# 95-06 Contents Samurai Theater Latest Test Results on NetWare Anti-Viral Products Internet Security -- A Real Publication, Not an Oxymoron CVDQ = UTR = Viruses on Disk SATAN Monitoring Good Luck to Lynn McNulty 1. The "Rolling Stone" edition, May 4, 1995, has an article on Tsutomu Shimomura and Kevin Mitnick entitled "The Samurai and the Cyberthief". If you enjoy "gonzo" journalism, the piece is well-written. Even if the author, Jeff Goodell, has employed some poetic license with the facts, the character of the participants shines through in the best tradition of the magazine's San Francisco period. 2. The April 1995 edition of "Virus Bulletin" contains a comparative analysis of anti-viral programs for NetWare environments. As in similar reviews conducted by other researchers, the detection performance of NLM products rarely matches those of DOS scanners. In particular, detection of polymorphic samples was generally atrocious. There were also significant differences between detection performance in background scanning operations versus real-time operations. The author, Jonathan Burchell, provides an informative matrix of all products tested, to include data on signature updates and the availability of electronic updates through BBS, commercial service provider, or Internet File Transfer Protocol (FTP). 3. I just finished my complimentary copy of "Internet Security". While the cost of $150 for 18 editions has been criticized on several Internet discussion groups, it seems reasonable to me given the material included in the March 1995 edition. The publication is for the serious system administrator or security technician who wants to get his or her hands dirty. Whether the publication can maintain the quality of articles is always a concern. But, if one subscribes before the end of May 1995, one can save $50 on a regular subscription. The Internet address for information is nso@delphi.com or call 202-775-4947. 4. For those who subscribed to the Computer Virus Development Quarterly before it became the Underground Technology Review, the publisher of UTR has now decided to send disks on material discussed in each edition. I received a disk with four compiled viruses and other utilities to supplement the latest UTR. 5. Several tools have appeared to detect SATAN activity: Courtney, NATAS, and Gabriel. If you are running tcp_wrappers, my experience is that audit records from it are more than sufficient to let you know something is happening. 6. Lynn McNulty, who has announced his retirement from NIST, recently forwarded a letter to OMB as the Chair of the Steering Committee of the Federal Computer Security Program Manager's Forum. The subject of the letter was the National Security Council's proposal to merge protection of civilian and military computer systems under the control of an "Information System Security Committee". This is hardly a new idea. During the time of Admiral Poindexter NSA/NCSC proposed a similar plan. When the dust settled, Congress had said an emphatic "NO" with the passage of PL 100- 235, the Computer Security Act of 1987. Mr. McNulty and his co-chair, Sadie Pitcher, speak for a number of government personnel who share similar professional concerns. This was a fitting way for Mr. McNulty in my opinion to end his career--independent and right to the end. [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/parts of the ISSU with credit/blame to the author.]