Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA26024; Tue, 12 Jun 90 07:27:45 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA13193; Tue, 12 Jun 90 07:27:41 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA04545; Tue, 12 Jun 90 07:26:58 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa11126; 12 Jun 90 11:45 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Tue, 12 Jun 90 11:10:20 BST Message-Id: <$TGVTCZHTCBWH at UMPA> Subject: Virus-L vol 0 issue #0823 Virus-L Digest Tue, 23 Aug 88, Volume 0 : Issue #0823 Today's Topics Virus Immunizer Add Openness; Viruses and Software Companies; Insurance Re: Virus Immunizer Add Re: Openness; Viruses and Software Companies; Insurance Re: distribution Re: Openness; Viruses and Software Companies; Insurance Administravia virus info Releasing viruses Anti-Viral Package Claims Flushot bugs Re: Anti-Viral Package Claims Virus Immunizer Add The Yale Virus - Revealed Viruses in the Mail Computer Law Re: Mail Order Yale Virus Correction Re: distribution Scary Fact about the Yale Virus Slight correction on Yale Virus. Re: Viruses in the Mail Re: Virus Immunizer Add Re: Anti-Viral Package Claims Controlled Study of Viruses REFERENCE TO PUBKEY MAILING LIST Openness; Viruses and Software Companies; Insurance ------------------------------ Date: Tue, 23 Aug 88 00:41:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: ZDABADE@VAX1.CC.LEHIGH.EDU Subject: Virus Immunizer Add Here's a card that I got in the mail that might prove interesting: PREVENT COMPUTER VIRUSES IMMUNIZE (TM) YOUR PC!!! If your computer can talk to the outside world (modems, floppy swaps, etc...), it can also be infected by a "computer virus" planted by an unscrupulous hacker. IMMUNIZE can prevent almost any type of virus from inhabiting your machine, regardless of the method used for infection. IMMUNIZE is available for $99.95, with this card only (regularly $149.95), and comes with an UNCONDITIONAL GUARANTEE! We will refund your money at any time in the next FIVE YEARS if you are unsatisfied, FOR ANY REASON WHATSOEVER. For further information, or to order IMMUNIZE, CALL TOLL FREE (800) 825-6600 Remote Technologies A Missouri Corporation 3612 Cleveland Avenue Saint Louis, Missouri 63110 - ------------------------------------------------------------------- This is NOT a plug for this company, only a discussion. What do you all out there think about a company that promises so much??? David /-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ | From: David A. Bader, Studentis Maximus | | | | DAB3@LEHIGH SloNet: 1402 Lorain Avenue | | ZDABADE@VAX1.CC.LEHIGH.EDU Bethlehem, Pa. 18018 | | HACK!DAB@SCARECROW.CSEE.LEHIGH.EDU | | | | SchoolNet: Box 914, -On a mostly harmless | | Lehigh University, blue green planet... | | Bethlehem, Pa. 18015 -And loving it! | \________________________________________________________________________/ -------------------- Date: Tue, 23 Aug 88 02:37:15 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Steve Subject: Openness; Viruses and Software Companies; Insurance I can understand trying to keep virus-writing technology under wraps, because if no one understands how to write a virus, there probably won't be any viruses. But it's too late. The concept is already out and its feasibility has been amply demonstrated. It's naive to think that I or anyone else couldn't write a virus without 'details' supplied from someone else (the 'details' are already there and freely available in the form of programmer's manuals). I personally don't feel I would need *any* help writing a virus if that's what I set my heart on doing (but I don't want to and I have better things to do). On the other hand I think that the fewer people there are who understand the guts of viruses, the fewer there will be who will write anti-virus programs. I may be wrong, but I think you need to know more to write an anti-virus program (like what viruses are out there and how they work) than you need to know to write a virus. As far as the origins of PC viruses are concerned, one has to ask if there is anyone out there who can reap financial gains from viruses. The answer is yes. Companies that sell software are competing with freeware. If they can make people afraid of freeware (because of risk of virus infection), then they can sell more software (including the antidote for particular viruses, including any they may have written and released themselves in trojan-horse freeware or apparently pirated versions of their own software). Would a software company resort to such tactics? What are the risks of such a company getting caught by someone tracing trojan-horse freeware back to it? About virus insurance... I tend to think of insurance companies as only slightly better than virus-writers. Because viruses are so new and because it's so hard to predict what the future holds in the way of new and innovative viruses I would expect the rates to be astronomical, with how astronomical depending on what the machine was being used for and what you expected the insurance company to protect you from (financial loss due to loss of records [*that* could get expensive!]