Note: this is an OCR of a scan of a Fax, so please excause the errors. # 93-2 1. "MacWorld", February 1993, had an intriguing article "Data Guardians". The author, Bruce Schneier, evaluates 24 different security products for the Macintosh. I have beard Druce speak on cryptography matters, partigularly on Public Key schemes, and clearly he appears to know his subject. The article suggests that he is an expert user as well so his comments on "cracking" the protection mechanisms of specific products should be placed in perspective. Since I have tested several of the programs identified in the article, and since I am somewhat familiar with the marketing literature of many of the other products, I am unaware of any vendor which claims to offer 100% protection, 100% of the time. Since Bruce used ResEdit, debugging tools such as MacsBug, and disassembled the code of certain products, clearly he elliployed a high-end technical attack. The article can be found on pages 145-151. 2. Three Mactintosh anti-viral products have developed search strings for the newest CPro trojan-. CPAV, SAM, and VirusDetective. Since the, distribution pattern of trojan horses is difficult to estimate, this may not be of critical concern for every location. Also remember that the authors of the two well- known freeware programs, Disinfectant and GateKeeper, have historically avoided specific signature detection of Trojan Horses. GateKeeper options would in my opinion have detected the malicious activity of CPro and blocked it had the user configured GateKeeper for maximum protection. CPAV and SAM have various ways to distribute new strings; the author of VirueDetective has sent the new strings to all registered VD users. 3. A brief note of sanity to the discussion of determining information sensitivity appears in the latest CSL Bulletin, November 1992. Under the title "Sensitity of Information" NIST lays it on the line: "NIST believes that it is more important to provide appropriate protection to agency information technology (IT) systems than to determine whether or not a 'sensitive' label should be applied to particular information or IT systems". AMEN! 4. Dr. Gene Spafford has established a Tripwire mailing list. One need only send mail to the tripwire-request daemon. tripwire-request@cs.purdue.edu. The mail message should contain NO text other than lilies of commands. To get a full list of commands send a message to the daemon and enter this command in the body of your message; help . Omit the period! 5. Pyramid Development Corporation has changed its name. Its rename is Mergent International (reference Product Test 16, PC/DACS). The relevant administrative data follows. Address: 70 Inwood Road, Rocky Hill., Connecticut Telephone: 203-257-4223 FAX: 203-257-4245.