Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA18122; Tue, 5 Jun 90 14:03:06 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA18684; Tue, 5 Jun 90 14:03:04 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA19517; Tue, 5 Jun 90 14:02:51 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa27861; 5 Jun 90 17:03 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 05 Jun 90 14:00:32 BST Message-Id: <$TGVGDBVHCNWK at UMPA> Subject: Virus-L vol 0 issue #0601 Virus-L Digest Wed, 1 Jun 88, Volume 0 : Issue #0601 Today's Topics Re: Playboy virus - BEWARE! (thomas@uvabick (Thomas Fruin)) Re: Naive virus questions A couple more forwarded submissions forwarded... Re: A couple more forwarded submissions ------------------------------ Date: Wed, 1 Jun 88 11:59:34 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joe McMahon Subject: Re: Playboy virus - BEWARE! (thomas@uvabick (Thomas Fruin)) [comp.sys.mac] In-Reply-To: Message of Tue, 31 May 88 16:31:07 CDT from > >Through a dealer I heard that a new Macintosh virus had been sighted >here in the Netherlands... > >-- Thomas Fruin Thomas, is it really a virus, or is it a Trojan horse? This is important -- if it's a virus, it does its damage at some later date, after ensuring that it ahs spread to other systems. If it is a Trojan horse (as I would guess from your description), then it clobbers you immediately, without spreading itself. I know it sounds picky, but the viruses are a lot worse, since they can inhabit ANYTHING. Trojans merely need to be avoived by name. - - Joe M. -------------------- Date: Wed, 1 Jun 88 11:03:45 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: David Camp Subject: Re: Naive virus questions In-Reply-To: Message of Sat, 28 May 88 19:06:50 EDT from >1) Is it possible to demount and mount the hard disk so that you >can effectively work with the floppy drives and not have to worry >about code being transferred to the hard disk? Well, I once tried disconnecting the power from the hard disk and booting from diskette. I do not remember the precise outcome, but I think I was unable to boot. You may have more luck by removing the hard disk controller entirely, but you run the risk of damaging your equipment. I heard (do not ask me where) of someone putting a switch on their hard disk connection, to write protect it. Even the reference I saw did not tell how to do it. When I tried to reenable the hard disk, I had an extra cable that had come loose, with three identical connectors available. I was rather embarrased to have to wait for another employee to identify the correct connection. The moral is: BE CAREFUL! > >2) Is it possible to design a virus that screws up the ROM? Not under usual circumstances. Most ROMS are only writable by equipment external to the computer. There are EEPROMS which can be written by the computer, though. They are commonly used in some terminals (perhaps a VT100?) to store the setup parameters, even while the terminal is powered off. The new PS/2 line features CMOS memory to contain setup information, with a battery backup. Some errant programs have been known to trash this memory, which can be easily restored with the Reference Diskette. > >Hey, these may seem naive, but then I'm not a computer scientist >by trade. They are reasonable questions. -David- -------------------- Date: Wed, 1 Jun 88 15:54:39 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: A couple more forwarded submissions >From J.D. Abolins Subject: Info regarding the National Computer Security Division Ken, several times, a fellow from the National Computer Security Division (of the NSA, I believe) has posted messages emphasing that the Division does not handle prosectutions of the virus writers,etc. I have questions that maybe he or someone else on the VIRUS-L could help me with.... Since I work with computers and write articles about computing and related subjects, I was wondering what general public information is available regarding computer security issues, what material is available from places such as the National Computer Security Division. Also I have about something called the "Orange Book" about computer security. Is this a public document? And if so, how does does one obtain a copy? Also, is there any particular agency that is handling the investigation and legal prosecution of virus makers? As a guide to the background of the questions, I am looking for things to help cut through the various rumors and half-info about viruses and computing in general. Any informationthat I am asking for, should relatively open to the public or the computing community. Ie.; I am NOT lookfor sensitive info. This clarification I am making since the computer security issues sometimes can be a very sensitive field and although I work with governmental computing (New Jersy State), I am not a professional computer security specialist by title. Thank you for your help. J.D. Abolins - ---------------------------------------------------------------------- = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = - ---------------------------------------------------------------------- -------------------- Date: Wed, 1 Jun 88 15:56:53 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: forwarded... I have examined a package called Disk Defender, a hardware board that claims to allow good protection for the hard disk. It plugs into the backplane of a PC/AT and connects, via cables between the hard disk controller and the disk itself. One sets switches on the board which allow one to deny write acces to the track on the disk whose vales fall between those switches. Included with the package is a software procedure which permits you to configure your hard disk with drive C for example totally contained on the protected tracks and drive D on the rest of the disk. You may then put the software you wish to protect on drive C and other stuff on drive D. A cable can be attached to the defender board with a switch. The switch permits (1) the whole drive to be writable, (2) the whole drive to be locked and (3) only the tracks now pointing to drive C to be locked. If the cable is removed, condition (3) prevails. The entire drive must be locked, as the FAT cannot be written to if it in the protected area and that would screw up all disk access if only a part of the drive is locked. The hardware seems to do what it claims. Usual disclaimers apply, I have never been ... 8-) len@evax.milw.wisc.edu - ---------------------------------------------------------------------- = Kenneth R. van Wyk = = = User Services Senior Consultant = This page intentionally = = Lehigh University Computing Center = left blank. = = Internet: = = = BITNET: = = - ---------------------------------------------------------------------- -------------------- Date: Wed, 1 Jun 88 16:36:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Joseph M. Beckman" Subject: Re: A couple more forwarded submissions In-Reply-To: Message of 1 Jun 88 15:54 EDT from "Kenneth R. van Wyk" There is a lot of "general public information" available on Computer Security. A lot of this is available through conferences (IEEE Symposium on Security & Privacy, NBS/NCSC National Computer Security Conference, DoE Computer Security Conference, etc.) that publish their proceedings. The IEEE proceedings should be available through University libraries (or interlibrary loan services); I'm not sure the NBS/NCSC NCSC is that popular, and doubt the DoE one is. One can get the NBS/NCSC Proceedings, Orange book (AKA The Criteria, AKA DOD 5200.28-STD), and other Government publications through the US Government Printing Office (for the cost of publication). Some documents may sometimes (I don't know the criteria for giving them out) be gotten directly through NCSC by requesting them through: National Computer Security Center, ATTN C1, 9800 Savage Road, Fort GG Meade, MD 20755-6000. The FBI is the Agency charged with the responsibility for investigating crime at the national level (naturally, your local PD or Sheriff's office is first in line, and there is the question of jurisdiction, etc). Prosecution would be done through the appropriate offices, your local DA, the Justice Department of the US, etc. The NCSC tries very hard to promote security in the commercial (i.e. public, i.e. not sensitive) sector. As noted above, they co-host a conference that *anyone* may attend (as long as you pay the nominal fee, of course). Joseph -------------------- *** end of Virus-L issue ***