========================================================================= Date: Wed, 1 Jun 88 11:59:34 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joe McMahon Subject: Re: Playboy virus - BEWARE! (thomas@uvabick (Thomas Fruin)) [comp.sys.mac] In-Reply-To: Message of Tue, 31 May 88 16:31:07 CDT from > >Through a dealer I heard that a new Macintosh virus had been sighted >here in the Netherlands... > >-- Thomas Fruin Thomas, is it really a virus, or is it a Trojan horse? This is important -- if it's a virus, it does its damage at some later date, after ensuring that it ahs spread to other systems. If it is a Trojan horse (as I would guess from your description), then it clobbers you immediately, without spreading itself. I know it sounds picky, but the viruses are a lot worse, since they can inhabit ANYTHING. Trojans merely need to be avoived by name. --- Joe M. ========================================================================= Date: Wed, 1 Jun 88 11:03:45 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: David Camp Subject: Re: Naive virus questions In-Reply-To: Message of Sat, 28 May 88 19:06:50 EDT from >1) Is it possible to demount and mount the hard disk so that you >can effectively work with the floppy drives and not have to worry >about code being transferred to the hard disk? Well, I once tried disconnecting the power from the hard disk and booting from diskette. I do not remember the precise outcome, but I think I was unable to boot. You may have more luck by removing the hard disk controller entirely, but you run the risk of damaging your equipment. I heard (do not ask me where) of someone putting a switch on their hard disk connection, to write protect it. Even the reference I saw did not tell how to do it. When I tried to reenable the hard disk, I had an extra cable that had come loose, with three identical connectors available. I was rather embarrased to have to wait for another employee to identify the correct connection. The moral is: BE CAREFUL! > >2) Is it possible to design a virus that screws up the ROM? Not under usual circumstances. Most ROMS are only writable by equipment external to the computer. There are EEPROMS which can be written by the computer, though. They are commonly used in some terminals (perhaps a VT100?) to store the setup parameters, even while the terminal is powered off. The new PS/2 line features CMOS memory to contain setup information, with a battery backup. Some errant programs have been known to trash this memory, which can be easily restored with the Reference Diskette. > >Hey, these may seem naive, but then I'm not a computer scientist >by trade. They are reasonable questions. -David- ========================================================================= Date: Wed, 1 Jun 88 15:54:39 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: A couple more forwarded submissions From J.D. Abolins Subject: Info regarding the National Computer Security Division Ken, several times, a fellow from the National Computer Security Division (of the NSA, I believe) has posted messages emphasing that the Division does not handle prosectutions of the virus writers,etc. I have questions that maybe he or someone else on the VIRUS-L could help me with.... Since I work with computers and write articles about computing and related subjects, I was wondering what general public information is available regarding computer security issues, what material is available from places such as the National Computer Security Division. Also I have about something called the "Orange Book" about computer security. Is this a public document? And if so, how does does one obtain a copy? Also, is there any particular agency that is handling the investigation and legal prosecution of virus makers? As a guide to the background of the questions, I am looking for things to help cut through the various rumors and half-info about viruses and computing in general. Any informationthat I am asking for, should relatively open to the public or the computing community. Ie.; I am NOT lookfor sensitive info. This clarification I am making since the computer security issues sometimes can be a very sensitive field and although I work with governmental computing (New Jersy State), I am not a professional computer security specialist by title. Thank you for your help. J.D. Abolins ------------------------------------------------------------------------ = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = ------------------------------------------------------------------------ ========================================================================= Date: Wed, 1 Jun 88 15:56:53 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: forwarded... I have examined a package called Disk Defender, a hardware board that claims to allow good protection for the hard disk. It plugs into the backplane of a PC/AT and connects, via cables between the hard disk controller and the disk itself. One sets switches on the board which allow one to deny write acces to the track on the disk whose vales fall between those switches. Included with the package is a software procedure which permits you to configure your hard disk with drive C for example totally contained on the protected tracks and drive D on the rest of the disk. You may then put the software you wish to protect on drive C and other stuff on drive D. A cable can be attached to the defender board with a switch. The switch permits (1) the whole drive to be writable, (2) the whole drive to be locked and (3) only the tracks now pointing to drive C to be locked. If the cable is removed, condition (3) prevails. The entire drive must be locked, as the FAT cannot be written to if it in the protected area and that would screw up all disk access if only a part of the drive is locked. The hardware seems to do what it claims. Usual disclaimers apply, I have never been ... 