VIRUS-L Digest Monday, 28 Nov 1988 Volume 1 : Issue 21 Today's Topics: local tv broadcast Re: German laws on computer crime Software on the LISTSERV (PC) internet beating How good is Virex? (Mac virus remover) Virus History Passing Viruses --------------------------------------------------------------------------- Date: Mon, 28 Nov 88 14:58 EST From: Mitchel Ludwig Subject: local tv broadcast Last Tuesday (Nov. 22, 1988), Loren Keim was interviewed by a local (Bethlehem, PA) television station regarding the release of his anti-virus packages. As someone fairly familiar with the workings of some of the more popular packages, I was wondering if you would enlighten us as to what, exactly, makes yours any better than the rest, Loren? I was particularly interested in the mention of the fact that, by some type of key encryption, you expect each package to be 'different'. More specifically, I believe you made mention that if a virus was able to penetrate the defenses offered by your package, it would most probably be because of the encryption key used by that particular user. You went on to say that this would not mean that the same virus would be able to get by the same program if it were used with a different key. Now forgive my possible ignorance, but it seems to me that if a virus could bypass an encryption algorithm, the key used wouldn't matter. It's possible that I misunderstood what was said, it's even possible that what you (Loren) said is possible, but if it is, then I'm in need of some serious enlightenment. Additionally, (and finally... :-) you made mention of anti-virus packages you plan on releasing for the larger machines. I've done quite a bit of work on security on UN*X machines, and without seriously restricting user privileges, I can't really seem to come up with any real practical ways of securing a system beyond those which the system already uses. As far as I've been able to tell, you would have two choices available to you when setting up security separate from that provided by the system. Either you would have to set the particular security program readable to all (which sets us up for problems) or give a user's login process momentary higher access (which set us up for disaster...) Again, I may be mistaken, and if so, enlightenment would be appreciated. Anyone else have any ideas? Anyone else see the broadcast? Anyone else know what I'm talking about? Mitch BITnet : MFL1@lehigh.bitnet Phonet : 215-861-2637 INTnet : KMFLUDW@vax1.cc.lehigh.edu Slonet : Box 72 Lehigh Univ. UUCP : lehi3b15!rastro!mfl Bethlehem, PA 18015 ------------------------------ Date: Fri, 25 Nov 88 10:34:56 +0100 (MEZ) From: Otto Stolz +49 7531 88 2645 RZOTTO at DKNKURZ1 Subject: Re: German laws on computer crime To: Cliff Stoll cliff at LBL cc: Virus discussion list VIRUS-L at LEHIIBM1 In-Reply-To: Your message of Thu, 24 Nov 88 09:43:19 PST Hello there! The following remarks pertain only to the Federal Republic of Germany (not to the German Democratic Reepublic) and are given under the proviso that I'm no lawyer and hence may well overlook or misunderstand some regulation. > Is it true that under German law, an offense takes place only if files > are erased? No, this isn't true. According to +303a of German Criminal Code, he who illegally CHANGES data (not necessarily in files, but on machine-readable media, e.g. a boot sector, a FAT, ...) can be punished with 2 years emprisonment. According to +303b, the same fact (and also physical damage done to computer media or equipment) can by punished with up to 5 years, if the inflicted data-processing is essential for a company or authority, other than the one the perpetrator is employed in. These regulation enhance or qualify the usual +303 (damage to property). > That it is not a violation to simply enter a computer and read infor- > mation? Though this situation is not covered by the above-mentioned rules, there are many regulations in German law to handel particular cases falling into this broad category. However, most of these regulations to not apply specifically to computer-stored or -handeled data; normally they apply to specific nature of the data, regardless wether they are stored on magnetic media, written down on paper, or whispered into your ear. Commercial secrets are protected by law against unfair competition. These may neither be disclosed unauthorized, nor read by intrudors. Also, trade-marks are protected: you may not e.g. use the Microsoft Logo for your own programs, and you may even run into trouble, if you imitate their menu-technique too closely. In such cases, it doesn't matter, whether you actally copied the programs (menu) or data (logo) from their computer, or developped them yourself. Cf. also patenting law. Artistic, scientific, and technical presentations are protected by copyright law. As opposed to US regulations, there's no need to state the copyright explicitly in the publication itself, nor to register the opus somewhere. You only need to produce something sufficently new. The law enforces that the original author be mentioned in copies, citations, performances, and adaptions. The law generally forbids unouthorized copies and performances (there are exceptions). Some lawyers argue, that even the loading of a program or data from secondary to primary storage (in due course of running, or displaying it, respec- tively) constitutes an unauthorized copy. I think, this is ridiculous, but you never know the outcome of a law suit, beforehand! However, I reckon, the running of a program (e.g. a computer-game) may constitute an unouthorized performance (similar to a video, a movie, or a piece of music). A broad class of protected data are "Data Related to (natural) Persons". Many of those are protected by special regulations (e.g. professional descretion of doctors, lawyers, or confessors; privacy of mail and other communication). If you break into a computer of a hospital and read patient's data, you will prosecuted according to the pertinent regula- tions of criminal and/or social law; if you illegally read data (as notes addressed to 3rd parties, or traffic-related data) from a Federal Post-Office and Telecommunication