VIRUS-L Digest Thursday, 18 Jan 1990 Volume 3 : Issue 14 Today's Topics: New York Times on the Morris Trial Shrink-Wrap and Write-Protection Re: Shrink-Wrapped Software Re: Some more thoughts on shrink-wrapped software... Internet Worm Creator goes to trial Re: Shrink wrap...still safe? Re: Internet worm writer stands trial (Internet) Pakistan C-Brain Virus Re: Internet worm writer stands trial (Internet) *** POSSIBLE VIRUS WARNING *** (PC) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's LEHIIBM1.BITNET for BITNET folks). Information on accessing anti-virus, document, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@SEI.CMU.EDU. - Ken van Wyk --------------------------------------------------------------------------- Date: Wed, 17 Jan 90 12:45:25 -0700 From: Chris McDonald Subject: New York Times on the Morris Trial William Murray recently asked where John Markoff was when we needed coverage of the Morris trial. Thirty minutes later I read a lengthy article in the Arizona Republic attributed to the New York Times. I am including in quotations only those items which I have not seen previously on Virus-L or Risks Forum. These are direct quotes which I have not independently verified for their accuracy. "Indeed, Morris' lawyer said that to show his client as a proponent of safeguarding computer security, he will introduce as evidence a videotape that shows the defendant giving a lecture at the National Security Agency in 1987 on how to gain access to computers illicitly." "But in its case against Morris, the prosecution also plans to use the videotape." "The videotape of Morris's lecture at the National Security Agency came to light recently when Morris' lawyer filed legal papers to introduce classified material at the trial related to the film." "The lecture, which was not classified, was presented at the security agency at the request of the defendant's father, Robert Morris, the chief scientist of the agency and an internationally know computer- security (sic) expert." "The younger Morris' lawyer, Thomas A. Guidoboni, said the circumstances surrounding the lecture and a similar talk that Morris gave at the Naval Research Laboratory the same year are significant in that they create a view of Morris as someone who has acted responsibly on computer-security issues." "But Guidoboni also said that seen in isolation, without an explanation of the circumstances, the tape could harm Morris' case." "The elder Morris has told lawyers that describing the subject of the lecture and the makeup of the audience, as the defense wants to do, would require the disclosure of classified information, which he said he would not do." "The issue of whether classified data will be used at the trial has not been resolved." Chris Mc Donald White Sands Missile Range - ------- ------------------------------ Date: Wed, 17 Jan 90 15:35:00 -0500 From: WHMurray@DOCKMASTER.ARPA Subject: Shrink-Wrap and Write-Protection >With 3.5" disks, a small hole can be covered by a moving tab, to >indicate to the disk drive whether the disk is locked or not. Open is >locked, closed is writable. If vendors disseminate applications on >write-locked 3.5" media, all a vandal needs to do is cover the hole >with a small piece of electrical tape. Without intending to minimize the threat of vandals, the damage that they do is vanishingly small when compared to errors by the well-intentioned. The danger to which this mechanism was addressed was the accidental and unwitting contamination of a distribution diskette. It was not intended to protect against the less likely vandalism. William Hugh Murray, Fellow, Information System Security, Ernst & Young 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 ------------------------------ Date: 16 Jan 90 19:11:20 +0000 From: ensys.ensys.com!silvlis.com!msm@sgi.sgi.com (Michael S. Maiten) Subject: Re: Shrink-Wrapped Software WHMurray@DOCKMASTER.ARPA writes: > Vendors can help by using labeled shrink-wrap. To the extent that > users come to expect such labeling, the re-wrap strategy becomes less > effective and efficient for the retailer. Much of the discussion of the "shrink wrap" issue is focused on the inability of the purchaser to determine if the disk has ever been used and rewrapped. In my opinion, a solution to this problem is for the software publishers to use disks that are permanently write-protected. (ie; no notch on 5.25" disks and a hole without slider on 3.5" disks). This will not stop a determined terrorist from infecting disks, but it will stop the casual accidental infection of purchased software. > Users can protect themselves > and discourage this risky practice