? the cost of having your system cleaned and up and running again after a virus attack?). However, the rates would undoubtably improve significantly if the insurance company imposed on the insured the simple common-sense hygiene of the type that Ken recommended (rotating backups, etc.), which I think is by far the best insurance, and/or imposed virus detection/prevention measures. Steven C. Woronick | An extrapolation of its present rate of Physics Dept. | growth reveals that in the not too distant SUNY @ Stony Brook | future, Physical Review will fill bookshelves Stony Brook, NY 11794 | at a speed exceeding that of light. This | is not forbidden by relativity, since no 516-632-8133 | information is being conveyed. -------------------- Date: Tue, 23 Aug 88 08:01:38 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ken van Wyk Subject: Re: Virus Immunizer Add In-Reply-To: Your message of Tue, 23 Aug 88 00:41:00 EST > comes with an UNCONDITIONAL GUARANTEE! We will refund your money at any time > in the next FIVE YEARS if you are unsatisfied, FOR ANY REASON WHATSOEVER. Pretty impressive claim, if they can stand behind it, and if they exist five years from now... > This is NOT a plug for this company, only a discussion. What > do you all out there think about a company that promises so much??? It's a good topic of discussion, but I would have preferred it if no specific company names were mentioned. I'd appreciate everyone's cooperation on keeping this, and other future discussions, non-commercial - please. This list originates on BITNET, and we must adhere to their non-commercial guidelines. Thanks. Anyway, I'm always a little bit wary of companies that promise the world, as it were. I'd be willing to bet that the fine print in the product's manual (if there is one) was a little bit more, er, specific than the add that you got in the mail. Perhaps not, but that would certainly be the exception, not the rule. Ken Kenneth R. van Wyk Calvin: Dad, can I have a flame thrower? User Services Senior Consultant Dad: Of course not! Lehigh University Computing Center Calvin: Even if I don't use it in the Internet: house?!!! BITNET: -------------------- Date: Tue, 23 Aug 88 08:10:43 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ken van Wyk Subject: Re: Openness; Viruses and Software Companies; Insurance In-Reply-To: Your message of Tue, 23 Aug 88 02:37:15 EDT > As far as the origins of PC viruses are concerned, one has to ask if > there is anyone out there who can reap financial gains from viruses. Of course! Let's remember that a virus need not be overtly destructive; it may merely wish to alter data, or perhaps even extract data. A hypothetical scenario could be: company A wishes to give competitor company B a bad name, so they covertly release a virus which infects company B's product - not to destroy it per se, but to have it give intermittently incorrect results, thereby destroying its credibility. Ken -------------------- Date: Tue, 23 Aug 88 09:03:59 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joe McMahon Subject: Re: distribution In-Reply-To: Message of Mon, 22 Aug 88 13:54:53 EDT from Anyone who has been running with the University of Chile as their closest backbone server may have noticed bizarre things lately. There were some problems; the newest node list changes the weights of the link to try to keep North American mail from going to South America first (and getting delayed). - - Joe M. -------------------- Date: Tue, 23 Aug 88 09:12:43 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joe McMahon Subject: Re: Openness; Viruses and Software Companies; Insurance In-Reply-To: Message of Tue, 23 Aug 88 02:37:15 EDT from On openness: I agree that there are people who are intelligent enough to write viruses without help. However, it is pretty much certain that the nVIR Mac virus was created by someone who took the "sample virus" from CompuServe and turned it into a real nuisance. On viruses and software companies: We can even go better than Company A trying to discredit Company B; the Scores virus was apparently constructed specifically to damage and discredit a program or programs wriiten for some unnamed government installation by a disgruntled employee. - - Joe M. -------------------- Date: Tue, 23 Aug 88 10:06:25 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ken van Wyk Subject: Administravia Several readers have pointed out to me recently that they've been receiving two (or more) copies of VIRUS-L mail. I've just confirmed that Lehigh's mailer is only sending out one copy of each mailing, so some gateway or other node along the way must be doing some selective duplication. Hopefully, the situation will be cleared up in the near future. I apologize for any inconvenience. Ken Kenneth R. van Wyk Calvin: Dad, can I have a flame thrower? User Services Senior Consultant Dad: Of course not! Lehigh University Computing Center Calvin: Even if I don't use it in the Internet: house?!!! BITNET: -------------------- Date: Tue, 23 Aug 88 10:11:30 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "William A. MacDonald" Subject: virus info I would like to recieve information on viruses. A student here at Akron is working on a report and