Authorities' computer, you will be prosecuted under "break of the tele-communication secret". Data Related to Persons that do not qualify for special rules (as above) are protected by the "Laws to Prevent Mis-Use of Person Related Data during Data-Processing". There are several such laws, pertaining to data-processing for private purposes (including companies) and by various authorities (remarkably, the only area apparently not covered by any such law is data-processing by churches and religious communities for their own purposes). The maxim of these laws seems to be, that processing of person-related data is generally forbidden, if not allowed by some specific law, by consent of the person reffered to, or if the data are evident (Beware: your name and address may well be evident, but if they are to be put on some particular list it is not+all evident that you should belong to this very list -- hence putting evident data on particular lists or into files falls under these laws). According to +41(1)2 of the Federal Law to Prevent ..., and similar Paragraphs in the other laws mentioned, "he, who ... recalls person-related data, that are not evident, or takes them from a collection that is enclosed in a container, will be punished with imprisoning up to one year, or with a fine". You see, in German Law it doesn't matter whether you break into a com- puter, or brake privacy in other respects: the regulations pertain to the nature of the data not to the medium of recording. > I have heard these rumors, but I do not know if they are true. Please excuse any contribution from my side to mis-conseption in these issues. As I have posted remarks to VIRUS-L which may have raised these rumours, I send a copy of this note also there. Best regards Otto ------------------------------ Date: Mon, 28 Nov 1988 15:19:02 EST From: Ken van Wyk To: virus-l Subject: Software on the LISTSERV (PC) I just got some additional software for the LISTSERV file list (thanks to David Bader) which is now available to all. The new files are: FSP_14 UUE FluShot + version 1.4 CHKUP18 UUE Checkup version 1.8 TRAPDISK UUE Trapdisk version ??? DPROT102 UUE Disk Protect (?) version 1.02 As with all the files on our LISTSERV, these are free for the taking. As such, they're on an as-is basis. Ken P.S. One of the local BITNET links has been unavailable for most of the U.S. Thanksgiving weekend, so if you don't see your submission(s) in this digest, they'll undoubtedly be coming along shortly since the floodgate has just been opened... :-( ------------------------------ Date: Mon, 28 Nov 88 15:16 EST From: Mitchel Ludwig Subject: internet beating In light of the recent slew of kill him/thank him messages regarding the internet virus/worm/whatever, I would like to express my opinions via the following quote taken from a Monty Python skit. The quote is taken entirely out of context, and has no relevence whatsoever (is that really a word?) but it will suffice to get my point across... "Oh Lord, we beseach thee. Prey tell us who croaked the Bishop of Lestor..." "He did it, the one in the red sweater." "Right, arrest that man.." "It's a fair cop, but society's to blame." "Fine, we'll arrest them too." Now, did I say irrelevent or what? But if you replace the Bishop of Lestor with the word Internet, and the one in the red sweater with our Internet whacker, we have an interesting parallel. True there was a large waste of manpower... True there was a large amount of downtime... But now that it's over let it be over. Think of the extra time being wasted deciding whether or not he should be knighted or damned for all eternity. After three weeks of virus-l being monopolized by this sort of thing, it would be nice to start seeing more about what's going on. If anyone has any *NEW* info regarding what happened, I'd love to hear it, but reducing the list to a browbeating session really isn't my idea of a good time. But that's only my opinion... Mitch BITnet : MFL1@lehigh.bitnet Phonet : 215-861-2637 INTnet : KMFLUDW@vax1.cc.lehigh.edu Slonet : Box 72 Lehigh Univ. UUCP : lehi3b15!rastro!mfl Bethlehem, PA 18015 ------------------------------ Date: Mon, 28 Nov 88 09:43 EDT From: "$CAROL@OBERLIN (BITNET)" <$CAROL@OBERLIN> Subject: How good is Virex? (Mac virus remover) Does anyone have experience yet with a program called "Virex" from HJC software? According to MacWEEK, it's supposed to remove nVIR, SCORES and Peace viruses. They don't say if this includes system files. It's described in their blurb as the "great grandchild" of Interferon and sells for $99.95. Responses to PRUSSELL@OBERLIN or to the list. Thanks. ------------------------------ Date: Sun, 27 Nov 88 13:43:53 EDT From: John Planck <34TVIGX@CMUVM> Subject: Virus History Hello, I am interested in doing a brief paper (5 pages) on the history of computer viruses. If you know of any books or articles that address the origin and pioneers of computer viruses I would very much like to know of them. Thank You. Regards, John Planck Acknowledge-To: <34TVIGX@CMUVM> ------------------------------ Date: Thu, 24 Nov 88 11:28 MDT From: "David D. Grisham" Subject: Passing Viruses We at UNM have been dealing with what appears to be a mutated or modified version of nVir. As a result I have had multiple requests for a 'copy' of the strain. All of which I have filed for future action. In discussions with my administration, it has been decided to NOT mail any virus to anyone until- the local FBI office gives us an OK, that the requestee has been confirmed as a legitimate researcher for the firm s/he claims to be, and I get the time to send registered mail to these individuals. Question- what do others of you do with similar requests? dave *----------------------------------------------------------------------------* | Dave Grisham | | Senior Staff Consultant/Virus Security Phone (505) 277-8148 | | Information Resource Center | | Computer & Information Resources & Technology | | University of New Mexico USENET DAVE@UNMA.UNM.EDU | | Albuquerque, New Mexico 87131 BITNET DAVE@UNMB | *----------------------------------------------------------------------------* ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253