8-) len@evax.milw.wisc.edu ------------------------------------------------------------------------ = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = ------------------------------------------------------------------------ ========================================================================= Date: Wed, 1 Jun 88 16:36:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Joseph M. Beckman" Subject: Re: A couple more forwarded submissions In-Reply-To: Message of 1 Jun 88 15:54 EDT from "Kenneth R. van Wyk" There is a lot of "general public information" available on Computer Security. A lot of this is available through conferences (IEEE Symposium on Security & Privacy, NBS/NCSC National Computer Security Conference, DoE Computer Security Conference, etc.) that publish their proceedings. The IEEE proceedings should be available through University libraries (or interlibrary loan services); I'm not sure the NBS/NCSC NCSC is that popular, and doubt the DoE one is. One can get the NBS/NCSC Proceedings, Orange book (AKA The Criteria, AKA DOD 5200.28-STD), and other Government publications through the US Government Printing Office (for the cost of publication). Some documents may sometimes (I don't know the criteria for giving them out) be gotten directly through NCSC by requesting them through: National Computer Security Center, ATTN C1, 9800 Savage Road, Fort GG Meade, MD 20755-6000. The FBI is the Agency charged with the responsibility for investigating crime at the national level (naturally, your local PD or Sheriff's office is first in line, and there is the question of jurisdiction, etc). Prosecution would be done through the appropriate offices, your local DA, the Justice Department of the US, etc. The NCSC tries very hard to promote security in the commercial (i.e. public, i.e. not sensitive) sector. As noted above, they co-host a conference that *anyone* may attend (as long as you pay the nominal fee, of course). Joseph ========================================================================= Date: Thu, 2 Jun 88 12:26:27 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Peter Furmonavicius Subject: RE: Hard disk disable In-Reply-To: Message of Mon, 30 May 88 12:01:00 EST from To start up a Macintosh SE or Macintosh II from a floppy disk while keeping the internal hard disk offline: Hold down the following four(4) (that's right, four) keys while you start up from a floppy: shift, option, command, delete P.S. get a friend to help with this on a Mac SE with the power switch in the back of the main unit!!! [ Yale University Computer Center ] Peter Furmonavicius [ 175 Whitney Avenue ] Manager, Systems and Programming [ P.O. Box 2112 ] [ New Haven, CT 06520 ] (203) 432-6600 ========================================================================= Date: Thu, 2 Jun 88 12:59:11 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: RE: Hard disk disable In-Reply-To: Message of Thu, 2 Jun 88 12:26:27 EST from >To start up a Macintosh SE or Macintosh II from a floppy disk while keeping >the internal hard disk offline: >Hold down the following four(4) (that's right, four) keys while you start up >from a floppy: shift, option, command, delete Does anyone else remember the game Twister? :-) Does the above sequence actually disable (if even is software) the hard disk, or does it just make it possible to boot from a floppy? That is, is it still possible for a program to read/write to the hard disk after someone does the above sequence? (Assuming, of course, that it's physically possible to press all of those keys at once.) Ken P.S. How many programmers does it take to boot a Mac SE from a floppy? :-) ------------------------------------------------------------------------ = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = ------------------------------------------------------------------------ ========================================================================= Date: Thu, 2 Jun 88 13:52:56 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joseph Sieczkowski Subject: Hard Drives Many of you have been curious as to an easy way to disconnect or disable your hard drive for testing programs. Well, on AT and similar machines, you can change the CMOS to tell your computer that it doesn't have a hard drive. So, drive C: will no longer exist. Make sure you save the data in the existing CMOS so you can put it back. (Note: turning the computer off won't restore the CMOS back to normal.) I think I have a program that does this; that is, changes, saves and restores CMOS. I will try to get it to the list. Remember if you're testing software by disabling your hard drive, you're only testing against trojans and bombs. Time-bombs and viruses will probably go unnoticed. Moreover, if a trojan is specifically designed to hit a hard drive, and if it is written well, it will only attempt to do damage after it is sure that the hard drive exists and is working. So even trojans could get past by doing nothing until a hard drive is present. ------------------------------------------------------------------------ joes@scarecrow.csee.lehigh.edu Joe Sieczkowski joes@lehi3b15.UUCP AI Lab, CSEE Department jws5@lehigh.bitnet Lehigh University ujwsiec@vax1.cc.lehigh.edu Packard