# 96-01 Contents Moral Dilemma in the Desert Fuzz Revisited Scanner Mania Ungame Is Newer Better? 1. One of the footnotes to my professional career has been the good fortune to be in the right place at the right time. This has given me the privilege to work with people like Cliff Stoll and Fred Cohen before they were famous. Yesterday a similar incident may have occurred. In researching World Wide Web servers for information on militias and right-wing groups, I came across stormfront.wat.com/stormfront/. This site linked with dozens of others, one of which was the home page for the White Aryan Resistance (W.A.R.). I was familiar with this group and linked to their site. As of 17 Jan 96, 1130 MST, someone had "hacked" their home page. The W.A.R. "hate page", as described by the attacker, was now a tribute to Dr. King with lyrics supplied by the Red Hot Chili Peppers. The attacker had left a message that, since W.A.R. had no "TACT", and since other groups with objections to its philosophy had legal and personal reservations about removing its page, he or she had no similar qualms. The attacker had also established a link on the W.A.R. page to a site with information on the Holocaust. I find myself confronted with a moral dilemma. While "hacking" Rodney Dangerfield's home page or the MGMUA "Hacker's" movie home page struck me as juvenile, unacceptable behavior, I must confess my reaction in this instance was much different. I would be interested in receiving your reaction. Am I just a closet Liberal, or is there a difference? 2. In the last ISSU addendum Professor Gene Spafford had supplied information on an update to a report in the 1990 edition of the "Communications of the ACM" on the reliability of basic UNIX utility programs. I obtained a copy of that update, "Fuzz Revisited: A re-examination of the Reliability of UNIX Utilities and Services" by Dr. Barton Miller and others. If I lose my current nonessential government position, I may have a future as an astrologer. My prediction last year, in the absence of the update, was that basic UNIX utilities were probably still vulnerable to denial of service attacks. The update confirmed that fact. Major findings included: a. The failure rate on the systems tested in 1990 was still "distressingly high" (18-23% for same systems tested in 1995). b. Many of the same bugs reported in 1990 were still present in the code releases of 1995. c. The overall failure rate of utilities on the commercial versions of UNIX tested ranged from 15-43% (i.e., Sun, IBM, SGI, DEC and NEXT). d. The failure rate of freely-distributed Linux versions of UNIX was at 9%. e. The failure rate of public GNU utilities was lowest at 6%. Ironically the USAF, NSF, DOE, and the Office of Naval Research supported the work. So maybe the Information Warriors already know the news, or at least can neither confirm nor deny! 3. The January 1996 edition of "Virus Bulletin" contains its biannual evaluation of MS-DOS virus scanners. The polymorphic virus test suite resulted in reduced overall scores for many products. This test suite consists of 500 each samples of 11 different polymorphic viruses. Personally this suite has always seemed overkill. AVP, Sweep, Norman Virus Control, Dr. Solomon's AVTK, AVAST! and Virus Alert! occupy the top five. For DoD users the version of Norman Virus Control tested was one edition higher than the one available from ASSIST and respective service Internet sites. The IBM AntiVirus, F-PROT Professional, McAfee's Scan, and ThunderBYTE are next in order. There are all sorts of caveats applicable to the evaluation scheme, so as always "detection" should probably be only one of many criteria in the selection of products. 4. For those who have prohibitions on the use of computer games you might check out a shareware version of Ungame, available at www.acs.oakland.oak.and.edu/oak/ in the directory fileutil. The shareware version claims to detect 100 different games under Windows, Windows95, Windows NT, OS/2 and DOS. The commercial version ($59.95) detects 3100 games. I did limited functionality testing under Windows and Windows NT. Ungame can search, detect, and optionally delete games from a network server or from individual disk drives. I tested all options which appeared to work as documented. Renaming of game executables did not escape detection. Similarly setting file attributes to hidden did not avoid detection. Those without access to WWW services can obtain the shareware version from 141.210.10.117 in the path SimTel/msdos/ fileutil/ungame20.zip. 5. Charles Cresson Wood, CISSP, an independent information security consultant, publishes a security policy as a Bonus Item with each edition of the Computer Security Institute's "Computer Security Alert" publication. I offer the latest for your consideration: "Information systems security products on the market less than a year must not be used as an integral component of any Company X production information system". Mr. Wood provides a copyrighted analysis of his proposed policy which I have not included. Your comments??? [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/parts of the ISSU with credit/blame to the author.]