From: Chris McDonald (3/23/93) To: securitylist:;@WSMR-SIMTEL20.AR, CC: reviewslist:;@WSMR-SIMTEL20.ARM, Mail*Link¨ SMTP Information Systems Securit # 93-11 1. In the last update I mentioned an extremely relevant dialogue/debate between Dr. Dorothy Denning and eight other distinguished persons in the March 1993 edition of the "Communications of the ACM". I neglected to point out that there is another article just before the debate by John Barlow, "Bill O'Rights", in which Mr. Barlow suggests "with only a little sarcasm or hyperbole" his view of what the Bill of Rights has become. I offer his Amendment 6 for your consideration: "In all criminal prosecutions, the accused shall enjoy the right to a speedy and private plea bargaining session before pleading guilty. He is entitled to the assistance of underpaid and indifferent counsel to negotiate his sentence, except where such sentence falls under federal mandatory sentencing requirements." 2. Symantec has announced version 7.0 for Norton Utilities for MS-DOS systems. The upgrade is $49.00 plus $9.00 shipping for registered users. I will update Product Test PT-19 when I receive and test the upgrade. 3. I have finished the testing of VDS PRO (PT-61) and the IBM Antivirus/DOS (PT-59). I hope to have written test reports available by the end of the month. 4. In a followup to a report of anti-viral program effectiveness to detect VCL-created viruses, I have three updates. a. NAV, version 2.1 with the March 1993 definitions, will now identify 4 of the 8 VCL viruses distributed with the Virus Creation Laboratory as "VCL" produced. It continues to identify 1 addtional VCL virus as the "Whale". b. The IBM Antivirus/DOS, version 1.01, which represents a new release from my first effectiveness results, does not identify any of the VCL samples. c. VDS PRO, version 1.0, identifies the eight VCL viruses distributed with the VCL, but does not identify an additional sample created by Mark Ludwig and included on a distribution disk with the latest edition of the CVDQ. 5. In December 1991 I made some preliminary comments on the U.S. Air Force Cryptologic Support Center's "CodeSafe" Toolbox. I have recently received version 1.6 of the Computer Security Toolbox which now both the Air Force Intelligence Command and the Naval Electronic Systems Security Engineering Center support in a cooperative effort. The version is dated 921203. The Toolbox continues to use the IBM Anti-Virus Product for its viral detection. This product ended with version 2.2.3, to be replaced by the IBM Antivirus/ DOS product which incorporates detection as well as removal features. I reviewed the IBM Anti-Virus Product in PT-34. At its last release the Product had excellent detection features against the so-called "common" viruses. Unfortunately, with the end of that Product, there has been no updating since approximately the summer of 1992. The Toolbox has a respectable front-end menu interface for viral scanning operations. The defaults for a scanning operation are reasonable with one exception in my opinion. The /NMUT option is invoked which means that there is no mutation detection during the operation. I have found mutation detection a nice feature. There are disinfection routines for NOINT, Michelangelo, and Stoned which, according to the Navy documentation, account for 75% of Navy virus incidents. The ToolBox contains several other utilities, the most useful of which I consider to be safety.exe and codesafe.exe. The first creates a signature file; the second is a memory resident program to inspect program files with signatures prior to their execution. ------- ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;23 Mar 1993 09:40:07 -0800 Return-path: CMCDONALD@WSMR-SIMTEL20.ARMY.MIL Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GW55IZ09WW9BXDLM@icdc.llnl.gov>; Tue, 23 Mar 1993 09:30:02 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GW55IGGV3K9BXE53@icdc.llnl.gov>; Tue, 23 Mar 1993 09:29:39 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA08504; Tue, 23 Mar 93 09:30:12 PST Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA08421; Tue, 23 Mar 93 09:29:17 PST Date: 23 Mar 1993 09:23:03 -0700 (MST) From: Chris McDonald Subject: Information Systems Security Update, # 93-11 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: securitylist:;@WSMR-SIMTEL20.ARMY.MIL Cc: reviewslist:;@WSMR-SIMTEL20.ARMY.MIL Resent-message-id: <01GW55IZ4ALE9BXDLM@icdc.llnl.gov> Message-id: <12863322895.30.CMCDONALD@WSMR-SIMTEL20.ARMY.MIL> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"securitylist:;@WSMR-SIMTEL20.ARMY.MIL" X-VMS-Cc: IN%"reviewslist:;@WSMR-SIMTEL20.ARMY.MIL" Content-transfer-encoding: 7BIT ======================================================================