to be explained over and over again to the jury, slowing
down the trial process.  Isn't a "jury of his peers" called for here?

       She said that the trial would be more impartial if the jury is
composed of non-tech persons.  Comments?

       Does the Justice Department have a prejudice against computer
enthusiasts?  Perhaps so.  In the article I read, the lawyers excluded
persons who owned computers, but included persons whose jobs involved
"pushing buttons," such as flight reservation clerks and insurance
claim processors.

       Those lawyers better straighten up.  Not all computer
enthusiasts practice regularly what Mr. Morris did, nor do they openly
encourage the wanton destruction of computer systems "for a kick."

Source: _The_Baltimore_Evening_Sun_, January 15, 1990. Section D, top
of page 2: "'Illiterates' Judging Computer Genius."  The information
in the first two paragraphs is selected bits, not direct quotes, so
don't bother to flame me.

DISCLAIMER:
       The information above does NOT represent the views of any
organization, group, man, woman, beast, insect, microbe, matter,
energy, etc. existing in all the planes of reality known/not known!
To assume that this information is more than the sputterings of the
author is stupidity on your part.

Damon (@umbc.bitnet) (@umbc2.umbc.edu) ([email protected] [uucp.  Guess a
path...] )

------------------------------

Date:    16 Jan 90 10:06:52 +0000
From:    Colman Reilly <[email protected]>
Subject: WDEF in Ireland (Mac)

The WDEF virus has been reported in Trinity College, Dublin - I don't
have details but the needed anti-viral stuff is available - Thanks to
all involved in producing the software.

-
-------------------------------------------------------------------------------
[email protected]                   Colman Reilly
All my own work-no one else has any claim or responability for my opinions
-
-------------------------------------------------------------------------------

------------------------------

Date:    Tue, 16 Jan 90 11:17:59 +0000
From:    [email protected] (P E Smee)
Subject: Re: Shrink-Wrapped Software

In article <[email protected]> [email protected] wr
ites:
>Vendors can help by using labelled shrink-wrap.  To the extent that
>users come to expect such labelling, the re-wrap strategy becomes less
>effective and efficient for the retailer.  Users can protect themselves
>and discourage this risky practice by refusing to deal with retailers
>that offer them the right to return.

Two points here:  The first is (far as I know) unique to the UK.  We
virtually never SEE shrink-wraps.  The reason is that (allegedly to
prevent theft) the software shops display only the empty boxes on their
shelves.  The contents are removed to be stored behind the counter, and
are replaced in the box when you buy the software.  (Yes, it
occasionally causes problems.  My copy of Dungeon Master turned out to
include a Falcon registration card.  Sigh.) For big-selling software
(read, popular games) they will probably also have some unopened boxes
behind the counter; but for more serious stuff, the opened copy is
probably the only one they've got.  And, you can't just take your
business elsewhere, because they all do this.  (Records, prerecorded
cassettes, CD's, and videotapes are all also marketed this way.)

Second problem is more general, in that you are also thereby more or
less guaranteeing that the retailer will not be willing to demo a
package to you before you buy it.  For a lot of packages, particularly
the serious (and expensive) ones, you can't really tell from the
manufacturers' puff whether the product will do what you need -- or,
indeed, anything useful at all.  Again, for popular products this might
be eased, but for things with a limited market -- well, the dealer is
hardly going to invest in a separate demo copy of something which only
sells a copy a month or so.

What's really needed is some way that the maker can include, separate
from the disk, some form of 'signature' which can be used with a
publicly available verification program, so that you could scan the
disk with the verifier, and compare the output with the provided
signature.  Akin to a checksum, but sufficiently complex that any
change to the disk would be detected.  (There's a thesis topic for the
next 10 years' worth of Masters candidates. :-)  The problem should be
easier than the corresponding ideas for protecting 'user' disks, as
there should be no reason for a distribution disk to EVER change once
it has left the maker's hands.

- --
Paul Smee, Univ of Bristol Comp Centre, Bristol BS8 1TW, Tel +44 272 303132
[email protected]  :-)  (..!uunet!ukc!gdr.bath.ac.uk!exspes if you MUST)

------------------------------

Date:    16 Jan 90 15:21:44 +0000
From:    [email protected]
Subject: Biological analogy source requested

I know there has been some discussion in this group of the extent
to which the analogy between computer viruses and their biological
cousins is tenable, though I have not followed it closely. However,
can anyone suggest any references on this topic? Alternatively, can
anyone suggest any good references on viruses in general. They
should preferably be in well-read journals, (so that they are likely
to be in our library, which has no books on the subject).

Thanks in anticipation.

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.