Laboratory #19 Bethlehem, PA 18015 ========================================================================= Date: Thu, 2 Jun 88 14:02:13 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Peter Furmonavicius Subject: RE: Hard disk disable In-Reply-To: Message of Thu, 2 Jun 88 12:59:11 EDT from >Does the above sequence actually disable the hard disk, or does it just >make it possible to boot from a floppy? It is always possible to 'boot' from a floppy; just stick a floppy with a system on it into the drive and restart. However if you do just that, the hard disk will still 'come up' and be accessible from the desk top. The sequence I gave will have the system come up from the floppy, but the hard disk will not be accessible (or visible) from the desk top. ========================================================================= Date: Thu, 2 Jun 88 14:35:00 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: SailTrim Subject: Hard disk protect on Macs I have a DA that'll write-protect a hard disk (albeit only thru software); if an yone's interested, I can binhex it and post it. It's not all that great, but it should at least fool some of the dumber virii. Petey SPCLAR@MACALSTR.BITNET ========================================================================= Date: Fri, 3 Jun 88 11:22:00 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: GREENY Subject: re:re: mac SE hard drive disable > hold down the Shift, Option, Command, and Delete keys to boot from a > floppy....Does this actually prevent the hard drive from working?.... Well, that's what it is *supposed* to do for ya. But who knows with Apple? At any rate, to avoid all of the mangled, popped out of joint fingers that some people who aren't too limber may get from the above sequence, just insert a trusted floppy disk into the floppy disk drive with a trusted system and then open the System folder on it. Hold down the COMMAND and the OPTION keys while double clicking on the icon of the Finder. This will force the mac to make use of the system on the floppy drive. After your finder comes back to life, close the folders, and drag the icon of the hard drive into the trash can. This will unmount the sucker, thereby preventing any read/writing from/to it. You can then make a vallient attempt to use an unknown piece of software. Just pray that the virus doesn't get stored in your parameter ram, or you will be really screwed because the battery back-up for the SE is *SOLDERED* to the mother board. Solution to this deal --> Run it on a Mac Plus, and if you suspect a virus residing in your parm ram, remove the battery from the back via the battery door. Wait 40 seconds for all to clear and then put it back in. Hope this helps.... Bye for now but not for long... Greeny Bitnet: MISS026@ECNCDC Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU Disclaimer: What? Who? Me? Nope...not me...you must have the wrong guy! ========================================================================= Date: Fri, 3 Jun 88 14:49:36 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Re: re:re: mac SE hard drive disable In-Reply-To: Message of Fri, 3 Jun 88 11:22:00 CDT from All this hard disk locking stuff is fine and all, and it is a good initial testing method for software, but Joe made a good point when he said (something to the extent) that a virus could very easily wait until it found a hard drive present before even attempting to propogate. Thus, the virus would only do damage to hard disk based machines (or at least only propogate on them). I know that's what I would do *IF* I were to write a virus; go after the people who have the most to lose. The best solution would be to test software on a machine which has a hard disk that is expendable. Of course, economic reasons often make that impractical. By the way, I've received a few requests to turn this list into a moderated list whereby submissions wouldn't go directly to the list until they've been screened and (perhaps) digested into one large message. I *DON'T* want to start a discussion of the pros and cons of this on the list. I *DO*, however, want to hear peoples' opinions on the matter - via direct e-mail. Please do not reply to this directly to the list. If you wish to voice your opinion, send it to , and I'll summarize the opinions at a later date to the list. Thanks. Ken ------------------------------------------------------------------------ = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = ------------------------------------------------------------------------ ========================================================================= Date: Fri, 3 Jun 88 15:03:48 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: forwarded from RISKS... I just saw this on the RISKS mailing list, and thought I'd repost it here. Opinions? From: ZSYJKAA@WYOCDC1.BITNET Subject: Virus-writing 101? Thought I'd relate a recent incident to the group regarding computer virus writing and propogation. Apparently we have a professor who thought it would be a good experience for his students, as a project, to write (each) a virus, and demonstrate that it works. OK, in my opinion we're already on shaky ground assuming the 20 or so different viruses can remain totally isolated within the student-instructor environment. As you can guess, some of them have "leaked" out of the "lab". One report indicates that the instructor's hard disk was erased, and another that one student's final project was eaten by his own virus. At least one unrelated PC was found to be infected (in the University's Micro Resource