# 95-14


Contents


     Utilities in the News
     One Stop Shopping for Security Products
     The Eagle Has Landed Again
     Windows 95 Virus Products
     COAST Rules
     Wish List for 96 -- He Must Be on Drugs


1.  The recent rash of vulnerability reports related to UNIX
utilities (ftp, telnet, etc.) suggests that those involved in the
accreditation and certification of systems need to move beyond the
love affair with "trusted systems", and concentrate more attention
on utility programs.  Years ago I recommend an article in the
December 1990 edition of the "Communications of the ACM" by Miller,
Fredriksen, and So.  Their effort, entitled "An Empirical Study of
the Reliability of Utilities", is obviously dated for specific
versions of the operating systems they examined.  But my intuition
is that the basic operating system utilities may still be
vulnerable to denial of service attacks.  If you know an
Information Warrior, why not send her or him a copy to ruin their
day?

2.  The proliferation of security-related Web sites continues.  A
recent entry for product information can be found surprisingly at
the London Parallel Applications Center (www.lpac.ac.uk/Trel/). 
The London site summarizes the products, and then has a link to the
specific vendor's Web site for further information.

3.  American Eagle Publications, Inc., remains alive in Show Low,
Arizona.  Mark Ludwig has announced a July 1996 release date for
his "Computer Virus Supertechnology 1996".  Subscribers to the
deceased "Underground Technology Review" (formerly the "Computer
Virus Development Quarterly") can reserve a copy at a significant
reduction.  The new book will have a "full-blown discussion of
viruses in the 32-bit environment used by OS/2, Windows 95, Windows
NT and the like".  Mr. Ludwig will also apparently include a disk
with virus code as was his policy with the other publications.  Mr.
Ludwig sold a CD-ROM with virus, trojan horse, and Internet Worm
code which I discussed last year.  The address for the firm:  Post
Office Box 1507, Show Low, AZ 85901.

4.  Several vendors have full anti-viral support for Windows 95. 
IBM and Symantec (Norton AntiVirus) are two I have used.  RG
Software, VI-SPY, promises full Windows 95 support in the 1st Qtr,
1996.  

5.  The COAST Web site (www.cs.purdue.edu/coast/) continues to have
some great reports available.  I would recommend two reports by
Mark Crosbie and Gene Spafford on the use of autonomous agents to
defend computer systems (Technical Report 95-022 and Tecnical
Report 95-008).  I am in the process of reading two other:  (a)  "A
Taxonomy of Security Faults in the UNIX Operating System" by Taimur
Aslam (Master Thesis); and (b)  "Classification and Detection of
Computer Intrusions" by Sandeep Kumar (PhD Thesis).

6.  Wishes for the New Year 1996.

    a.  System administrators who actually install patches before
a successful attack occurs.

    b.  Users who actually follow security policies because they
believe in the protection of their information.

    c.  Information systems security policy makers who actually use
computers.

    d.  The official retirement of the policy slogan "C-2 by 92".

    e.  A moratorium on efforts to outlaw cryptography.

    f.  Good health and blessings for all those who actually read
my ravings.


[Disclaimer:  Information Systems Security Updates represent the
opinions and views of the author, not his employer.  Recipients
are free to quote all/parts of the ISSU with credit/blame to the
author.]