Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA25947; Tue, 12 Jun 90 06:57:29 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA13033; Tue, 12 Jun 90 06:57:26 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA04376; Tue, 12 Jun 90 06:57:17 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa09948; 12 Jun 90 11:20 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 12 Jun 90 11:08:16 BST Message-Id: <$TGVTCZHTCBVT at UMPA> Subject: Virus-L vol 0 issue #0813 Virus-L Digest Sat, 13 Aug 88, Volume 0 : Issue #0813 Today's Topics History PK36 and PK361 Re: History ------------------------------ Date: Sat, 13 Aug 88 09:29:00 MDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Bernie Subject: History Being a new user to this service, I am not too sure yet what has/has not been discussed. Please forgive any repetition. I recently got into a discussion about the origins of trojan horses and viruses. I believe that it was the industry itself which propagated the idea of time bombs and such so as to protect shareware and non copyprotected software. Being a hacker, I don't believe hackers in general are innately evil. My colleague believes that it is the mischievous hacker trying to get at his enemies which propagated this 'wave' of problems. Does anyone know anything in depth about the history of such stuff? The main point is who is to blame! :) BSW -------------------- Date: Sat, 13 Aug 88 16:18:21 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David A. Bader" Subject: PK36 and PK361 Here is an interesting set of documents that I found concerning the validity of Phil Katz's archive makers and extractors. The first document concerns the court case between SEA and PK: - ---------------------------------------------------------------------- FOR RELEASE ON AUGUST 1, 1988 From: System Enhancement Associates, Inc. (SEA) and PKWARE, Inc. and Phillip W. Katz (PK) August 1, 1988 - Milwaukee, WI In the first known "Shareware" litigation, pending in the local United States District Court, the parties System En- hancement Associates, Inc. (Plaintiff - SEA) and PKWARE, Inc. / Phillip W. Katz (Defendants - PK), after reaching agreement, consented to the entry of the attached Judgment for Plaintiff on Consent. That Judgment was entered by Judge Myron L. Gordon, effective on August 1, 1988. Part of the agreement reached by the parties included a Confidential Cross-License Agreement under which SEA licensed PK for all the ARC compatible programs published by PK during the period beginning with the first release of PKXARC in late 1985 through July 31, 1988 in return for the payment of an agreed upon sum which was not disclosed. Additionally, PK was licensed, for an agreed upon royalty payment, to distribute its existing versions of PK's ARC compatible programs until January 31, 1989, after which PK is not licensed and agreed not to pub- lish or distribute any ARC compatible programs or utilities that process ARC compatible files. In exchange, PK licensed SEA to use its source code for PK's ARC compatible programs. PK agreed to cease any use of SEA's trademark "ARC" and to change the names or marks used with PK's programs to non-confusing designations. The Judgment provided for the standard copyright, trademark and unfair competition injunctive relief for SEA a- gainst PK, as well as damages and litigation expenses to be paid by PK to SEA. Both parties agreed to refrain from any comment concerning the settlement of the disputes, other than the text of this press release. Also, the parties instructed all of their representatives to refrain from any such activity. Any other details of the Cross-License Agreement were agreed to be maintained in confidence and under seal of the Court. In reaching the agreement to dispose of the pending litigation and to settle the disputes that are covered thereby, PK did not admit any fault or wrongdoing. - ---------------------------------------------------------------------- The next document is a few memos downloaded from a BBS and deals with problems in PK36: - ---------------------------------------------------------------------- ******************* ALERT! WARNING! ALERT ****************************** Downloaded from ACOM I BBS -- HOUSTON, TX 7-14-88 LATEST IMPORTANT NEWS...!!! ---------------------------------- . - Msg # 2339 Dated 07-08-88 01:07:49 Security: 0 - From: PAT FORBES - To: ALL - Re: WARNING !!! PKARC V3.6 Last read at 18:59:36 on 07/08/88 - - WARNING !!! There is something fishy going on with PKARC Version 3.6. - It is doing some weird things in memory that it should not be... - BBS-Chess also plays in memory... vectors... interupts... etc and it - will flat abort if it sees something weird... it does whenever PKARC - version 3.6 is run. Previous versions of PKARC are ok... its just 3.6 - that goes places in memory it should not be... - - We are calling the authors on 7-8-88 to confirm that there is such a - version. This may be more than just an "unarcer". It may be an honest - mistake... a bug... but be safe... not sorry!!! Remove it and use the - older version until we can get in touch with the author. - - This "messin in memory" was confirmed by a sysop in Georgia and another - in Southern California... both discovered the same thing. PKARC 3.6 is - Going places in memory... and leaving things