Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA13914; Fri, 1 Jun 90 11:39:07 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA20650; Fri, 1 Jun 90 11:39:04 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA01677; Fri, 1 Jun 90 11:38:49 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa24267; 1 Jun 90 16:18 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Fri, 01 Jun 90 16:09:20 BST Message-Id: <$TGTWCZCFFBTQ at UMPA> Subject: Virus-L vol 0 issue #0527 Virus-L Digest Fri, 27 May 88, Volume 0 : Issue #0527 Today's Topics RE: Slight irreverence RE: Slight irreverence write-protect tabs RE: write-protect tabs Monthly (starting now) greeting. Re: write-protect tabs Write protect Re: write-protect tabs bad tabs Write Protect ------------------------------ Date: Fri, 27 May 88 15:35:25 GMT Reply-To: Malcolm Ray Sender: Virus Discussion List Comments: Warning -- original Sender: tag was malcolm@JVAX.CLP.AC.UK From: MALCOLM@JVAX.CLP.AC.UK Subject: RE: Slight irreverence A slip of the fingers caused Ken to send the following to me personally instead of to the list. At his request I'm forwarding it. ==== Bite here ==== From: "Kenneth R. van Wyk" 27-MAY-1988 14:24 To: MALCOLM Subj: Re: Slight irreverence Received: from UKACRL by UK.AC.RL.IB (Mailer X1.25) with BSMTP id 3655; Fri, 27 May 88 14:25:01 BS Received: from LEHIIBM1.BITNET by UKACRL.BITNET (Mailer X1.25) with BSMTP id 3654; Fri, 27 May 88 14:25:00 B Received: by LEHIIBM1 (Mailer X1.24) id 0769; Fri, 27 May 88 09:11:39 EDT Date: Fri, 27 May 88 09:01:31 EDT From: "Kenneth R. van Wyk" Subject: Re: Slight irreverence To: Malcolm Ray In-Reply-To: Message of Wed, 25 May 88 19:34:52 GMT from We'd like to warn our students and staff >of the dangers, and teach them some basic hygiene, but it's difficult to >do so without contributing to the panic and hype. Gentle reader, how does >one pitch the documentation? I think that your example of hype (the reported virus "frying" the transformer and all...) is about the best example of how *NOT* to educate your students and staff about viruses! Perhaps truth would be a much better approach; present the facts, along with common sense precautions that people can take to reduce their risk of being stung by a virus. Give them examples of what existing viruses have done, and how far they've spread (the Brain virus seems as good an example as any), and tell them how a virus spreads (by executing an infected program - including the operating system/boot tracks, NOT by things such as two disks coming in physical contact with one another). In short, take the myths out of viruses for your users. Explain to them that, by sharing programs with other users (either via disk swapping or downloading from bulletin boards, etc.), they're taking the risk that they may execute a program which is infected. Above all, tell them to make backups of all of their data *FREQUENTLY*, and to keep all shrink wrap original disks in a safe place with their write protect tabs on. Anyone have anything to add to this? Regards, Ken - ---------------------------------------------------------------------- = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = - ---------------------------------------------------------------------- -------------------- Date: Fri, 27 May 88 16:05:49 GMT Reply-To: Malcolm Ray Sender: Virus Discussion List Comments: Warning -- original Sender: tag was malcolm@JVAX.CLP.AC.UK From: MALCOLM@JVAX.CLP.AC.UK Subject: RE: Slight irreverence Ken, I had no intention of letting that spoof anywhere near our users! It was intended for the sophisticates who can spot hype when they see it. My point was exactly what you said: naive users (I don't use the term pejoratively) are *not* getting the truth, because some people who should know better (mostly in the computer press) are hyping it up. I had an example of this today: a friend who's involved in a research project about distributed operating systems tells me that his team leader is giving a talk on his work. The other contributor is a computer journalist noted for his virus stories, and... well, on second thoughts, I don't want to be libellous. The point is that people *like* virus stories - they're becoming part of modern folklore (albeit with a slightly limited audience), like alligators in the sewers and [fill in your favourite tall story here]. Hands up who's read "Shockwave Rider" by John Brunner. Enjoyable book, right? Think about why. Let's face it, although I'm sure we're all agreed that virus-writing is very irresponsible and should be countered, we all enjoy a good story about the chaos caused (as long as it's someone else's chaos, or we've put it behind us). But their are people who *believe* there are alligators down there... Again, this is not to diminish anyone's problems. If your site has been brought to its knees, commiserations :-(. I just don't want to see the proliferation of what a colleague called "the virus scare virus". Let's keep this list part of the cure, not part of the disease. - ---------------------------------------------------------------------- Malcolm Ray JANET: malcolm@uk.ac.clp.jvax Senior Systems Officer BitNet: malcolm@jvax.clp.ac.uk City of London Polytechnic No other routes please! All seems infected that the infected spy, As all looks yellow to the jaundiced eye -- Alexander Pope -------------------- Date: Fri, 27 May 88 12:17:39 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Alan J Rosenthal Subject: write-protect