Center!). There are arguments going backand forth about whether this was blatantly irresponsible, or if viral education is a good thing. One can't even consider firing the instructor because he's already leaving to go to another institution. So, this might be a good topic to kick back and forth for a while? What are the ethics/legalities of such an incident? For instance, in American law & philosophy, freedom of information is nearly sacred; is propoagation of the knowlege on how to write a virus itself a bad thing, or only the malicious and/or negligent spreading of one and it's symptoms/damage? Is the passing of this knowlege to a "random" group of students (where the professor is probably unable to evaluate each one's future intentions or views of morality) an unethical, if not illegal, act? Disclaimer: The above are my views, not my employer; I have not had direct contact with the professor or his students. ------------------------------------------------------------------------ = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = ------------------------------------------------------------------------ ========================================================================= Date: Fri, 3 Jun 88 14:05:35 BST Reply-To: Virus Discussion List Sender: Virus Discussion List From: p.g.newman@ABERDEEN.AC.UK Subject: Re: Hard disk disable I recently read an item in the February 1988 issue of CONNECTIVITY, the British IBM-PC User Group Journal. I feel that a couple of points made in the item may be relevant to the ongoing discussion on the list. Two ways were mentioned: ................................................................. Extract from CONNECTIVITY (Feb/1988) pg23 : Dr Solomon's Surgery, in response to a query from Charles Guy re write protecting 30 XT's, each with a 20Mb hard disk: 1. "...replace INT 13H with your own version that filters out any disk writes." 2. "...make up a cable for the hard disk that disables writing to it...(by cutting) one of the lines in the cable." ................................................................. I'm not sure how effective item 1 would be, as presumably any virus, being software, can 'untrap' the trap, as it were, and still get on with its dastardly deeds. Item 2 seems more likely to be effective, but, as the article points out, would require a special cable for the administrator to be able to do his necessary routine updates, etc. This could mean an all-night or all-weekend job in a large teaching lab with numerous hard-disc machines. I don't know which of the lines is the WRITE line (no pun intended!) but surely it would be feasible to extend this line through a secure switching device on the outside of the PC. I know that in our setup, the keyboard locks on each PC are more or less redundant (who locks a class computer?) and with a little bit of nifty soldering, would provide the ideal means of control: the admin guy would just have a master key, no cables or messing around inside needed to get write access to the hard disk. Unfortunately: a) Who knows how to identify the DATA-IN or WRITE line on a hard disk in a PC? (I've got no technical docs.) b) Would the extended cable adversely affect the timing or proper operation of the disk? All views above, with the exception of the two quotes between the dotted lines, are my own. Any responses not relevant to the list but relevant to my queries gratefully accepted as personal mail. Sorry about the detailed reference...copyright regulations, etc. This time it's got my personal name on it. Previous copy sent from 'adscalgrp' by mistake. Funny things, aliases.....Regards, Greg N. ========================================================================= Date: Fri, 3 Jun 88 15:33:00 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: GREENY Subject: re: Connectivity suggestion #2 WAS: hard disk disable > 2. Cut the write line, and insert a switch.....would this [skrew] > up the timing or control of the drive.... I believe that it would most certainly do so. How would you be able to update your disk directory FAT, or change the comments of a file, or edit any files on the disk, or do anything that would require writing with the cable cut? When a drive is write protected -- by software -- you are not supposed to be writing anything to the drive. But the DOS itself may keep track of the last time the file was read or whatever, and that involves writing to the disk (i.e. it overrides the software protection mechanism...). How could it do this if you cut the write line(s)? Are you as quick as the computer is to be able to switch the lines back on when the DOS feels like updating something? I still think the only way to combat viruses is to check the source code for them by a competent programmer, and then recompile the stuff. Praying all the time that the compiler is not infested as well....