========================================================================= Date: Mon, 6 Jun 88 13:56:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Kelly Kreiger Subject: Virus 101 I would feel a whole lot more at ease about the professor who wants his students to write computer viruses if I thought the students (and instructor, for that matter) operated within a framework similar to the ethical guidelines and procedural restraints imposed on the biological/medical analog. -- Kelly ========================================================================= Date: Mon, 6 Jun 88 12:02:13 mdt Reply-To: Virus Discussion List Sender: Virus Discussion List Comments: Warning -- original Sender: tag was From: Bill Kinnersley Subject: Terminology Subscribers to this list may be interested in the recent article "Computer Viruses" by Peter J. Denning in the American Scientist, vol 76 page 236. In particular, he discusses terminology. Paraphrasing his definitions: 1) Worm - a program that invades a workstation and disables it. 2) Trojan horse - a program that performs some apparently useful function, but containing hidden code that performs an unwanted malicious function. 3) Bacterium - a program that replicates itself wthout bound, thereby preempting the resources of the host system. 4) Virus - a program that incorporates copies of itself into the machine code of other programs, and when those programs are invoked, performs a malicious function. Denning points out that these types often occur in combination. A Trojan Horse is the most common means of originally introducing a virus into a system. For example, a Trojan Horse compiler can attach a copy of the virus code to its output. Defence against computer viruses comes out sounding like a message from the Surgeon General. Practice digital hygiene yourself. Don't exchange programs with anyone whose computer habits are not up to your own standards. Refuse to use software if the manufacturer's seal has been broken! Maybe we need a "Centers for Computer Disease Control". ========================================================================= Date: Mon, 6 Jun 88 13:57:18 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: my 2 cents on viruses in classes For what it's worth, I'm sure that there are tons of pros and cons for having a professor tell his/her students to write a virus. I propose, however, that it could be very worthwhile - in a controlled environment. Someone presented the idea of having the students exchange programs with one another in order to allow each student to try to stop a virus, as well as author one. I think that this *could* be very beneficial for the students. The controlled environment that I'm talking about would have to be something like a microcomputer lab with no outside world connections (serial or otherwise), and pcs that are either dual floppy or reloaded from tape backups frequently. Perhaps even disallowing floppies to leave the lab... Granted, this would be "arming" the students with the knowledge of how to write a virus, but it would also be giving them some very practical experience. They'd certainly get a feel for how sticky the situation can get when trying to stop an unknown virus. So, with the above restrictions in mind (and possibly some others as well), I'd say that I'm for it. On another note, I'm working on cleaning up the VIRUS-L archives. I'm in the process of switching them to store messages in weekly files since the monthly ones are getting really huge. I'd also like to say thanks to everyone who's sent in their comments (to me) about whether or not I should turn the list into a moderated list. Keep them coming! I don't want to bias anyone's opinion on the matter since all the votes but I will say that it's going to be very close. Everyone has made excellent points for both sides, and it's going to be a tough decision to make. Ken ------------------------------------------------------------------------ = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = ------------------------------------------------------------------------ ========================================================================= Date: Mon, 6 Jun 88 13:31:00 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: DAVIDLI@SIMVAX Subject: RE: Re: forwarded from RISKS... > Perhaps an analogy could get across my point of view. Suppose that some >professor of mechanical engineering were to decide that to truly understand >how a car works, his class should learn how to jimmy a car such that it >would have an accident. I would suggest that this is similar to such a >situation... > Glen Matthews > McGill University I wish that supposedly knowledgeable people would quite making spur of the moment "analogies" like this. 1) No one would knowingly DRIVE a car that had been set up for an accident. However, it is certainly possible to have it controlled externally. In fact, the so-called "crash" labs do just that ... deliberately cause an automobile to have an accident. Thus, a "jimmied" car can, indeed, be tested. (Incidentally, I doubt that your typical mechanical engineer spends ANY time learning how a car works ... they aren't auto mechanics you know.) 2) To learn how a car "works", one must have a real car (sure you can read about it, but I'll use an auto mechanic whose _worked_ on a car over one that's only _read_ about a car any day). To learn how a virus "works", one must have a real virus. As in the medical field, if you don't take proper precautions when working with a virus you'll get infected. You learn the principles of creating linked lists by _writing_ programs with code to create a linked list ... why not something similar to learn the principles of a virus? 3) Cars are tangible objects which can be inspected. If a problem occurs, you can see it for yourself. Computer viruses are intangible electrical signals. You may never see a problem occuring until AFTER the fact. ***Please*** take the time to think about your analogies! One of the worst analogies I've seen is "software piracy is like stealing a car". Patently false. A car is a tangible object with a discrete value which cannot be "copied" for the price of a floppy disk. "Software piracy is like counterfeiting money" is a proper analogy. [I leave the exposition of this analogy to the reader...] ------------------------------------------------------------------------------ Now then ... as to the reliability of the posting to RISKS - has anyone actually VERIFIED the information posted here as "truth"? Disinformation is, to my mind, as bad as any computer virus. Incidentally, I _do_ read the RISKS digest via USENET -- and I haven't seen that particular posting as of this date. Perhaps the original poster of this information will cite the issue date of that particular RISKS digest? -- Dave Meile, Systems Manager Disclaimer: Standard - my words, my opinions. Your mileage may vary. ========================================================================= Date: Mon, 6 Jun 88 15:43:03 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: RE: Re: forwarded from RISKS... In-Reply-To: Message of Mon, 6 Jun 88 13:31:00 CST from >Now then ... as to the reliability of the posting to RISKS - has anyone >actually VERIFIED the information posted here as "truth"? Disinformation >is, to my mind, as bad as any computer virus. Incidentally, I _do_ read >the RISKS digest via USENET -- and I haven't seen that particular posting >as of this date. Perhaps the original poster of this information will cite >the issue date of that particular RISKS digest? Oops, I may have gotten it from the SECURITY digest. (I always get the two of them confused.) ;-) And lets say that it isn't "truth"...it still is an interesting point to ponder. Ken ------------------------------------------------------------------------ = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = ------------------------------------------------------------------------ ========================================================================= Date: Mon, 6 Jun 88 19:10:52 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Peter G. Neumann" Subject: Re: my 2 cents on viruses in classes In-Reply-To: <8806061855.AB02268@csl.sri.com> VIRUS-L serves a purpose by being UNMODERATED., but contains incredible amounts of gibberish. VIRUS-L woudlld serve a different purpose if it were MODERATED intelligetntntly. BUtut I suspect thtatat its audience probably likes it unmoderated. I suffer along. ------- ========================================================================= Date: Mon, 6 Jun 88 19:15:32 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: David.Slonosky@QueensU.CA Subject: More virus questions Ok, so disabling the hard drive is not necessarily the best answer. I will ask the following, then: If a virus cannot squirrel its way into any portion of the ROM of a microcomputer, is it possible to write some sort of routine which "fools" the virus into thinking it's busily eating away at the hard drive when in fact it is just doing nothing, i.e. creating a virtual hard drive or hard drive shell? Furthermore, would it also be possible to put some sort of flag in this routine so that the user could easily detect that the nice piece of public domain software was really a nasty infected hunk of ferritized iron? I realize this is only good for protecting hard drives and not much else, but it seems that the hard drive would be a natural target for a goodly portion of all virus writers. As to the professor who had his students write a working virus? I agree that as long as he followed the same protocol as we biochemists have to follow when we deal with nasty biohazards then the entire exercise was worthwhile. This means that no disks leave the lab, or if they do then they get wiped with Norton's WIPEDISK or a nice strong electromagnet, and anyone not following standard procedures gets 1) booted out of the course and 2) booted out of the university if necessary. That's tough, but then so is some joker taking his/her pet virus and going around destroying files. There are risks involved in spreading knowledge like this, but it's better to do it and learn about the virii than shy off because things are too dangerous and learn nothing. ========================================================================= Date: Tue, 7 Jun 88 09:48:58 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Kenneth Ng Subject: classroom viruses Personally, I'd issue a dual challenge to the students, make both a virus and a virus hunter/detector, and let them battle it out among each other :-). Maybe have two rounds, with the source code from the first round available to all on the second round. Extra credit for the top virus and the top virus breaker. Now that would be fun. ========================================================================= Date: Tue, 7 Jun 88 11:44:25 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Virus *opinion* from the Usenet The following is a message which I saw on the Usenet group comp.sys.ibm.pc, an unmoderated IBM PC discussion forum. It reflects the opinion (of the author) that viruses aren't real; rather, they're the product of marketing hype (no flames please - that's just my interpretation of what the author says). I, for one, can attest to the fact that they are real, although they may not currently be as rampant as the media might lead one to believe. I also would not want to be in a position of being so naive as to say that they do not exist, therefore no precautions should be taken. Any other opinions on the matter? Ken van Wyk Here's the forwarded message itself: From: japplega@csm9a.UUCP (Joe Applegate) Newsgroups: comp.sys.ibm.pc Subject: Re: Software Package Inoculates Disks Against Computer Viruses Summary: Viruses - fact or Marketing Hype Keywords: Center for Computer Disease Control Date: 6 Jun 88 23:08:58 GMT Organization: Colorado School of Mines In article <2792@umd5.umd.edu>, cgs@umd5.umd.edu (Chris Sylvain) writes: > > Sophco has also initiated the Center for Computer Disease Control, > which will act as a clearing house for information about such antisocial soft- > ware. > A Local MSDOS Users Group hosted a panel discussion on Viruses and the methods to protect against them... SOPHCO and the so called Disease Control Center were asked to participate but declined... I for one publically doubt the existance of the virus they claim to have discovered since SEX.EXE can be found on several BBS's in a harmless, though tasteless form! When confronted on the phone their rep still refused to participate in our discussion or to produce this virus in order to confirm it was anything other than a marketing ploy. The panel consisted of several sysops, a security expert from Storage Tek, a computer crime lawyer and a law professor. Not one of these experts had ever found a bonified virus and only one could claim to have found a trojan! The general consensus was that while viruses might exist their occurance was far more rare than the media hype would indicate! It was also agreed that much of this hype is a result of advertizing from companies claiming to have a solution to viruses... it was even proposed that some of these viruses might originate with such companies. Now we all know that companies which produce and market programs to protect users against viruses and trojans are simply doing so for our benefit and not to serve the almighty green god so.... Everyone should do their part to support the noble effort of this Center for Computer Disease Control by placing a little black sticky "trojan" write protect tab on every disk and keeping their green gods in their wallet! Joe Applegate - Colorado School of Mines Computing Center {seismo, hplabs}!hao!isis!csm9a!japplega or SYSOP @ M.O.M. AI BBS - (303) 273-3989 - 300/1200/2400 8-N-1 24 hrs. *** UNIX is a philosophy, not an operating system *** *** BUT it is a registered trademark of AT&T, so get off my back *** X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X Another file downloaded from: The NIRVANAnet(tm) Seven & the Temple of the Screaming Electron Taipan Enigma 510/935-5845 Burn This Flag Zardoz 408/363-9766 realitycheck Poindexter Fortran 510/527-1662 Lies Unlimited Mick Freen 801/278-2699 The New Dork Sublime Biffnix 415/864-DORK The Shrine Rif Raf 206/794-6674 Planet Mirth Simon Jester 510/786-6560 "Raw Data for Raw Nerves" X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X