in memory that it should not - be ... - -------------------------------------------------------- - Msg # 2344 Dated 07-08-88 16:41:09 Security: 0 - From: PAT FORBES - To: SARA JONES - Re: (R)THANKS Last read at 19:01:15 on 07/08/88 - - I talked to the author of PKARC today. It is confirmed... he is doing - some weird things in memory to.... "keep people from seeing his code". - He said he did not think it was necessary to put everything back to - normal when the code exited.... he now sees the err of his ways... - A lesson here.... mess with DOS all you want but.... put EVERYTHING back - to normal (the way it was) when you are done... - - Expect a new release very shortly but for the time.... DO NOT USE - version 3.6 unless you don't mind an occasional reboot or system lockup. - Use version 3.5 or less... - - - ---------------------------------------------------------------------- Ok, and finally, this next session is some kind of warning chat that was also available: - ---------------------------------------------------------------------- These are some interesting tidbits I discovered on GT-Net. Read 'em and form your own opinions.... Dave Williams 07/20/88 ############################################################################### #### first, some bulletins from Rick Kunz' NW Pacific GT-Net... ############################################################################### 7-15 Pulled PK3.6 and put a short version of the .COM files from PK 3.5 back up, temporarily, until bug fix is out. GT14.02 files will bw up in GENERAL file dir shortly; new install program also. 7-12 ===> The following was received from a fellow GT Sysop today; a word to the wise-- I did reinstall PK version 3.5 on both systems. --- --- --- --- I hope you have gotten the word by now, but in case you haven't there is A BIG PROBLEM with PKXARC/PKARC Ver. 3.6...has to do with the way Katz modifies vectors ( and then doesn't reset them)....it has caused me some real pain with BBSCHESS and some other programs.....just wanted you to know! ############################################################################### ##### and in CHAT mode with the sysop...... ############################################################################### @DDDDDDDDDDDDDDDDDDDDDDDY 3 GT NET/NODE 007/000 3 @DDDDDDDDDDCDDDDDDDDDDDDY @DDDDDDDDDDDDDDDDDDDDDY 59 Minutes left. Enter command (? for help): p ................ Dave Williams, Sorry if I broke in-- you're chatting with Rick Kunz! Yep...! Sorry to bother you..what's this about PK36? PK36 grabs some ints and doesn't let go of them. It's an attempt to foil hackers, to avoid another PKX35B35 debacle. The problem occurs as far as I know, only if you access PK36 from a shell, such as in viewarc utils, etc. It causes some real unpredictable results with those. No wonder!!!!! I run shelled out of Qmodem or PC-Write half the time, and I've been having some radical hard disk problems - CRC errors all over the place. I thought it was just the disk dying, but it started getting bad when I got PK36. Haven't lost anything, but it sure makes some torturous moises. Well, go back to 3.5, if you don't have it around, I put the .COM files in a little arc in the general directory. I think I have them laying around on an odd disk - I can get 'em locally if I need 'em. Sort of a surprise, finding problems in PKARC...... For sure! Phil has his share of problems lately, the 3.6 thing, I noticed it affecting serial communications on both machines as well as some frazzed disk stuff, and a couple days after reverting to 3.5, my highspeed xfers are back again. So if anyone gripes abouut file xfers, see if they've been using 3.6. Yeah. !?! OK, thanks a lot. I'll let ya go.... Sure-have a good one! ############################################################################### #### and finally, some dumps of the SOFTWARE echo on GT-Net ############################################################################### FILE SECTION: #1 - GENERAL - Miscellany, open access, ALLFILE.ARC Msg Base: #28 - SOFTWARE TECH; Chris Smith's GT Echo Msg No: 473. 7-08-88 19:59.01 From: Fred Horner To: Rusty Stone Subject: PK36.EXE I have unpacked and use pk36 with no trouble, however I have seen reports that it may have a problem with using int 3 and not releasing it when its through. Might want to stick with the 35 ver until we know for sure. .ORIGIN: 001/001 - THE PROGRAMMER'S WORKSHOP - SEND MAIL TO 001/003. Msg Base: #28 - SOFTWARE TECH; Chris Smith's GT Echo Msg No: 505. 7-13-88 23:09.18 From: Mike Schmieg To: Rusty Stone Subject: PK36.EXE Based on the latest report, just do away with PK36 files and return to 3.5. Wait until the 3.61 release comes out. I've already found problems with the board with 3.6. .ORIGIN: 006/006 - THE NOOK-CINCINNATI,OHIO (GEOFF MANDEVILLE, SYSOP) Msg Base: #28 - SOFTWARE TECH; Chris Smith's GT Echo Msg No: 511. 7-15-88 18:35.28 From: James Gaas To: Tony Locicero Subject: PK36.EXE Have you seen the recent "warnings" about using PK36? Seems it will cause lock ups. The current suggestion is to go back to PKX35A35 until the author releases PK36.1 .ORIGIN: 001/025 - J & J'S CASTLE - JAMES GAAS - HOUSTON << (713) 988-1922 >> Msg Base: #28 - SOFTWARE TECH; Chris Smith's GT Echo Msg No: 516. 