Date: 12 Aug 1994 08:59:26 -0600 (MDT) From: Chris McDonald Subject: Information Systems Security Update--Corrected Copy To: orvis@icdc.llnl.gov To: cmcdonal@wsmr-emh34.army.mil Apparently-To: orvis@icdc.llnl.gov # 94-14 Contents You Can Read About It ... But You Cannot Have It Software Upgrade Announcements The Controversy That Will Not Die -- Clipper ACM Crypto Policy Perspective CARO Expose 1. The MacWeek edition of 21 March 94 had a product advertisement for Safety Suite offered by Claris Clear Choice. The product was to provide auto backup, crash protection, password protection, virus protection ( via John Norstad's Disinfectant), data sanitization, and data encryption bundled for Macintosh users. I placed an order to perform a product evaluation in early April. I received a letter today from Claris, addressed to "Dear Safety Suite Customer", which informed me that "Claris Corporation has decided not to ship this product in order to remain focused on its successful core products of broad based productivity applications for Macintosh and Windows users". Who says Corporate America does not have a sense of humor? 2. A plethora of software upgrades announced in the last few weeks. Two upgrades caught my attention: (a) Symantec AntiVirus For Macintosh, version 4.0 (reference PT-20) and (b) Norton Utilities for Macintosh, version 3.0 (reference PT-57). Registered users can upgrade at significant cost savings. It also turns out that, if you are a registered user of either one of the products and request an upgrade at $39.95, you will be offered the other product for $49.95. 3. The August 1994 edition of Open Computing has an article entitled "Clipper's Hidden Agenda" by Rochelle Garner. Despite the title the author presents opinions from both sides of the debate. This quote comes from Donn Parker, SRI International: "I'm very concerned that, with the advance of very powerful cryptography, we will reach a stage where citizens have absolute privacy of communications". It really is a strange state of affairs when someone in the information systems security field has concerns about individuals maintaining the privacy of their electronic communications. 4. The August 1994 edition of Communications of the ACM contains a summary of panel members' work on the matter of cryptography entitled "Crypto Policy Perspectives". The full report is available on the Internet. 5. The August 1994 edition of Virus Bulletin has an article by Fridrik Skulason on the Computer Anti-Virus Research Organisation. This paragraph summarizes the article. "There is an organisation of Macintosh virus experts, which seems to be trying to keep its very existence, or at least it members' names, secret . . . there is CARO (Computer Anti-Virus Research Organisation). These last two bodies are different from those mentioned above, actually doing things to benefit their members, and, indirectly, the whole user community. I will not attempt to describe the Macintosh organisation, but as a founding member of CARO, I should be qualified to explain what CARO is - and is not." [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/parts of the ISSU with credit/blame to the author.]