Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA25937; Tue, 12 Jun 90 06:56:40 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA13025; Tue, 12 Jun 90 06:56:37 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA04356; Tue, 12 Jun 90 06:56:27 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa09921; 12 Jun 90 11:20 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 12 Jun 90 11:07:20 BST Message-Id: <$TGVTCZHTCBRW at UMPA> Subject: Virus-L vol 0 issue #0809 Virus-L Digest Tue, 9 Aug 88, Volume 0 : Issue #0809 Today's Topics Gerbil / Virus Course Forwarded comments on virus education from J.D. Abolins Re: "2600" Quarterly, Summer, 1988 Re: Gerbil / Virus Course Re: Gerbil / Virus Course Re: Re: "2600" Quarterly, Summer, 1988 Re: Re: "2600" Quarterly, Summer, 1988 ------------------------------ Date: Tue, 9 Aug 88 01:48:49 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: Gerbil / Virus Course Well, I was away from my computer for all of two days (my wife is trying to make me cut down) and 200 messages built up on various systems. Thank you for all your responses on the conference, and please keep them coming. First, the Gerbil virus. These viruses have been the source of a lot of confusion over the past few months. I believe someone stated a while back on this list something about an MS-DOS virus that prints little feet across the bottom of the screen and a message that goes along with it. I have not seen hide nor foot of this virus. A friend out at the University of California, however, was able to send me a similar program which they found on someone ELSE's computer system. Its a set of two programs that runs on Vax systems running the VMS operating system. The version I saw was appended at the end of the system login file, so anyone logging in ran the program, unknown to them. This program would count the number of commands a user would type in and after 35 of them (and every multiple thereafter), would call a second program (also written in the DCL command language) that would print very crude "feet" across the bottom of the screen in five lines. They would use a variety of greater than, less than signs and / \ marks. No message was printed. Whether or not this program had a third program which would copy itself into the system login file is unknown to me. I doubt it. It was most likely a prank by someone at that company. But this was the closest thing I could find to the elusive gerbil virus talked about on this system. What I DID find however, was a cute PC "virus" or "bacterium" as I'm told they now call them, that when ran would print a picture of Jerry Pentacoli (I have no idea how to spell that) and a Gerbil jumping from an end-table into him. It then looked for (as do most of these picture viruses) any other disks on the system (including a hard disk C:, D: and so on) and copied itself to them. I would suspect that all of these picture viruses are written by the same person or group of people. They are interesting, but not damaging. Les, Chris, as for a course on viruses, I think that is a bit too specialized for undergraduates, but I would like to see a course given on computer security measures and theories. I don't know whether or not it should be mandatory, because judging by some college's requirements for a BS in computer science, many wouldn't know what computer security WAS much less how to implement protection schemes. Unfortunately, "Computer Security" covers a very broad range of ideas. And perusing the books in our library pertaining to computer security, each has an entirely different subject in them. I'd like to see courses provided to computer science students that overview some of the needs for computer security, including banks, government agencies, the need for secrecy and so on, what computer system administrators need to know, and possibly some protection schemes, how banks are protected, future developements in the field of limited transitivity and limited usefulness, and touching on the problems viruses pose as an advanced way around most protection schemes and how we might slow down or stop their spread. Actually, I think it would be a challenging course to teach... one I wouldn't mind teaching at all. Loren Keim -------------------- Date: Tue, 9 Aug 88 08:23:32 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Forwarded comments on virus education from J.D. Abolins Forwarded from J.D. Abolins: Re: Should computerists be told about computer viruses? I believe the they should be told ENOUGH so they know that hazards exist and that they know what to do to minimize risks. Tell them that there are problem programs out in the world. Tell them about the need for accountability of programs, the need for good backup procedures, and how to recognize a damaged system. This type of instruction shouldn't be viewed as VIRUS PREVENTION, rather it should be given as holistic review of good computing