Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA26013; Tue, 12 Jun 90 07:25:02 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA13182; Tue, 12 Jun 90 07:25:00 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA04525; Tue, 12 Jun 90 07:24:51 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa10975; 12 Jun 90 11:41 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 12 Jun 90 11:09:32 BST Message-Id: <$TGVTCZHTCBWC at UMPA> Subject: Virus-L vol 0 issue #0819 Virus-L Digest Fri, 19 Aug 88, Volume 0 : Issue #0819 Today's Topics Limited functionality, definition of 'computer', etc. The First Virus Limited Functionality Re: Protecting Command.com Hiding a virus between disk sectors ------------------------------ Date: Fri, 19 Aug 88 06:19:53 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Amanda B Rosen Subject: Limited functionality, definition of 'computer', etc. I'm a little concerned about butting into an argument that seems to be getting personal, but here goes... (I don't know _anybody_ on this list personally, so I'm not taking any sides...) David Bader's most recent lengthy article made many statements. I disagree with every one. Maybe he had a bad day (I know I'm having one), but I'll try to go over a couple that seemed to stand out. First, David asks how to define a computer, and why the definition of Limited Functionality is useful (I'm paraphrasing, so if I read it wrong, sorry...). In general, and without getting into any CS theory, I would say that a useful definition of 'computer' would be the turing machine. Modify that by looking at the PCs, Macs, Vaxen, and 4381s of today for a more bounded but useful definition. This is not what you would call a strict definition, but it's useful because we all understand it. In particular, a calculator or television don't qualify as (general-purpose) computers for obvious reasons. On the other hand, there are limited-functionality machines. Another intuitive definition is useful here: they are machines which, whatever the underlying capabilities of the component hardware, are NOT turing machines. Two good examples- 1) a security device, as described in David's article. It does not have a general-purpose CPU. It is inherently incapable of many things, such as arithmetic. 2) A building-directory computer. It is based (for example) on a 68000 machine, with lots of ROM and almost no RAM. While the hardware is, inherently, a turing machine, this actualization will never be capable of adding two numbers, either. Both of the limited-functionality devices described have the same chance of being infected by a virus: none. It's just not possible. This directly contra- dicts David's statement "ANY one-function computer can get a virus if the correct input is applied." On another topic, while novice users can be dangerous, there is no way a novice, no matter how clumsy or careless, can cause your data to become corrupt a month after his/her use of the machine, after the backups have been contaminated... Novices are also incapable of inflicting serious damage on mainframes or minis (or PCs with protection in the OS). Fianlly, it is always the institutions with the most at stake that have the most to lose (simple truism). What some people fail to see is that banks, defense systems, and the like, are the most likely to draw sophisticated viral attacks. While I'm not hugely fond of Cyberpunk stuff, read Gibson's Neuromancer. I hate to say it, but Gibson is probably very accurate in his portrayal of what computer security is going to be like in the not-too- distant future (although I have my doubts about his "Cyberspace matrix"). If you're a crack programmer worth $250 an hour, are you going to spend a month writing a virus to bring down a campus LAN? Or are you going to write one that redirects funds from bank networks to a numbered bank account? The other thing that people forget is that the real viruses of tomorrow won't be acts of vandalism, mostly. They'll have a purpose. Sorry for rambling, but it's 5:30 AM... I sure hope this makes as much sense tomorrow as it does now :-) /a -------------------- Date: Fri, 19 Aug 88 10:39:25 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: The First Virus Quite a few people wrote to me to tell me that I was incorrect in my definition of the first virus. That there have been viruses around for years. I quite agree. What I meant was that Fred Cohen, in his famous article describing viruses back in Computers and Security (No 6, 1987?) he told us that the first virus was conceived "of as an experiment to be presented at a weekly seminar on scomputer security" on November 3, 1983. He goes on to explain how this was the first virus and the very first virus experiment. I disagree with Fred on many point, and this is a maojor one. If anyone has had experience with viruses before this point in time, I would be VERYa happy to hear about them. I've documented a few minor comments in the past, but nothing concreit with the exception of some government work studying poropogating programs. Also, I'm looking for a copy of "Communications of ACM" from way back in March, 1982. Pages 172-180 contain information about the Xerox Worm program which got out of hand a few years back. Loren Keim -------------------- Date: Fri, 19 Aug 88 12:59:23 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ken van Wyk Subject: Limited Functionality Granted, limited functionality can certainly reduce the risk of a machine being infected by a virus. I wouldn't go so far as to say eliminate the risk, though. At least in the case of a machine in which a CPU is getting instructions from ROM. After all, where did the instructions for the ROM come from? Unless you can insure that the ROM itself is free from contamination, then you cannot say that there is no virus in that machine. At some point, the ROM had to be written to. It is true, however, that an existing uninfected ROM device cannot be written to by a virus, assuming that the ROM is, indeed, unwritable. Nonetheless, such a limited functionality machine certainly does have limited application, as the name would imply. An arcade video game is a good example of one. There aren't too many applications in which a limited functionality machine would be too useful, or at least practical. I certainly wouldn't want all of the applications on my PC burned into ROM, never to be altered. It would make life on the computer very difficult. Ken Kenneth R. van Wyk Calvin: Dad, can I have a flame thrower? User Services Senior Consultant Dad: Of course not! Lehigh University Computing Center Calvin: Even if I don't use it in the Internet: house?!!! BITNET: -------------------- Date: Fri, 19 Aug 88 17:45:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: WHMurray@DOCKMASTER.ARPA Subject: Re: Protecting Command.com In-Reply-To: Message of 16 Aug 88 21:20 EDT from "Art Larky " >Of course, a clever virus could read your config.sys and your autoexec.bat >and . . . . . ; BUT, you have the upper hand (I hope) because you have >been able to boot with a clean copy of command.com and a clean (I hope) >copy of autoexec. Your autoexec can do CRC's and such to protect itself and >your your hidden copy of command.com. But of course, a virus that did that would not be very clever would it? A truly clever virus attempts to exploit similarities among its potential targets. The beauty of your scheme is that it makes you just sufficiently different from your peers to remove you from the target population. Viruses exploit similarity; they do not need to attempt to accomdate themselves to differences. If you are the only target, any Trojan Horse attack will do. A virus is redundant. If you are not the specific target, then the success of the virus does not depend upon infecting you. All of those who have not taken steps to remove themselves from the target population, are sufficient. The virus does not need you. Thus, to F. Cohen's list of sharing, generality, and transitivity, we can add "similarity." William Hugh Murray, Fellow, Information System Security, Ernst & Whinney 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 -------------------- Date: Fri, 19 Aug 88 19:38:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: ZDABADE@VAX1.CC.LEHIGH.EDU Subject: Hiding a virus between disk sectors I have a simple question regarding viruses in between disk sectors. I can play arount with all the timing and sector markings in between disk sectors with my Central Point Options board. I know how to make copy protections with this, and other little tricks. What would the theory be behind putting a virus in between sectors? (Anything is possible, I am just curious on how that would make viruses any different or any other spew about a virus like that. Also, how would virus detection have to change?) David /-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ | From: David A. Bader, Studentis Maximus | | | | DAB3@LEHIGH SloNet: 1402 Lorain Avenue | | ZDABADE@VAX1.CC.LEHIGH.EDU Bethlehem, Pa. 18018 | | | | SchoolNet: Box 914, -On a mostly harmless | | Lehigh University, blue green planet... | | Bethlehem, Pa. 18015 -And loving it! | \________________________________________________________________________/ -------------------- *** end of Virus-L issue ***