tabs Recently, Kenneth R. van Wyk advised VIRUS-L readers to advise users, among other things, > to keep all shrink wrap original disks in a safe place with their > write protect tabs on. I would like to point out that many computer users are not aware that write protection for floppy disks is often implemented in software and therefore can be ignored by a malicious program. Any discussion of write-protecting disks should mention this. [The program also has to re-implement the disk io libraries, so this does greatly increase its complexity, but many virus programs are quite sophisticated!] In particular, the write protection on Macintosh computers is definitely implemented in software, and I seem to vaguely remember that it is on the IBM-PC as well. So there is hardware to read whether the disk is write-protected or not, and a responsible program checks this before writing. Needless to say, I think this is a big mistake and can't see why someone would build a disk drive like that. Alan J Rosenthal, flaps at utorgpu -------------------- Date: Fri, 27 May 88 17:50:47 GMT Reply-To: Malcolm Ray Sender: Virus Discussion List Comments: Warning -- original Sender: tag was malcolm@JVAX.CLP.AC.UK From: MALCOLM@JVAX.CLP.AC.UK Subject: RE: write-protect tabs IBM-PC floppy write-protect logic is hardware. If a disk is write-protected, it's *safe*. - ---------------------------------------------------------------------- Malcolm Ray JANET: malcolm@uk.ac.clp.jvax Senior Systems Officer BitNet: malcolm@jvax.clp.ac.uk City of London Polytechnic No other routes please! Most people won't realise that writing is a craft. You have to take your apprenticeship in it like anything else. -- Katherine Anne Porter -------------------- Date: Fri, 27 May 88 13:23:07 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Monthly (starting now) greeting. [ Last (and first) modified 27-May-88 - Ken van Wyk ] Welcome! This is the monthly introduction posting for VIRUS-L, primarily for the benefit of any newcomers. Apologies to all subscribers who've already read this in the past (you'll only have to see it once a month, and you can, if you're quick, press the purge key...:-). What is VIRUS-L? It is an electronic mail discussion forum for sharing information about computer viruses. Discussions should include (but not necessarily be limited to): current events (virus sightings), virus prevention (practical and theoretical), and virus questions/answers. What isn't VIRUS-L? A place to spread hype about computer viruses; we already have the Press for that. :-) A place to sell things, to panhandle, or to flame other subscribers. If anyone *REALLY* feels the need to flame someone else for something that they may have said, then the flame should be sent directly to that person and/or to the list moderator (that'd be me, ). How do I get on the mailing list? Well, if you're reading this, chances are *real good* that you're already on the list. However, perhaps this document was given to you by a friend or colleague... So, to get onto the VIRUS-L mailing list, send a mail message to . In the body of the message, say nothing more than SUB VIRUS-L your name. LISTSERV is a program which automates mailing lists such as VIRUS-L. As long as you're either on BITNET, or any network accessible to BITNET via gateway, this should work. Within a short time, you will be placed on the mailing list, and you will get confirmation via e-mail. How do I get OFF of the list? If, in the unlikely event, you should happen to want to be removed from the VIRUS-L discussion list, just send mail to saying SIGNOFF VIRUS-L. People, such as students, whose accounts are going to be close (like over the summer...) - PLEASE signoff of the list before you leave. Also, be sure to send your signoff request to the LISTSERV and not to the list itself. How do I send a message to the list? Just send electronic mail to and it will automatically be redistributed to everyone on the mailing list. By default, you will not receive a copy of your own letters. If you wish to do so, send mail to saying SET VIRUS-L REPRO. What does VIRUS-L have to offer? All submissions to VIRUS-L are stored in monthly log files which can be downloaded by any user on (or off) the mailing list. There is also a small archive of some of the public anti-virus programs which are currently available. This archive, too, can be accessed by any user. All of this is handled automatically by the LISTSERV here at Lehigh University (). How do I get files from the LISTSERV? Well, you'll first want to know what files are available on the LISTSERV. To do this, send mail to saying INDEX VIRUS-L. Note that filenames/extensions are separated by a space, and not by a period. Once you've decided which file(s) you want, send mail to saying GET filename filetype. For example, GET VIRUS-L LOG8804 would get the file called VIRUS-L LOG8804 (which happens to be the monthly log of all messages sent to VIRUS-L during April, 1988). What is uuencode/uudecode, and why do I need them? Uuencode and uudecode are two programs which convert binary files into text (ASCII) files and back again. This is so binary files can be easily transferred via electronic mail. Many of the files on this LISTSERV are binary files which are stored in uuencoded format (the file types will be UUE). Both uuencode and uudecode are available from the LISTSERV. Uudecode is available in BASIC and in Turbo Pascal here. Uuencode is available in Turbo Pascal. Also, there