7-16-88 8:39.43 From: John Dunham To: Mike Schmieg Subject: PK36.EXE I had problems with cross-linked clusters and damaged fat's. I started backing out programs from the lastest obtained. When I backed out PK36.EXE, the above disk problems stopped. I am now staying on 3.5 until a bug fix for 3.6 is released. .ORIGIN: 031/000 - THE LONG BEACH GT - LONG BEACH, CA - (213) 422-3986 Msg Base: #28 - SOFTWARE TECH; Chris Smith's GT Echo Msg No: 517. 7-17-88 13:32.29 From: Tony Locicero To: James Gaas Subject: PK36.EXE Have seen no problem on my system related to the PK36. Seems to affect only a few programs such as BBSCHESS as described by the author. Since I don't run this program and since EVERYTHING that I use seem to run well with it, I will continue to use it. It seems to run well on a wide variety of my machines on a wide variety of applications. Might be specific to that one application. .ORIGIN: 001/009 - THE BLACK ORCHID - HOUSTON, TX. - (713) 527-8719 Msg Base: #28 - SOFTWARE TECH; Chris Smith's GT Echo Msg No: 522. 7-17-88 6:36.22 From: Rusty Stone To: Fred Horner Subject: PK36.EXE Fred, Thanks for the warning. I will watch for more information on the Pk36 problem. Rusty .ORIGIN: 001/018 - SYSTEM ENVIRONMENT - SYSOP RUSTY STONE - 713/672-8318 - ---------------------------------------------------------------------- I have heard many discussions on local BBS's as to whether or not PKXXX is real or a trojan/virus/whatever... But hopefully this will shed some more light on the situation with PK's software. Incidentally, I have a copy of PK361.EXE, and all the filenames have been changed from PK36.EXE (obviously due to the litigation with SEA). David A. Bader DAB3@LEHIGH -------------------- Date: Sat, 13 Aug 88 16:49:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: WHMurray@DOCKMASTER.ARPA Subject: Re: History In-Reply-To: Message of 13 Aug 88 11:29 EDT from Bernie >My colleague believes that it is the mischievous hacker trying to >get at his enemies which propagated this 'wave' of problems. Does anyone >know anything in depth about the history of such stuff? The main point is >who is to blame! I would argue that that is not the main point at all. This is not the six o'clock news, or even TV. There are no good guys or bad guys here. There is nothing to be gained by finger pointing. "We have seen the enemy and he is us." Viruses and Trojan Horses are simply special cases of lies. Under most circumstances, lying is considered bad form, even immoral. In the case of these programs, they are destructive of other peoples resources and of the community's trust. That seems adequate reason to condemn them and the behavior of their authors in perpetrating them. However, with the current spate of PC viruses, it seems reasonable to say that they belong in the category of mischief, rather than that of evil. While their authors could predict how they would behave in a given system, there is evidence to suggest that they did not know how, or even if, they would spread, or how destructive they might be. Indeed, it seems clear that these acts were not motivated by vengeance or even greed. Rather, they were motivated, to the extent that they were motivated at all, by idle curiousity. The essentially gratuitous nature of these acts is mitigated only by the fact that the perpetrators were also ignorant of how much damage they might do. Some have suggested intellectual curiousity as a motive. However, while it is possible to write a clever virus, one need not be clever to do so. Writing a destructive virus is not a demonstration of skill. Perhaps it was simply the novelty of the thing. Or it may be, that having assayed the power, the perpetrators were not sufficiently mature to resist the temptation to use it. And the rest of us, those of us with an interest in the honest labelling and orderly behavior of programs, what has motivated us? Clearly that has been some greed and fear peddling. There has been a certain amount of grudging admiration. Certainly there has been identification and sympathy, for we know that the biggest difference between them and us is that they coded theirs' and let them go. We have reacted from incredulity (What do you mean, it could take over my system?!), and from hubris ("I have a 100% defense against viruses!" (when what he really meant was he could protect your hard disk from updates). Mostly we have reacted from fear; not the rational fear of a destructive and mindless lie, but rather the fear that someone might try to keep the truth from us. Not the fear of the damage that could be done by a virus, but the fear that in dealing with them someone else might infringe some cherished privilege (What do you mean, I can't require my students to write a virus?!). We have reacted from almost every motive but enlightened self-interest. So you see, the point is not who is to blame. There is plenty of blame to go around. Please do not start pointing fingers. The issue is not where have we been, but where do we go. The novelty is gone forever. It is now clear how much damage can be done. It only remains to be seen whether or not we can resist the temptation of the power and bring ourselve to censure and sanction those who cannot. William Hugh Murray, Fellow, Information System Security, Ernst & Whinney 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 -------------------- *** end of Virus-L issue ***