I read some of the listings he recieved from this listserver. The topic was very interesting and so I would like to recieve all the listings that I can so that I may read them when I can. thank you. Bill MacDonald -------------------- Date: Tue, 23 Aug 88 13:36:51 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David A. Bader" Subject: Releasing viruses > As far as the origins of PC viruses are concerned, one has to ask >if there is anyone out there who can reap financial gains from viruses. >The answer is yes. Companies that sell software are competing with >freeware. If they can make people afraid of freeware (because of risk >of virus infection), then they can sell more software (including the >antidote for particular viruses, including any they may have written >and released themselves in trojan-horse freeware or apparently pirated >versions of their own software). Would a software company resort to h > such tactics? What are the risks of such a company getting caught by >someone tracing trojan-horse freeware back to it? This is an interesting origin of viruses. I have heard of this type of virus/trojan horse in a specific case (which I won't mention because it might discredit the company associated with it more than necessary). Incidently, the bad code WAS traced back to the original company because their company name and phone number were located in the executable code... (How's that for doing something stupid??) Anyway, what do *you* think about the idea that software firms might be releasing damaging code in order to discredit other packages and increase their sales while wreaking havoc on *our* machines?!? Do *you* think that this mentality is incorporated into the scheme of selling more software??? David A. Bader DAB3@LEHIGH -------------------- Date: Tue, 23 Aug 88 13:39:40 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: Anti-Viral Package Claims The company who made the claim of money-back for 5 years isn't stupid by any means. Do you know the percentage of people who actually send for their money back is incredibly small. Its a selling gimic. Besides, a company can set itself up as an S corporation, sell a lot of product, declare bankrupcy and disappear and you can't go after any member of that company with a lawsuit. Also, I agree this is not a place to sell products, but I still think we should mention names of some products so we know what really has problems, like the flushot bugs that have marred it over the past few months. Loren -------------------- Date: Tue, 23 Aug 88 13:49:58 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David A. Bader" Subject: Flushot bugs >Also, I agree this is not a place to sell products, but >I still think we should mention names of some products so >we know what really has problems, like the flushot bugs >that have marred it over the past few months. Speaking of Flushot bugs... Hasn't *ANYONE* out there tried FluShot Plus 1.4??? I am having one type of problem with it (bug?), but because no one else out there tries such software, I am not sure if it is a *major* bug that everyone is experiencing, or just my bug. The only problem that I have encountered since using it for almost a month is that when I read a floppy disk (and only about 80% of the time) I get a TSR screen from FSP+ telling me that CMOS is being changed. Question: Does anyone know if reading a floppy drive DOES in fact change CMOS memory in an AT??? David A. Bader DAB3@LEHIGH -------------------- Date: Tue, 23 Aug 88 13:53:30 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Ken van Wyk Subject: Re: Anti-Viral Package Claims In-Reply-To: Your message of Tue, 23 Aug 88 13:39:40 EDT > Besides, a company can set itself up as an S corporation, > sell a lot of product, declare bankrupcy and disappear and > you can't go after any member of that company with a lawsuit. Sad, but true. > Also, I agree this is not a place to sell products, but > I still think we should mention names of some products so > we know what really has problems, like the flushot bugs > that have marred it over the past few months. Product names in the context of objective reviews from people with no vested interest in the product is perfectly acceptable. Reprints of advertisements, however, must be discouraged. On another note, I believe that the mail duplication problem reported earlier is isolated to BITNET. If anyone reading this is getting multiple copies on Internet (or elsewhere), please take a look at your message header. Is it going through the ARPA gateway at CUNYVM? If so, then the message is travelling through BITNET for a short distance before hitting the ARPAnet/Internet and the problem would be isolated between here and CUNY. If someone on the ARPA/Internet who is getting duplicate messages could send me a copy of one of their mail headers, I'd appreciate it. If someone on ARPA/Internet could confirm to me that they're *not* getting multiple messages, I'd appreciate that too. Networks are great...when they work. Heavy sigh. Ken Kenneth R. van Wyk Calvin: Dad, can I have a flame thrower? User Services Senior Consultant Dad: Of course not! Lehigh University Computing Center Calvin: Even if I don't