is a very good binary-only uuencode/uudecode package on the LISTSERV which is stored in uuencoded format. Why have posting guidelines? To keep the discussions on-track with what the list is intended to be; a vehicle for virus discussions. This will keep the network traffic to a minimum and, hopefully, the quality of the content of the mail to a maximum. No one wants to read personal flames ad nausium, or discussions about the pros and cons of digest-format mailing lists, etc. What are the guidelines? As already stated, there will be no flames on the list. Anyone sending flames to the entire list must do so knowing that he/she will be removed from the list immediately. Same goes for any commercial plugs or panhandling. Submissions should be directly or indirectly related to the subject of computer viruses. Thank-you for your time and for your adherance to these guidelines. Comments and suggestions, as alway, are invited. Please address them to me, or . Ken van Wyk - ---------------------------------------------------------------------- = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = - ---------------------------------------------------------------------- -------------------- Date: Fri, 27 May 88 19:31:00 LCL Reply-To: Virus Discussion List Sender: Virus Discussion List From: Michael Wagner +49 228 8199645 Subject: Re: write-protect tabs > IBM-PC floppy write-protect logic is hardware. If a disk is > write-protected, it's *safe*. I believe the above statement to be correct; however, many people would disagree. I have been told that the confusion comes from the fact that there are two levels of protection on some floppy schemes. The write protect line is sensed and available for the software, so the software can produce a nice message. The line is also used, inside the drive itself, to shut down the write-current supply, so that, even if the controller *thinks* it is writing, it isn't. I believe this is the scheme used on the PC. Disclaimer: I don't have a PC, nor access to the documents to prove or disprove this 'fact'. Michael -------------------- Date: Fri, 27 May 88 13:15:51 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: CB Lih Subject: Write protect So what's the deal? Can software override the Mac protect tab? Are y'all sure about IBM? What about other computers? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Sincerly, and I mean that, =---> CB Lih <---= User Services -> Computing Services -> University of Arkansas -> Fayetteville CL06076@UAFSYSB Disclaimer: There's a hole in my ozone layer. -------------------- Date: Fri, 27 May 88 15:57:38 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Terry Sanderson Subject: Re: write-protect tabs In-Reply-To: Message of Fri, 27 May 88 19:31:00 LCL from Having stated this on the list once before, the topic has again arisen. IBM PC Floppy disks CANNOT be written to when there is a WRITE-PROTECT tab on the disk. I DO have access to technical docs, schematics, etc., and there is NO WAY the software can change this fact. The hardware provides a signal to the operating system that there is in fact a write-protect tab on the disk, but it cannot chance or override the protection. I hope this clears up any questions. Terry P. Sanderson P.Eng. sanders@utoronto.bitnet sanders@gpu.utcs.toronto.edu -------------------- Date: Fri, 27 May 88 16:30:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: PHREADDE Subject: bad tabs I disagree, on the IBM you can write on disks protected with CERTAIN write protect tabs. A while back, certain manufacturers produced red see-thru tabs that provided no protection. Those manufacturers have switched back to silver-backed black tabs. I have used the old ones and definitly written to files. This, however, should not be a problem currently. No one that I know of produces these thin red tabs now. If you have the old ones, discard them; they are ineffectual. And to all readers and contributors on this list, I would like to thank you for your work and questions. A virus did hit our school, and was completely vanquished within a few days. The methods that we used now help us protect our classroom software against accidental mistakes as well as future viruses. Public software is always vunerable to tapering, but we feel much more protected these days. Thanks again. Phreadde Davis State University of NY - Binghamton -------------------- Date: Fri, 27 May 88 14:44:00 PDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: WATKINS@UCRVMS Subject: Write Protect No, as far as I know (which is reasonably far), a Macintosh cannot override a write protect tab (or whatever the term is for 3.5" disks); I mean, unless it's been concealed all this time it can't be done.. And a couple cents worth (I hope) of stuff on defending against Mac viruses...maybe this was covered earlier, but remember that there are some resources in the system file that are duplicated in rom (for instance, chicago 12, geneva 12 (I think), some wdefs, etc. Now if I was to write a virus, I'd think that these places would be pretty keen for hiding my code. (hmm, maybe I should clarify a bit, what happens is the mac first checks to see if a resource is in rom and uses it if it can, so if you garbaged up the fonts with your virus code, nobody would notice. It's pretty easy to bypass the rom resources though so you could load this stuff and jump to it pretty easily...) I hope that made some sense... Kevin Lund watkins@ucrvms.bitnet kevin@hope.uucp