practices. After all, it is not just viruses that cause problems (although their replication makes them particularly troublesome); there are Trojan Horses and genral bug-ridden programs. So many of the practices to protect a system from viruses overlap with preventatives for other problems. One of the big dangers in not mentioning viruses at all is that the "innocent" computerist will face getting hurt without even knowing tht the danger exists. One of the big pitfalls they should know about, after being told simply that replicating malicous code- viruses- do exist, is that programs they have considered to be safe, such as commercial software they have bought, can become an agent of damage if they are not careful in their use of the program. "Borrow-ware", the practice of borrowing and lending out "known to be reliable" programs, can catch the unwary. The copy of QDOS bought by a computerist starts out being safe. But the computerist uses it on different machines and over the useage, the copy of QDOS gets a virus code replicated into it. If the computerist is not even aware of viruses, he/she will have no idea that their "trusted program, bought with their own money" can be the carrier of trouble. Tell them, yes. Tell them just enough to know it is rough world out there and tell them how to minimize their risks. Beyond that, the average computerist need not hear how to make a viruse, their modes of attack, etc. As for the debate about Fred Cohen's mention of viruses causing the virus case at Lehigh, I agree with Ken that the issue is moot. (Anyway, it would have probably someplace just as well without any course on viruses. After all others have mentioned the concept and if Fred Cohen could conceive of the possibility, so can many other people. But enough said.) J.D. Abolins If this message made it OK to VIRUS-L, then TRANSMIT with the SEQ option worked. In that case, Sylvia, you were right. Thank you. Kenneth R. van Wyk Overheard in a Thai restaurant: User Services Senior Consultant Lehigh University Computing Center "I don't know what you're having, Internet: but my nose is running!" BITNET: -------------------- Date: Tue, 9 Aug 88 08:30:43 MDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Chris McDonald STEWS-SD 678-2814 Subject: Re: "2600" Quarterly, Summer, 1988 In-Reply-To: Your message of Mon, 1 Aug 88 22:45:00 MDT You may address subscription correspondence to: 2600 Subscription Dept PO Box 752 Middle Island, NY 11953-0099 Yearly Subscription: $15 individual $40 corporate I subscribe to the quarterly--am not on their payroll. Chris McDonald White Sands Missile Range -------------------- Date: Tue, 9 Aug 88 09:14:54 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Claudia Lynch Subject: Re: Gerbil / Virus Course In-Reply-To: Message of Tue, 9 Aug 88 01:48:49 EDT from Who is Jerry Penticoli? -------------------- Date: Tue, 9 Aug 88 14:57:31 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Re: Gerbil / Virus Course In-Reply-To: Message of Tue, 9 Aug 88 09:14:54 CST from >Who is Jerry Penticoli? He's a local (Philly) tv newscaster who is *alleged* to have a somewhat, er, non-humane association with gerbils. But, please *PLEASE*, lets not get into a discussion of this here! The only possible viruses stemming from any such alleged acts are certainly not computer related... Ken Kenneth R. van Wyk Overheard in a Thai restaurant: User Services Senior Consultant Lehigh University Computing Center "I don't know what you're having, Internet: but my nose is running!" BITNET: -------------------- Date: Tue, 9 Aug 88 14:08:00 PDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ed Sakabu Subject: Re: Re: "2600" Quarterly, Summer, 1988 If you are subscribing for work (i.e. you're a security officer) you may want to subscribe in the name of the company (2600 claims that they will NOT EVER release the names of companies that subscribe). If you subscribe using your own name there is a possibility that you may get on some lists that you don't want to be on (this is PURE SPECULATION and is based on my own paranoia, but being on such a list (i.e. "cracker list") may not be very good if you are a security consultant and are looking for work, the FBI has been known to keep such lists before and I don't think there gona stop now.) --Ed > You may address subscription correspondence to: > > 2600 Subscription Dept > PO Box 752 > Middle Island, NY 11953-0099 > > Yearly Subscription: $15 individual > $40 corporate > > I subscribe to the quarterly--am not on their payroll. > > Chris McDonald > White Sands Missile Range -------------------- Date: Tue, 9 Aug 88 23:18:00 MDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: LYPOWY@UNCAMULT Subject: Re: Re: "2600" Quarterly, Summer, 1988 In-Reply-To: Message of 9 Aug 88 15:08 MDT from "Ed Sakabu" Is 2600 magazine anything like the TAP issues of Old?? Greg. -------------------- *** end of Virus-L issue ***