Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA13831; Fri, 1 Jun 90 11:29:03 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA20547; Fri, 1 Jun 90 11:28:59 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA00610; Fri, 1 Jun 90 11:28:51 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa23401; 1 Jun 90 16:06 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Fri, 01 Jun 90 16:06:40 BST Message-Id: <$TGTWCZCFFBQW at UMPA> Subject: Virus-L vol 0 issue #0510 Virus-L Digest Tue, 10 May 88, Volume 0 : Issue #0510 Today's Topics ** no subject, date = Tue, 10 May 88 11:35:32 edt Re: Virus Construction Set Re: Virus Construction Set software self-checks Checkup available on VIRUS-L ------------------------------ Date: Tue, 10 May 88 11:35:32 edt Reply-To: Virus Discussion List Sender: Virus Discussion List From: Travis Lee Winfrey From: LOWEY%SASK.BITNET@cuvma.columbia.edu Subject: How can we protect programs from viruses? If something like this was added to the MS-DOS utilities and public domain programs, it could stop the spread of some viruses. For instance, if COMMAND.COM had such a check, it would be much harder for a hacker to patch a virus into it. yes, but as with all checks built in to programs, if the test(s) can be found in the code, executable or source, it can be patched and circumvented. however, such checks would be very useful in slowing the spread of a virus. t -------------------- Date: Tue, 10 May 88 17:41:00 LCL Reply-To: Virus Discussion List Sender: Virus Discussion List From: Michael Wagner new! +49 228 8199645 Subject: Re: Virus Construction Set > I don't know about in Germany, but it's my bet that anyone > releasing such a beast in the United States would get a handful of > lawsuits. I'd be in on sueing the hell out of them! You'd have a hard time even finding a ground. The fact that a crowbar can be used for burglary doesn't make it illegal to make crowbars. Similarly, selling copy protection defeaters isn't illegal nor key making machines. So it isn't per se illegal In terms of suing, you'd have to show that the manufacturer made something so unsafe that the owner of the program could not handle it safely. I don't know how you'd go about doing that. So suing the manufacturer is likely to be unprofitable. There are certain tools, the mere possession of which is a crime. The law justifies this by saying that there is no legitimate use for the tool, only the illegal one. However, I think these must be explicitely listed, and I bet virus makers aren't on the list Perhaps you could them added. Michael -------------------- Date: Tue, 10 May 88 17:19:00 LCL Reply-To: Virus Discussion List Sender: Virus Discussion List From: Michael Wagner new! +49 228 8199645 Subject: Re: Virus Construction Set > bad news from Germany. ... In April this year a unbelievable > program called "VIRUS CONSTRUCTION SET (VCS)" was released at the > Hannover computer faire CeBIT. Actually, at least on a certain philosophical plane, I see this as a good thing. I have grown sick and tired of hearing, for most of the past decade, that security exposures are 'no problem' because no one except a real expert will be able to find them, let alone exploit them. "No one will discover that back door and so we are safe". This innocent, cute approach to a real problem is really a disservice to the community. Babies are innocent and naive. They start out their lives shoving anything that fits in their mouth into their mouth. They have to be taught to only put food into their mouths, and to accept food only from trustable sources. If not, they can get very sick, and perhaps die. Basically, for the last few years, we computer people been living in a dream world. It seems that we, as adults, still have to learn that, just because something fits, you don't *have* to try sticking it in (we can skip the obvious sexual parallels) and doing so might just be dangerous. If VCS does nothing else, it will demonstrate: > You dont have no know how a virus work to create one, you just > have to know how to turn on your Atari and how to start the VCS > program!!! Maybe, as a result, manufacturers (hardware and software) will no longer be able to rely on the principle that complexity and secrecy are adequate protection. When the consumer population understands the implications of 'toys' like VCS, even little kids will laugh at manufacturers who are silly enough to continue to tell their consumers such nonsense. Michael -------------------- Date: Tue, 10 May 88 12:47:26 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Jim Frost Subject: software self-checks | If something like [a self-integrity check] was added to the | MS-DOS utilities and public domain programs, it could stop the | spread of some viruses. For instance, if COMMAND.COM had such a | check, it would be much harder for a hacker to patch a virus into | it. | |yes, but as with all checks built in to programs, if the test(s) can be found |in the code, executable or source, it can be patched and circumvented. |however, such checks would be very useful in slowing the spread of a virus. A couple of comments to this. Yes, it'd slow the spread of viruses, but it would also make you less paranoid about them (and thus less likely to catch them), make viruses more likely to be obnoxious (what kind of person would spend the time to work around the protections?), and slow the system down as well. This is a classic argument about security. The advent of a "secure" system will make users forget about security. When security is breached, the breach may never be found because no one is looking for it. Also, a word about intermittent security. Users of the PClone utility FLUSHOT (or its relatives) should be aware that just because a program doesn't do anything while you're running with protection doesn't mean it won't while you're not. It is trivial to add code to check to see if the FLUSHOT program is resident in your machine and just sit there if it is, but wreck things if it is not. Just when you trust a program enough to not use the protection, you'll get burned. jim frost madd@bu-it.bu.edu -------------------- Date: Tue, 10 May 88 13:32:08 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Checkup available on VIRUS-L The Checkup program is now available on VIRUS-L. It is a shareware checksum program to aid in determining whether or not a file (or files) has been altered. The filename is CHKUP14 UUE. It's a uuencoded ARC file. A caveat on this program, as with all the programs on VIRUS-L - they're public domain (or shareware), and you get what you pay for. ...which isn't to say that they're without merit. I have run all of the programs that I've posted, and I have obtained them from reliable sources (SIMTEL20.ARPA for the most part). Regards, Ken - ---------------------------------------------------------------------- = Kenneth R. van Wyk = _ /| = = User Services Senior Consultant = Ack Thippfft! \'o.O` = = Lehigh University Computing Center = =(___)= = = Internet: = U = = BITNET: = Bill 'n Opus in '88! = - ----------------------------------------------------------------------