use it in the Internet: house?!!! BITNET: -------------------- Date: Tue, 23 Aug 88 13:55:47 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List Comments: In-Reply-To: Poster of 23 Aug 88 EST from ZDABADE at VAX1.CC.LEHIGH.EDU From: Otto Stolz +49 7531 88 2645 Subject: Virus Immunizer Add > GUARANTEE! We will refund your money at any time So, what do they promise at all: that they will give back what they've taken from you before -- and only if you take the pains to write to them. Let's suppose that the refunding will cost them 10 bucks (for banking charges, man power, perhaps a diskette lost). Then they will still prosper, if at most 90% of their customers want the money back. > if you are unsatisfied, FOR ANY REASON WHATSOEVER. And from the reasons you state, they will gain insight on how to improve their product. Otto -------------------- Date: Tue, 23 Aug 88 14:00:56 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: The Yale Virus - Revealed Okay, We've spent the last few hours going over the Yale virus (Actually, Chris Bracy is still playing with it right now!) and we've come up with some preliminary conclusions. It isn't the Brain virus. At least as far as it isn't the code that WE have that is called the Brain virus, and I believe we have the original form. I think its an act-a-like. Someone tried to recreate the virus without having the original to study from. Its a boot-sector virus which infects both system and data disks. It infects only on boot-up. If you cold boot an infected disk, it loads the virus; if you then warm boot the machine, it infects whatever is in the A: drive. If the disk in the A: drive is already infected, it does nothing. It traps Int 9 and Int 19. Int 9 is the keyboard interrupt and Int 19 is the reboot interrupt. When it infects the disk, it copies the original boot sector to sector eight (the ninth sector). It also traps (the key configuration that changes the number of lines on a screen). There is also a section of code which is an exact format of 1 track of a disk, EXCEPT the Int 13 isn't there, so this section of code never does anything. Also, there is a generation counter. I believe this is an early version of a virus that someone planned to release. I'm not sure if the final version was released, and I'm not sure this virus is limited to Yale. I don't believe it is limited to Yale. I believe that the final version of the virus, after a period of time, would trigger itself to reformat someone's disk tracks. As we finish going over the code, we'll be back to you with any new info. Loren Keim and Chris Bracy -------------------- Date: Tue, 23 Aug 88 14:10:56 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: Viruses in the Mail I'd like to thank everyone to date who has sent me copies of their particular viruses. Its interesting to go over them and try to figure out if they are advanced versions of other viruses floating around out there that we may be able to stop. For anyone sending them to me in the future, however, please LABEL them as viruses. Receiving brown paper wrappers of unlabelled disks in the mail is scary. Recently when Yale sent me some material to look at, they marked the disk "BAD VIRUS - DO NOT BOOT". That was great, and one of the few times someone has marked it for me. We generally place viruses on red disks and put a "Mister Yuck" sticker on them as well as labelling them viruses. Its easier to separate them. In the future, its dangerous to be sending viruses around, so we do discourage it, BUT if anyone wants us to work on theirs (this is not an ad, I don't get paid for it) I'd like to change the address they've been going to. Send them to P.O. Box 2423, Lehigh Valley Pa, 18001. This will make it easier for me to separate what are viruses and what are not. Also, if you send me something, please send me some background information, "I found it ____, and it infected ___ disks, on ___ date" or "I wrote this for you to look at" and so on. I've found a lot of programs that I can't trace back anywhere because all I've gotten is a disk and a postmark. As for sending disks around, we can better control who has copies or reviews the virus in a conference situation, so I'd prefer people see them there. I don't intend on sending out copies of the Lehigh Virus or the Brain Virus (which I've received NUMEROUS calls for) unless you are "okay'd" by the government or have a real need for something. Otherwise, we can discuss it at the conference. Thanks, Loren Keim -------------------- Date: Tue, 23 Aug 88 14:12:15 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: Computer Law Some legislation regarding computer security that people may want to check on: Public Law 93-579 Privacy Act of 1974. Goldwater-Koch Bill (HR 1984) Loren Keim -------------------- Date: Tue, 23 Aug 88 14:08:11 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Jim Marks Subject: Re: Mail Order In-Reply-To: Message of Mon, 22 Aug 88 16:10:00 EDT from I, too, have been getting unusual distributions. Just now, I got second (at least) copies of 3 entries from last week (from Ken, Amanda Rosen, and Loren). I don't know what mailer is doing this. I believe I get my stuff straight