by refusing to deal with retailers > that offer them the right to return. Stores that offer return policies are exactly the ones with whom I do deal, since it is almost impossible to see if the software will meet my needs by reading the box or trying out the store demonstration copy. What they should do is to be more careful when accepting the returned items (check for missing materials, and check for infection of the disks) before returning the person's money. - ------------------------------------------------------------------------------ Michael S. Maiten Internet: msm%ensys@bridge2.esd.3com.com Energetic Systems or: msm%ensys@silvlis.com Telephone: +1 415 964-9746 UUCP: {sun!silvlis,bridge2}!ensys!msm ------------------------------ Date: 17 Jan 90 22:30:12 +0000 From: haydon@nevada.edu (James P. Willey) Subject: Re: Some more thoughts on shrink-wrapped software... dmg@retina.mitre.org (David Gursky) writes: >What is really most amazing about the problem of a potential vandal infecting >a commercial application, and returning it to an unsuspecting vendor is the >ease with which the vendor can detect the problem. Consider the following >scenario: I work at a small software store, and I noticed several problems with this scenario. >1 -- An application is returned to a vendor. Yes, unfortunately this does happen frequently. >2 -- Proof of purchase is produced, vendor agrees to accept product, but does > not yet refund purchase price. > >3 -- A second copy of the shrink-wrapped application is removed from the > shelf. Assuming, of course, that the store has another copy on the shelf. This would also waste a lot of time reshrink wrapping software. >4 -- The disk(s) from the returned copy are then byte-by-byte compared against > the disk(s) in the shelf copy from step 3. Assuming, of course, that the store has the computer that the software is for. At the store I work at, we carry IBM, Mac, and Apple, but we only have an IBM computer. Also, the store may only have 5.25 drives and the software in question is on 3.5 disks. The computers are also used for demo software in case someone wants to see it run before they but it. Checking every disk I agree that something should be done, but this isn't the answer for everyone. - ------------------------------------------------------------------------------- James P. Willey willey@arrakis.NEVADA.EDU Disclaimer: I'm now employed, but I'm responsible for my employers opinions, not vice versa. ------------------------------ Date: Wed, 17 Jan 90 20:37:33 +0300 From: Geraldo Xexeo Subject: Internet Worm Creator goes to trial I suppose that all the computer community have already judged the worm creator in discussions around the world, so it is fair to make a jury of "non-computer" people. My point is, this trial don't eliminates the necessity of a ethical judgement. Maybe what he did is not a crime, but is clearly a violation of ethical aspects of computer use. I suggest that a ethical code, similar to the ethical code in medicine should be developed. I suppose that ACM has one, but is not the same. ACM didn't control the exercise of the computer activities. Geraldo Xexeo COS20001@UFRJ.BITNET ------------------------------ Date: Thu, 18 Jan 90 01:31:44 +0000 From: forags%nature.Berkeley.EDU@ucbvax.Berkeley.EDU () Subject: Re: Shrink wrap...still safe? Several writers have suggested that vendors distribute software on 5.25" diskettes without write-enable notches since evidence of tampering with such diskettes is fairly obvious. A sheet-metal notching tool cuts a very clean write-enable notch which can fool many users. Thus, I would suggest that vendors distributing software on diskettes without write-enable notches also add a warning ON THE DISKETTE LABEL stating that the diskette was manufactured without a write-enable notch and that the buyer should reject any diskette with a write enable notch cut in it. Al Stangenberger Dept. of Forestry & Resource Mgt. forags@violet.berkeley.edu 145 Mulford Hall - Univ. of Calif. uucp: ucbvax!ucbviolet!forags Berkeley, CA 94720 BITNET: FORAGS AT UCBVIOLE (415) 642-4424 ------------------------------ Date: Wed, 17 Jan 90 12:56:16 +0000 From: biar!trebor@uunet.uu.net (Robert J Woodhead) Subject: Re: Internet worm writer stands trial (Internet) damon@umbc2.umbc.edu (Damon Kelley; (RJE)) writes: > When I read the article that I got the above information from, >I was a bit shocked that the jurors were deliberately picked by the >U.S. Justice Department lawyers because didn't know *anything* about >computers. Would the jurors understand enough of the computer talk >thrown between defense and prosecutor to