# 94-18

Contents


        NATAS Overkill  
        CVDQ Does Mac Viruses
        Healthy Computing 
        NIST Establishs Software Integrity Center
        Pretty Good Privacy -- Finally Legal
        Jesuit Training

        
1.  Published reports in many sectors continue to hype that many anti-viral
tools do not detect the NATAS virus in the MS-DOS world.  My own tests have
confirmed that the most highly rated anti-viral programs can reliably detect
the virus.  The following list is not meant as an endorsement, but only to
counter misinformation.

        F-PROT Professional, version 2.14a
        IBM Anti-Virus for DOS, version 1.07
        Thunderbyte, version 2.26
        Scan, version 2.1.1e 

2.  The Computer Virus Development Quarterly (CVDQ) for the first time
distributed samples of Macintosh viruses in the Spring 1994 edition.  This
included samples of the Scores, Init29, nVir and WDEF.

3.  The December 1994 edition of "MacWorld" has a two part article entitled
"Safer Computing:  How to Stay Healthy While Working on Your Mac".  The
author is Franklin Tessler, M.D. with consultation from additional medical
authorities.

4.  The National Institute of Standards and Technology (NIST) has announced
the establishment of the Center for High Integrity Software Systems
Assurance (CHISSA).  The Center's program will have three major components:
(a)  promotion of high integrity software systems research and development;
(b)  improvement of software system technology assessment; and (c)
acceleration of the transfer and use of high integrity software systems
technology.  A Steering Committee exists composed of representatives from
academia, government and industry.  The Committee has solicited White Papers
to help select a small set of areas within CHISSA's charter for initial focus.
White Papers may be submitted via the Internet to Mrs. Dolores Wallace,
CHISSA Director, dwallace@nist.gov.

5.  The November 1994 edition of "Client/Server Today" has an article on
Pretty Good Privacy (PGP), to include information on downloading the latest,
legal version from net-dist.mit.edu.  One first ftps to the host to download
the README file.  One then follows instructions to telnet to the host for the
actual program.

6.  I spent the weekend of November 6 taking the Pilot Test for the Certified
Information Systems Security Professional (CISSP) examination.  Thirty-six
individuals at the Dallas test site "tested" over 1,000 questions which
will form the foundation for the final examination.  There are apparently
around 400-500 individuals worldwide who have attained initial certification.
When I look at the number of people who "claim" to be experts in information
systems security, it is rather surprising that so few have chosen to seek    
professional certification.  Why not do something for yourself and contact
the International Information Systems Security Certification Consortium, Inc.,
Suite 1000, Park View Office Tower, Worcester, MA 01609-1946 for assistance 
on the certification process.  In the spirit of full disclosure I must admit
that I pay all of the certification costs myself, and that my agency could
care less about professional certification.  On the other hand, I am a 
product of a Jesuit education!


[Disclaimer:  Information Systems Security Updates represent the
opinions and views of the author, not his employer.  Recipients
are free to quote all/parts of the ISSU with credit/blame to the
author.]