from the mailer at LEHIGH, but I don't really know how all the distribution works. -------------------- Date: Tue, 23 Aug 88 14:32:21 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: Yale Virus Correction Excuse me, I didn't fully explain where the boot sector was put by the Yale Virus. It is put on Sector 8 of Track 40, EVEN if it is an 80 track disk. Even more interesting is that it doesn't mark this sector as being bad. If something is in this sector, it doesn't check, it just writes right over it. Loren -------------------- Date: Tue, 23 Aug 88 13:38:01 CST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Claudia Lynch Subject: Re: distribution In-Reply-To: Message of Mon, 22 Aug 88 07:54:16 EDT from I, too, have had strange things happening with my mail from the virus list. In my case, I have been receiving duplicates of things. Any thoughts on this matter? Claudia Lynch Academic Computing Services University of North Texas Denton, Texas -------------------- Date: Tue, 23 Aug 88 15:05:41 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: Scary Fact about the Yale Virus Here is something that should scare people about viruse propogation. The version of the Yale virus that we have tells us that it is the 15th generation of the virus. There is a counter that keeps this information. (The value of the counters found at Yale were 212 through 215). Figuring that each copy made 2 of itself and knowing how it figures out its own generation, the number of copies out there is about 15 2 which translates into an aweful lot of copies of this virus if these figures are correct, and means that Yale was not the first place to encounter this virus. A way to tell if you have the virus, when you warm reboot, the screen is set to 40 column mode for a split second. Watch for it folks, Loren -------------------- Date: Tue, 23 Aug 88 16:22:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Chris Bracy Subject: Slight correction on Yale Virus. The generation on my disk is 15 hex not decimal. Also the note I saw said they didnt find any earlier than 12H. This would seem to indicate that either it didnt start at 0, or there is a good chance it didnt start at Yale. We're interested in finding out more about where it did come from, so here are some specifics on spotting it... On computers with CGA adapters on a warm boot when it infects a disk (or attempts to infect and doesn't) it will put the screen into 40 column mode for about a second (on an 8Mhz PC). The generation count is a word located at 1F8 into the code. (Into the boot sector). Also it doesnt overwrite (re-infect) itself. Chris. *==============================*======================================* | Chris A. Bracy | Student Consultant | | (215) 758-4141 | Lehigh University Computing Center | | Kcabrac@Vax1.cc.Lehigh.Edu | Fairchild Martindale Bldg. 8B | | Kcabrac@LehiCDC1.Bitnet | Lehigh University | | CAB4@Lehigh.Bitnet | Bethlehem, PA 18015 | *==============================*======================================* -------------------- Date: Tue, 23 Aug 88 16:28:31 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "David A. Bader" Subject: Re: Viruses in the Mail >As for sending disks around, we can better control who has >copies or reviews the virus in a conference situation, so I'd >prefer people see them there. I don't intend on sending out >copies of the Lehigh Virus or the Brain Virus (which I've received >NUMEROUS calls for) unless you are "okay'd" by the government >or have a real need for something. Otherwise, we can discuss >it at the conference. > >Thanks, > >Loren Keim How can you ask for an OKAY from the government on people??? Who okay's you to receive these viruses? Living in the same city as you, it scares me, and the rest of the computing vicinity, that these viruses are being so uncarefully handled. I just hope that my brother hasn't used any floppy disks that you might have handed him in conjunction with my computer.... If you *really* wanted to educate us, you would make a fact sheet about *all* the viruses you know of (containing infection schemes, sizes, generations, geographical siting, detection of, remedies, etc.) and let the discussion list add to it. Also, what is the synopsis of Goldwater-Koch Privacy Act?? If you like, I have pages and pages of government document references on computer security type subjects and maybe we can compile a "government revue" on viruses and such together. David A. Bader DAB3@LEHIGH -------------------- Date: Tue, 23 Aug 88 18:13:04 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Jim Marks Subject: Re: Virus Immunizer Add In-Reply-To: Message of Tue, 23 Aug 88 00:41:00 EST from Well, that is certainly a pretty impressive CLAIM. However, after reading (usually passively) a good deal of the postings here on the list, I would tend to think it a little optimistic. Of course, it is hardly the first such claim in computer software advertising. At $99, I would hope the program would be fairly sophisticated and useful in preventing many (or at least some) viral infections. However, I believe that ANY security scheme can be broken with enough effort. About the only ABSOLUTE security (if there is