*ho hum* Will we never be free of these things?! bye for now but not for long... Greeny Bitnet: MISS026@ECNCDC Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU Disclaimer: What? Nope...not me...you *MUST* have the wrong guy! ========================================================================= Date: Fri, 3 Jun 88 14:41:12 MDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: USERFLUF@UALTAMTS Our Telecommunications Staff set up a lab of IBM PC portables, each with a 20 Meg HardCard installed. They, in their usual brilliant manner, have disabled the write head. I cannot say exactly how they did this, but the people that did this did not seem to be overly distraught at doing this. ========================================================================= Date: Fri, 3 Jun 88 23:02:31 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Sam Weber Subject: Re: Detecting damaged data A while ago, Amanda Rosen wrote: >It seems to me that in order to check files sufficiently often, the CPU >overhead must be *very* light. Disk storage, however, is at much less of a >premium. This is probably something that differs between systems, but at least on my Amiga, this is not at all true. Very rarely is my CPU at 100% utilization. After all, for every compile I do, how many hours do I spend editing? Editing, and things like that, take up very little processor time. I have TONS of wasted CPU cycles lying around. However, storage space is more of a problem. I have only 512K of RAM, and no hard disk. Even if I had a hard disk, though, I still would want to keep my virus checking data on a write-protectable media, ie floppy. It seems to me that a good solution would be to start up a low priority process which will periodically go through my executables, ensuring that their checksums haven't changed. Since it is low priority, it will not affect whatever else I am doing, no matter how much a CPU hog it is. If it was small (say, <10K) then I probably wouldn't notice the memory loss. Notice, however, that this would require a short signature for each file (since the signatures will have to be in memory). This shouldn't affect its security, though, since each time it is run it can randomly choose a checksum formula (ie, each time it is run it randomly picks a CRC polynomial, checksums each file, and thereafter periodically rechecks each file). How about it? --Sam Weber "I never think of money, I think of milk and honey, sam@csri.toronto.edu Grinning like a cheshire cat!" --The Muppet Movie ========================================================================= Date: Sat, 4 Jun 88 20:10:27 PLT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Duane Wessels <22149853@WSUVM1> Subject: Re: forwarded from RISKS... In-Reply-To: Message of Fri, 3 Jun 88 15:03:48 EDT from About the teaching of virus-writing... I don't see why the 'assignment' has to be to write a malicious virus. (and maybe it wasn't). Perhaps instead of destroying data, it could just display some little blurb about your disk being infected. No doubt this is very annoying, but it would save data from being destoyed. The author could then be contacted and the virus removed. Concerning the legality of this, perhaps each student could be made responsible for his/her programs by signing a legal document, knowing that any loss of data due to his/her virus is grounds for a lawsuit. It may, however be difficult to prove whose virus did the destroying, especially if the virus 'committed suicide' and erased itself. Another good idea would be to have the students write a 'vaccine' also. Not for their particular virus, but a virus in general. This way, they would learn something more useful and may spend their spare time writing vaccines instead of virus programs. Not having learned how to write a virus in school isn't going to stop anyone who REALLY wants to write one. Its kind of like those guys who got all the necessary information to build a Hydrogen bomb. (What if THAT was taught in college?). The information is out there, it just may take a while longer to find it oneself. --- D. Wessels (22149853@WSUVM1) ========================================================================= Date: Sun, 5 Jun 88 20:52:25 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Glen Matthews Subject: Re: forwarded from RISKS... In-Reply-To: Message of Fri, 3 Jun 88 15:03:48 EDT from >Subject: Virus-writing 101? > >Thought I'd relate a recent incident to the group regarding computer virus >writing and propogation. Apparently we have a professor who thought it would >be a good experience for his students, as a project, to write (each) a >virus, and demonstrate that it works. K, in my opinion we're already on In my opinion, I think that this is unethical. My opinion comes as a software developer, ie I write programs in order to eat. (But perhaps that's neither here nor there.) Perhaps an analogy could get across my point of view. Suppose that some professor of mechanical engineering were to decide that to truly understand how a car works, his class should learn how to jimmy a car such that it would have an accident. I would suggest that this is similar to such a situation (by the way, I sincerely hope that no engineering courses teach students how to DESTROY things!). In order to truly understand something, one needn't know how to pervert it. Glen Matthews McGill University ========================================================================= Date: Sun, 5 Jun 88 23:16:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Stan Horwitz Subject: Re: forwarded from RISKS... In-Reply-To: Your message of Sun 5 Jun 88 20:52:25 EST This story about the prof who had his students write a computer virus is most interesting. I might be wrong, but it seems like this story might have undergone some contortions as it passed through the network. I find it hard to believe a professor would have his/her students write a virus and then infect innocent systems with it. Perhaps the professor never actually had intended the viruses be spread. Maybe he had religated a certain computer on which to test the results of his students' work. If the professor had specifically instructed his students not to actually spread their virus programs, I would say he was not acting irresponsibly. If