reach a truly informed >verdict? I'm not surprised that the jurors are technically incompetant; people who have any competence in the field at issue are regularily excluded from juries, usually by the defense though. In drug trials, the defense as a matter of course tries to go for as stupid a jury as possible as they 1) are less likely to understand why the defendant is guilty and 2) are less likely to acquit. Look at it this way; if you or I or any of the readers of this newsgroup were on the jury, our technical knowledge would give us an "advantage" over the other jurors which we could use to sway them to support our position. Juries are not totally to blame for insane verdicts and awards; part of the blame must be put on the system that tends to impanel incompetant juries. In my circle of admittedly bright and educated friends, not a single one has, to my knowledge, ever been accepted for jury duty. - -- Robert J Woodhead, Biar Games, Inc. !uunet!biar!trebor | trebor@biar.UUCP Announcing TEMPORAL EXPRESS. For only $999,999.95 (per page), your message will be carefully stored, then sent back in time as soon as technologically possible. TEMEX - when it absolutely, postively has to be there yesterday! ------------------------------ Date: 17 Jan 90 21:33:11 +0000 From: gallo@zach.fit.edu ( Michael A. Gallo) Subject: Pakistan C-Brain Virus Help.... We need assistance in eliminating the Pakistan C-Brain virus from our IBM PCs and compatibles. The virus has infected virtually all of our PCs located in our microcomputer center, which is an open lab on campus. Any information that anyone can provide will be most beneficial. Please e-mail any helpful responses to gallo@zach.fit.edu. Thanks. Mike Gallo Florida Institute of Technology Melbourne, FL 32901 (407) 768-8000 x7551 Internet: gallo@zach.fit.edu UUCP: ...!uunet!pd1!winnie!zach!gallo ------------------------------ Date: 18 Jan 90 14:29:37 +0000 From: peggy%pyr@gatech.edu (Cris Simpson) Subject: Re: Internet worm writer stands trial (Internet) damon@umbc2.umbc.edu (Damon Kelley; (RJE)) writes: > [...] > When I read the article that I got the above information from, >I was a bit shocked that the jurors were deliberately picked by the >U.S. Justice Department lawyers because didn't know *anything* about >computers. Would the jurors understand enough of the computer talk >thrown between defense and prosecutor to reach a truly informed >verdict? > > My mother and I discussed the issue. I said that the trial >would be unbalanced and handled badly because every little techie term >would have to be explained over and over again to the jury, slowing >down the trial process. Isn't a "jury of his peers" called for here? > [...] >Source: _The_Baltimore_Evening_Sun_, January 15, 1990. Section D, top >of page 2: "'Illiterates' Judging Computer Genius." [..] One of the most frightening experiences of my life was being called to jury duty. I got to see what a 'jury of my peers' would consist of. It gives one a lot of incentive not to get caught. (:-) IANAL, but I see a problem in the future with technology-related litigation. What good is the right to have your case tried before a jury of idiots? For example, consider Intel v. NEC or Apple v. MS & HP. It's hard enough explaining the concepts involved to a reasonably intelligent judge, but a jury picked because they didn't know anything? I suppose that if a jury of people from Washington, DC can be found who never heard of Ollie North, I suppose there's a jury for all of us... (:-) cris *IANAL: I Am Not A Lawyer. (But my wife is.) ------------------------------ Date: 17 Jan 90 19:54:25 +0000 From: gpitcher@edpmgt.UUCP (Glenn Pitcher) Subject: *** POSSIBLE VIRUS WARNING *** (PC) [Ed. Forwarded from comp.sys.ibm.pc] Apparently, we have run across our first real virus. As of now, it's not fully know what this can do or even what program is doing it but here's a description of a file that keeps on appearing on our systems... The file name is '800' and appears in the root directory. File size is 368K and contained in the file are text strings that contain copyright messages for Compac Computer Corp. (no, our systems are from another manufacturer). Twords the bottom of the file, it appears to have a questionaire pertaining to animal laboratory research. If anyone else knows *anything* about this, please post it... Thanks, - -- Glenn Pitcher UUCP: {crash,ucsd}!edpmgt!gpitcher Programmer/Analyst & ARPA: Too many $$$ Unix Guru in training BITNET: A net for runaway programs EDP Management, Inc. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - - ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253