Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA18266; Tue, 5 Jun 90 14:34:49 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA19019; Tue, 5 Jun 90 14:34:47 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA20622; Tue, 5 Jun 90 14:34:32 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa29442; 5 Jun 90 17:38 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 05 Jun 90 14:02:36 BST Message-Id: <$TGVGDBVHCNWW at UMPA> Subject: Virus-L vol 0 issue #0607 Virus-L Digest Tue, 7 Jun 88, Volume 0 : Issue #0607 Today's Topics classroom viruses Virus *opinion* from the Usenet Re: Virus 101 Virus-writing classes ------------------------------ Date: Tue, 7 Jun 88 09:48:58 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Kenneth Ng Subject: classroom viruses Personally, I'd issue a dual challenge to the students, make both a virus and a virus hunter/detector, and let them battle it out among each other :-). Maybe have two rounds, with the source code from the first round available to all on the second round. Extra credit for the top virus and the top virus breaker. Now that would be fun. -------------------- Date: Tue, 7 Jun 88 11:44:25 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Virus *opinion* from the Usenet The following is a message which I saw on the Usenet group comp.sys.ibm.pc, an unmoderated IBM PC discussion forum. It reflects the opinion (of the author) that viruses aren't real; rather, they're the product of marketing hype (no flames please - that's just my interpretation of what the author says). I, for one, can attest to the fact that they are real, although they may not currently be as rampant as the media might lead one to believe. I also would not want to be in a position of being so naive as to say that they do not exist, therefore no precautions should be taken. Any other opinions on the matter? Ken van Wyk Here's the forwarded message itself: From: japplega@csm9a.UUCP (Joe Applegate) Newsgroups: comp.sys.ibm.pc Subject: Re: Software Package Inoculates Disks Against Computer Viruses Summary: Viruses - fact or Marketing Hype Keywords: Center for Computer Disease Control Date: 6 Jun 88 23:08:58 GMT Organization: Colorado School of Mines In article <2792@umd5.umd.edu>, cgs@umd5.umd.edu (Chris Sylvain) writes: > > Sophco has also initiated the Center for Computer Disease Control, > which will act as a clearing house for information about such antisocial soft- > ware. > A Local MSDOS Users Group hosted a panel discussion on Viruses and the methods to protect against them... SOPHCO and the so called Disease Control Center were asked to participate but declined... I for one publically doubt the existance of the virus they claim to have discovered since SEX.EXE can be found on several BBS's in a harmless, though tasteless form! When confronted on the phone their rep still refused to participate in our discussion or to produce this virus in order to confirm it was anything other than a marketing ploy. The panel consisted of several sysops, a security expert from Storage Tek, a computer crime lawyer and a law professor. Not one of these experts had ever found a bonified virus and only one could claim to have found a trojan! The general consensus was that while viruses might exist their occurance was far more rare than the media hype would indicate! It was also agreed that much of this hype is a result of advertizing from companies claiming to have a solution to viruses... it was even proposed that some of these viruses might originate with such companies. Now we all know that companies which produce and market programs to protect users against viruses and trojans are simply doing so for our benefit and not to serve the almighty green god so.... Everyone should do their part to support the noble effort of this Center for Computer Disease Control by placing a little black sticky "trojan" write protect tab on every disk and keeping their green gods in their wallet! Joe Applegate - Colorado School of Mines Computing Center {seismo, hplabs}!hao!isis!csm9a!japplega or SYSOP @ M.O.M. AI BBS - (303) 273-3989 - 300/1200/2400 8-N-1 24 hrs. *** UNIX is a philosophy, not an operating system *** *** BUT it is a registered trademark of AT&T, so get off my back *** .EC -------------------- Date: Tue, 7 Jun 88 17:32:39 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Mark W. Eichin" Subject: Re: Virus 101 In-Reply-To: Kelly Kreiger's message of Mon, 6 Jun 88 13:56:00 EDT <8806070318.AA14246@ATHENA.MIT.EDU> Would it not be appropriate for someone teaching a virus class to simply use the classic technique of "pseudo-machine" code? It requires more preparation on the part of the professor, but if he simply created some "virtual machine" which only existed as a sub-program or simulation somewhere, the virii could only infect this pseudo-machine. This would be far superior to testing it on, say, MSDOS/IBM-PC where the substrate exists in many places; without the appropriate pseudo-machine to infect, the virus would die, or at least fail to propagate. There are medical analogues to this technique, specifically working with E. coli (bacteria, not virus) which is harmless to humans. So, does anyone know of existing pseudo-machines which are available off the shelf, which could be used for this purpose? The MARS (core-wars) system comes to mind, though it is perhaps too simple... Mark Eichin SIPB Member & Project Athena ``Watchmaker'' -------------------- Date: Tue, 7 Jun 88 19:38:01 GMT Reply-To: Malcolm Ray Sender: Virus Discussion List Comments: Warning -- original Sender: tag was malcolm@JVAX.CLP.AC.UK From: MALCOLM@JVAX.CLP.AC.UK Subject: Virus-writing classes Although there is disagreement about the ethics of teaching students about virus writing, so far everyone (at least, everyone whose submission I've seen) seems to feel that it's good programming tuition. Well yes, in some ways it is, but surely the question *should* be whether the same gains could be provided in less damaging ways. Let's look at what it is about a virus which makes writing one good training: 1. It needs to interact with the system at a low level, teaching the student a lot about the particular system and about low-level programming in general (someone who's successfully written a typical virus on a PC, for example, will have a good understanding of interrupts and disk structure); 2. It needs to be small if it is to remain undetected, so the student will gain experience in writing compact code; 3. It *may* need to be pretty fast (for example, if it's doing a fair amount of work during a frame sync), teaching the student how to hone code for speed; 4. It should remain undetected as long as possible, even if the victim is looking for it, so the student learns to think carefully about how the 'user' (can one talk about the 'user' of a virus?) will behave. There are probably other points, but these will do. Note that this is *not* a list of the salient points of a virus - I've not mentioned self-replication, for example, because (correct me if I'm wrong) the skill of writing self- replicating code is not exactly of general utility (though I'll admit I can't see into the future). Well, I think it's pretty obvious that there are *benign* programming projects which will teach all of these skills. How about device drivers, for example? (I'm a Mess-DOS novice, so I'm not sure quite how what I mean by a 'device driver' relates to the PC world, but I guess you know what I mean). What I'm *not* saying is that the professor shouldn't have taught those classes, period. Academic freedom is a very important principle and should not be lightly surrendered. What I'm saying is that if he'd taken the trouble to look I'm sure he'd have found a much safer way of imparting the skills he rightly regarded as important. I hope he grows up soon. Regards, Malcolm - ---------------------------------------------------------------------- Malcolm Ray JANET: malcolm@uk.ac.clp.jvax Senior Systems Officer BitNet: malcolm@jvax.clp.ac.uk City of London Polytechnic No other routes please! How is it that little children are so intelligent and men so stupid? It must be education that does it. -- Alexandre Dumas Fils -------------------- *** end of Virus-L issue ***