the professor had not discussed the harm such virus infestations can do, he or she was certainly remiss in his/her duties and responsibilities. Of course I like the basic idea of giving each student an assignment to write a virus. Then each student can be given other student's virus and assigned the task of writing a cure. This would be a great educational experience. Those who consider this professor to be irresponsible might be write if the story goes as told. I just wonder how well a person can develop a cure for a virus without having a very good understanding of how they work. One can get no better understanding of how a virus would work than by actually writing one and having others try and cure it. Just think of all the progress made by medical science. Much research in medicine involves creating viruses or rather growing them, to see how they grow and thrive. The same is true of imunizing against a software virus. Of course, I would hope that software scientists would take the same care and responsibility that their medical counterparts do. ========================================================================= Date: Mon, 6 Jun 88 08:53:53 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joe McMahon Subject: Re: forwarded from RISKS... In-Reply-To: Message of Fri, 3 Jun 88 15:03:48 EDT from I would personally have to say that teaching someone how to write a virus WITHOUT knowing whether he or she is a "model citizen" is probably a bad idea. It seems to me that such a procedure is like teaching chemistry students how to synthesize hard-to-detect toxins or hallucinogens, or like teaching undergraduate biology majors to play with recombinant DNA experiments with the AIDS virus in a regular lab. Many problems could occur. The accidental release of a virulent virus could cause a very nasty "plague" before it was stopped. The deliberate release of such is akin (at least in my opinion) to germ or chemical warfare. Such things are not easy to target, and unforseen effects nearly always occur. Finally, the students present a danger to themselves through inadvertent exposure to their own viruses. "Here, have these plans for an A-bomb. Now, where did I leave all of that extra plutonium...?" --- Joe M. ========================================================================= Date: Mon, 6 Jun 88 01:39:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List Comments: Warning -- RSCS tag indicates an origin of CMF@PITTVMS From: "Shawn V. Hernan" Subject: virus-writing course Regarding the Engineering professor who taught virus writing: As long as the professor was very explicit about the dangers of releasing the virus, he was acting quite properly. His methods are pedagogically sound. In order to cure a virus, it is NECESSARY to understand how they work. The best way to understand how they work is to write one. There are similar examples in other engineering fields. A Civil Engineer might, for example, build a model bridge only to destroy it. Of course, this is only a valid analogy if the lab where the virus was written was isolated from other computers. Shawn Hernan Faculty Consultant University of Pittsburgh p.s. I am a Senior Electrical Engineering Student. I wish I had this professor ========================================================================= Date: Mon, 6 Jun 88 11:05:08 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joe Simpson Subject: Re: forwarded from RISKS... In-Reply-To: Message of Fri, 3 Jun 88 15:03:48 EDT from Re: Freedom of information and the virus "course". I believe that the professor has the right to teach such a course. The professor is also responsible for damage done to others during conduct of the course. Of course, a little "social pressure" is the right of the professor's colleagues. ========================================================================= Date: Mon, 6 Jun 88 13:07:18 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Forwarded submission follows... From: minow%bolt.DEC@decwrl.dec.com (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922) Subject: Contribution to VIRUS-L "Dismounting a hard drive may not be sufficent" Several participants have suggested ways to make a hard disk drive unavailable to the operating system while testing a potentially infected piece of software. All of these suggestions presuppose that the virus plays by the rules: that it opens files by calling the operating system's "open" routine, etc. Since the drive is still electrically connected, however, you have no way of preventing the virus from bypassing the operating system, controlling the hard disk by directly accessing the command registers. I.e., you really have to unplug the drive to be safe. Of course, this may void your warranty... Martin Minow minow%thundr.dec@decwrl.dec.com The above does not represent the position of Digital Equipment Corporation ------------------------------------------------------------------------ = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = ------------------------------------------------------------------------ X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X Another file downloaded from: The NIRVANAnet(tm) Seven & the Temple of the Screaming Electron Taipan Enigma 510/935-5845 Burn This Flag Zardoz 408/363-9766 realitycheck Poindexter Fortran 510/527-1662 Lies Unlimited Mick Freen 801/278-2699 The New Dork Sublime Biffnix 415/864-DORK The Shrine Rif Raf 206/794-6674 Planet Mirth Simon Jester 510/786-6560 "Raw Data for Raw Nerves" X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X