Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA13782; Fri, 1 Jun 90 11:26:24 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA20523; Fri, 1 Jun 90 11:26:21 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA00323; Fri, 1 Jun 90 11:26:10 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa23108; 1 Jun 90 16:01 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Fri, 01 Jun 90 16:05:40 BST Message-Id: <$TGTWCZCFFBQJ at UMPA> Subject: Virus-L vol 0 issue #0503 Virus-L Digest Tue, 3 May 88, Volume 0 : Issue #0503 Today's Topics The Fate of PD Code Question related to Macs. LISTSERV options download FSP UUEARC to Micros Re: download FSP UUEARC to Micros BRAIN virus ------------------------------ Date: Tue, 3 May 88 07:06:26 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Vin McLellan Subject: The Fate of PD Code PD need not die -- despite the virus plague; and despite the obituaries the virus threat has led so many vendor-supported publications to so (gleefully?) publish. "Public Domain" software may, however, tend to lean more into "shareware" and away from "freeware." Freeware, of course, is inherently cheapest... but now we have the problem of never really being certain that the code is clean and free of hidden danger (not in itself a new problem.) Shareware -- which circulates through the same public domain/freeware channels -- is copyrighted and typically accompanied by a request from its author for a (usually minimal) payment for licensed user rights. And, more than in the past, a shareware license will likely be accompanied by a disk with a clean copy of the purchased program. Nothing is likely to ever displace the PD circuit on the nets and bulletin boards as the cheapest and easiest way to both circulate new code and check out what's the newest. Even with infected code circulating, this can be done safely and intelligently on an isolated machine without a hard disk. Obviously, no responsible institution or group (or even an individual) is going to mix freeware code with working disks or files. The best defense against infected code is to obtain a legitimate shareware license -- and a guarranteed clean copy of the code, directly from the author. For a corporation or institution, that *contractual* link becomes essential for its internal security and ease of mind.(This may be lead to some strange scenes. More than a few programmers who just tossed out a now-popular freeware program onto a BBS system years ago may be surprised to find firms or institutions insisting on the right to pay them -- to establish a contractual relationship -- but they'll probably survive the shock.) Site or corporate licenses, now scorned by the industry, may be widely used here. In an institutional or user community, it will be up to local management to either buy enough guarranteed clean copies on disks... or arrange for trusted reproduction of an original received directly from the author. But the contract must and should be the foundation of safe software distribution. So freeware will inevitably be transformed into shareware; a craft cult into an profit-making industry sector; hackers into capitalists -- willy-nilly. (Some skateboard champs may have to open banks accounts, pay taxes, etc.) With that, Freeware/Shareware is likely to continue for the benefit of us all...and to bedevil a software industry whose pricing policies are more akin to Merlin's mumbled incantations than to any objective economic factors. Vin McLellan The Privacy Guild (Sidney.g.vin%Oz.AI.MIT.EDU@XX.LCS.MIT.EDU) Boston, Ma. 02111 (617) 426 2487 - ----- -------------------- Date: Tue, 3 May 88 08:17:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: J_CERNY@UNHH Subject: Question related to Macs. At the risk of exposing my ignorance, I'll ask the following question. In reading about methods to disinfect or vaccinate an infected (or suspected) system, people talk about either throwing away infected files or running code (macrophage?!) to gobble up the infected parts. In thinking of the Macintosh, I'm wondering if there is yet another place where a virus could lurk -- the parameter RAM?? I don't even know if it is possible to write into that RAM, except that I have the impression that is where date/time is stored and the fact that the CHOOSER can update/set date/time implies it can be written to. Jim Cerny, University Computing, University of N.H. -------------------- Date: Tue, 3 May 88 08:59:28 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: LISTSERV options A couple people have asked me why they don't get a copy of their own submissions to the VIRUS-L list. Well, that's the default way that LISTSERV is set up. There's two ways around it; I can set up the entire list such that everyone receives their own messages, or each user can set their own LISTSERV options, at their discretion. I prefer the latter. To tell the LISTSERV program to send you your own submissions, send the following mail message to LISTSERV@LEHIIBM1: SET VIRUS-L REPRO Ok, it's a bit cryptic, but that's the way it works... :-) Note: Please do not send the above message to the list itself!!! Ken - ---------------------------------------------------------------------- = Kenneth R. van Wyk = = = User Services Senior Consultant = I can't believe you fell for = = Lehigh University Computing Center = the oldest trick in the book = = Internet: = Lone Star! = = BITNET: = = - ---------------------------------------------------------------------- -------------------- Date: Tue, 3 May 88 10:42:49 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Jim <15360JIM@MSU> Subject: download FSP UUEARC to Micros I have the anti-virus file call FSP UUEARC at my IBM 3090 minidisk. I try to download it to micros. Please tell what additional UNARC file(s) I need, where to get it, and procedures to actually download it. I knew the way to download regular files through KERMIT. Thank You All! /Jim -------------------- Date: Tue, 3 May 88 10:50:23 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Re: download FSP UUEARC to Micros In-Reply-To: Message of Tue, 3 May 88 10:42:49 EDT from <15360JIM@MSU> >I have the anti-virus file call FSP UUEARC at my IBM 3090 minidisk. >I try to download it to micros. Please tell what additional UNARC file(s) I >need, where to get it, and procedures to actually download it. I knew the way >to download regular files through KERMIT. Thank You All! /Jim Just a guess, but it sounds as if the file is a uuencoded arc file. Uuencode/uudecode are two programs for converting a binary file into an ascii file and then back; thus making it easier to transfer binary files over networks. Once the uuencoded file has been uudecoded, it should be a standard arc file extractable by PKXARC or ARC. You can get a copy of uudecode from SIMTEL20.ARPA if you have Internet access, or I can send you a Turbo Pascal source code version. Please reply by direct e-mail if you want the Turbo source. I assume that FSP is Flu_Shot+? I'd be happy to make copies of Flu_Shot+, uuencode & uudecode, etc. available via this LISTSERV if there's sufficientt interest. Comments anyone? That's not an endorsement of public domain anti-virus programs; rather, it'd be providing a place where people on this list could download these programs with a reasonable degree of certainty as to the integrity of the program. Ken - ---------------------------------------------------------------------- = Kenneth R. van Wyk = = = User Services Senior Consultant = I can't believe you fell for = = Lehigh University Computing Center = the oldest trick in the book = = Internet: = Lone Star! = = BITNET: = = - ---------------------------------------------------------------------- -------------------- Date: Tue, 3 May 88 13:37:56 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joe Simpson Subject: BRAIN virus We have completely disassembled virus. It behaves as previously discussed. In the absence of programming bugs it only installs itself. It definately lives in the boot block plus 3 bad sectors. It does not infect any "normal" dos files. I specifically checks for and infects 5.25 inch floppies, no 3.5 , no hard disk. We have a simple brain remover program. Source will be posted to the list (assembly language) when the author thinks it is pretty enough. Disassembly and program work done by David Karipedes, a Miami student. To contact him use my bitnet mailbox. P.S. Since we have some diskettes with evenly spaced bad clusters in them, the search is on for the existance of another virus at M.U. We really don't have useful info one way or another at this time.