VIRUS-L Digest Wednesday, 16 Nov 1988 Volume 1 : Issue 11 Today's Topics: Ye Compleat Vyrusse Request for info on CHRISTMA EXEC (IBM mainframe VM/CMS) Re: 1-Header problems, 2-Nightline broadcast, 3-Computer Virus Book Working with the press Re: 1) "Great hackers...." 2) Viruses in military computers --------------------------------------------------------------------------- Date: Wed, 16 Nov 88 09:34:45 EST From: Sean T Montgomery Subject: Ye Compleat Vyrusse I'm only a recent subscriber, so please bear with me if this has been discussed into the ground. I would be interested in receiving as complete a list as possible of microcomputer (preferably Macintosh) "anti-viral" programs, and/or a list of servers or persons who have these programs available thru E-mail. I would like to have a copy for my own sake, and also for sending to people who show up on one net or another saying "Help!!! I've got a virus!!! What do I do!!!" Case in point: nVIR can be removed a number of ways, some simpler than others (the KillVirus INIT seems to beat everything else). I'd like to find out what other virus killers/protectors are best for other situations. Thanks. ------------------------------ Date: 16 November 1988, 10:05:17 EST From: David M. Chess CHESS at YKTVMV Subject: Request for info on CHRISTMA EXEC (IBM mainframe VM/CMS) How time flies! *8) It was actually last December (around Christmas time, for some reason). There is pretty extensive discussion in RISKS DIGEST around that time. No need to restate it all here, I suspect? DC ------------------------------ From: J. D. Abolins Date: 16 Nov 88 Subject: Re: 1-Header problems, 2-Nightline broadcast, 3-Computer Virus Book 1) I was the one who has passed on the computer security info request Liisa R. Before this list was digested, my messages would get a header somewhere along the line, now they don't. So I'll remember to enter manual "headers". [Ed. Sorry for the confusion there. I don't know why your mailer didn't send out a proper header...] 2) I also saw the ABC TV NIGHTLINE broadcast. I am formulating a letter with comments to send to Mr. Kopple, Fred Cohen, Steve Wozniak, and Mr. Sherezin. The comments are basically- A. Thanks for the broadcast and its coverage of computer viruses B. Comments in an attempt to wade through the cross-communications that ensued. C. An outline of issues related/for computer viruses. While it will most likely have little impact, it's worth a try. I keep in mind that the interviewees faced several challenges that I and other viewers don't have- a late hour interview (for Fred Cohen and Mr. Sherezin), interview via separate satelite hookups, and the time constraints of a live TV interview. For those who didn't see the program, let me describe the debate or cross-communications that occured. Ted Koppel, the interviewer, asked the interviewees about the risks of computer viruses. Unfortunately, Mr. Koppel's question used the scenario of a "hacker" using a virus in a bank's computer system to extract money from other people's accounts and place into his/her own account. Steve Wozniak, a long-time advocate of free-wheeling computer creativity, protested that the risk was practically non-existant, that computer fund theft cases have almost always been comitted by insiders, and that banks have extensive security and auditing sageguards. Fred Cohen countered Steve Wozniak's claims by emphasizing that the safeguards are not 100% effective and that computer viruses pose a real threat. After several volleys between the two men along these lines of thought, Fred Cohen claimed that Steve Wozniak was making his claims of low risks because he has an affinity for the "hackers" and their mindset. Knowing Fred Cohen's work, at least in part, I understood what he was driving at. But many viewers may have gotten lost in the debate between Fred Cohen and Steve Wozniak. As said before, the risks of computer viruses was presented wrapped in a poor scenario. Also the terminology could have been better defined by ABC TV. The term computer virus was defined much too broadly. Also, the term "hacker" has too many connotations for safe use, especially with the diverse backgrounds of the interviewees. (This is a lesson I am keeping in mind for my articles.) To some, like Mr. Wozniak, "hacker" means a creative, inquisitive programmer who MAY be mischevious and wanton. To others, a "hacker" is DEFINITELY a programmer who engages in illicit and illegal activities. (Also remember that Apple Computers, co-founded by Mr. Wozniak, thrived on the "hackers" of Mr. Wozniak's definition.) With the bank fund transfer scenario, one of its problems is that it is not a typical form of virus impact or design goal. Mr. Wozniak was right about bank computer fraud; it has been done with at least the help of insiders and the programs were not viruses. THey may be Trojans, worms, or simply modifications to exisitng software (as in the "salami slicing" technique.)Someone during the broadcast alluded to the "Fort Worth, TX" case (the Burleson case) as an example of a virus used for banking computer fraud. Quite inaccurate, but understanble statement since the definitions were not pinned down. (Plus,I am lot more finicky about the definitions than most people who report the computer cases to the public. It seems that the reporters and even the computer specialists will lump other harmful programs with viruses. Perhaps, it is done so not to "confuse the viewers/readers with too many terms"; plus the term virus is very catchy.) The more common forms of virus damage and design goals include general disruption of systems, subtle tampering that may reduce the percieved trustworthiness of computer systems,economic dissipation, and electronic flagging of one's "accomplishment" (as wanton as it is.) With what I've said, I want to emphasize that I am not flaming Ted Koppel either. He admitted in the broadcast that he is not at all familar with computers. Mostly likely, he got a ten or fifteen minute briefing before the show. 3) I've started reading the COMPUTER VIRUS book (from COMPUTE! Book Publications, copyright 1988, price about $16 US.) It seems to be a good general introduction to the subject writen for average computerist. It covers MS-DOS, Mac, Amiga, and, to some degree, Atari ST computer viruses. Case histories are given. (The Hebrew University case was adequated treated without the sensationalism of some other accounts.)A sensible list of preventative measures are given. (I can recognize some of Pam Kane's contributions here.) Plus an overview of anti-virual software. The only "minus" comment is the cover artwork. This is a matter of differences in taste. So don't judge the book by its cover. (Nor a posting by its length. (: -) ------------------------------ Date: Wed, 16 Nov 88 12:16:52 CDT From: Len Levine Subject: Working with the press With respect to the Nightline interview, I would like to say this. I have been interviewed by the press several times in the past and during this episode I was interviewed for many hours by several local reporters. I worked for two hours with each of two Television reporters with cameras on for all of that time. What resulted was a one sentence live shot taken from a two hour interval on each station. Some of my comments were used by the reporter and, as luck would have it, were taken correctly and in context. The sessions went well. Two days later, I was on the phone for an afternoon with a reporter from the Sunday Milwaukee Journal. The result was about 1/4 page with my interview handled well. Finally, a few days later, quite an expert now, I was interviewed live on the radio (local talk show) for 20 minutes with a commercial break in the middle. People who saw the shows and read the paper said that I was treated fairly and that the reports came off well. Some advice: 1. Spend a good deal of time with the press. If you have not done so before, teach them all about the issues, they want to learn and, professionally, pick things up quickly. If you are off the air, get them to explain back to you what they heard and correct them if they get it wrong. 2. News reporters are alarmist by nature. DOWNPLAY the news. They will pick up the most provocative remark you make. Find a way of discussing what you have to say in a quiet, amusing fashion, they will use that. Be careful and say nothing on camera that is wrong, even when taken out of context. (Very hard to do.) 3. Spell your name to them. Spell out the jargon words and explain them. Clarity is next to godliness. Just some advise from a TV star. + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail len@evax.milw.wisc.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U.S.A. Modem (414) 962-6228 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ------------------------------ From: J. D. Abolins Date: 16 Nov 88 Subject: Re: 1) "Great hackers...." 2) Viruses in military computers 1) A recent message included the statement "Great hackers go to have balls." Hmmm.... does that limit "hacking" to males or do hackers purchase golf balls, basketballs, footballs, etc. from a sporting goods shop? On the serious side, there wase an article posted few months ago comparing the "tracker" against the "intruder". It pointed out that there are many character differences between the two. That article made many good points. Also, I recollect a comment by Don Parker against the hiring of "hackers" (the illicit/illegal variety) in the computer security field. The publicized hiring of "intruders" would give the message that "one good break-inis worth a thousand resumes in the mail."for job-seeking computerists. Of course, there are companies and other potential employers who have a very different set of scruples or none at all. "He's brilliant! He's a genius! And he will stop at nothing to get his goals! Perfect for the job!" As Charles Colson og Watergate fame expressed, he would have run over his mother with an automobile for the sake of Richard Nixon. 2) Military computer virus threat: There have been several studies of the potential hazards of viruses for military computers. I have no special access to the results, so I am speaking from conjecture and a mosaic of informtion. It must be remembered that many military computer systems, especially th e tatical combat types, are not the everyday PC's and Mac's. Many are drastical different in hardware and software from the multi-functional civilian systems including the ones used for military administrative tasks- word processing, quartermaster inventories, etc. They are not linked to each other in the conventional sense, so a virus would not spread easily. So systems may use radio linking for various functions, but the links are nowhere as wide open as that of civilian links. The introduction of a virus into a tactical system would require either an insider or the infection of the systems used to make or maintain the tactical system. The way the military tactical computers interpret files would in many cases require a virus designed specifically for them. Drills may spot virus caused damage in some cases, should it happen. Unless designed specificlally otherwise, I guess most viruses that get into a tactical combat system would either do nothing or cause a system crash. Usually, it should not fire off anything, unless the system was a restraining system designed to fire in case of failure. I have focused on tactical systems, such as the one used for artillery solutions, the naval combat systems such as the ones made by Elbit, the computers used for aircraft weapons systems and EW ( which are very specialized processors and not full functionality computers), etc. The situation with strategic systems is another story. They are are likely to use full-functionaility systems, including ones of common make. Using common types of computers increases the virus risk because accidental infection from the general computing community is more likely. A variation of the virus hazard.... the scenarios revolve around a virus affecting a military fire-control system so that it launches. Yet a more likely virus impact can occur before the weapons system makes it to production. Imagine if the CAD/CAM or CASE tools of a goverment contractor were affected, especially with a subtle acting code that skewed values ramdonly or specifically. The results can range from delays and cost overruns to failure in the field. Another variation, based on the action of many known viruses, the virus (or Trojan code) catastrophically damages the programs used by a military computer. Possible results, an artilery battery is suddenly unable to obtain solutions via computer, a forward-sweep wing fighter loses control, etc. But these are would have to custom designed programs and are notlikely to occur. ------------------------------ End of VIRUS-L Digest *********************