such a thing) wwould be physical security of the system, with only the use of material (program OR data) which had been verified to be virus- (or other type bug-) free. And that even probably isn't possible. As for the liberal money-back guarantee: it may be good, but it is only as good as the company. In other words, it can be like the "life-time" member- ship to the health spa that goes out of business 6 months after you join; the problem is in the definition of "lifetime". -------------------- Date: Tue, 23 Aug 88 19:05:53 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Jim Marks Subject: Re: Anti-Viral Package Claims In-Reply-To: Message of Tue, 23 Aug 88 13:39:40 EDT from That is a good point about whether the money-back guarantee is really worth anything. The redemption rate on such guarantees is, I believe, quite low in most all fields. The computer software field is probably no different. As to the lifetime of computer software firms, we KNOW that this is in many (probably most) cases quite short. Therefore, there is a good chance the firm won't be around for 5 years. As to selling software here; it is not appropriate. What IS appropriate is for users of software reporting (positively or negatively) on how it performs. Of course, its human nature that we usually hear more of the negative. (Or it could be just that there IS more negative when it comes to the vast array of software). -------------------- Date: Tue, 23 Aug 88 19:58:56 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: Loren K Keim -- Lehigh University Subject: Controlled Study of Viruses David Bader: > Living in the same city as you, it scares me, and the rest > of the computer vicinity, that these viruses are being so > uncarefully handled. I am very offended. We take the utmost care in isolating virus programs and in studying them. We set up a computer in my Coopersburg office (which you should be familiar with) which is connected to nothing whatsoever so that we can play with them in a controlled environment. We have no programs on disk there, and nothing gets transfered from there so there is no risk of propogation. I debated whether to send this directly to David or to the entire list, and I feel that the list should know that we NEVER compromise on security. I had just gotten through explaining that some of the people who have submitted viruses to us should be more careful about how they are sent, and that we will not give out copies of the Lehigh virus or Brain virus, and you tell me that the computing vacinity is scared of me? I just want to make sure that no one accuses me of the same thing Fred Cohen has been accused of countless times. I do not test viruses on public machines, only dedicated machines which are connected to NOTHING whatsoever. > If you *really* want to educate us, you would make a fact > sheet about *all* the viruses you know of (containing > infection schemes, sizes, generations, geographical > siting, detection of, remedies, etc.) As I said about two weeks ago on this list, and we discussed it at length, I am putting together such a list. One of the reasons we are getting viruses in the mail is because people are helping me to add to the list. We debug them, figure out what makes them tick, compare them to similar viruses and do a write up on them for the list of viruses. Unfortunatly, this list is taking longer than anticipated. Once again, however, I would like to ask anyone to send me information about their virus sitings, please be specific. Please forgive the rather angry tone, I don't like being accused of viral propogation... at least not after all the work I have gone through to make certain nothing propogates. Loren -------------------- Date: Tue, 23 Aug 88 21:05:57 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: David.Slonosky@QUEENSU.CA Subject: REFERENCE TO PUBKEY MAILING LIST In-Reply-To: >A RECENT VIRUS-L MSG MENTIONED A PUBLIC KEY CRYPTO MAILING LIST. >I TRIED TO MSG THE NAME THAT WAS QUOTED AND GOT MY MSG BOUNCED. >ANYBODY HAVE ANY FURTHER INFO ON PUBKEY??? > >/JC ON JIM@ISS.NUS.AC.SG Yeah, I had the same problem. Maybe if the author of the original item is reading these notes, then they could help out. Was the address a BITNET address, or what? David Slonosky/QueensU/CA,"",CA | Know thyself? | | If I knew myself, I'd run away. | -------------------- Date: Tue, 23 Aug 88 21:07:02 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: David.Slonosky@QUEENSU.CA Subject: Openness; Viruses and Software Companies; Insurance In-Reply-To: > As far as the origins of PC viruses are concerned, one has to ask if >there is anyone out there who can reap financial gains from viruses. >The answer is yes. Companies that sell software are competing with >freeware. If they can make people afraid of freeware (because of risk >of virus infection), then they can sell more software (including the >antidote for particular viruses, including any they may have written and >released themselves in trojan-horse freeware or apparently pirated >versions of their own software). Would a software company resort to such >tactics? What are the risks of such a company getting caught by someone >tracing trojan-horse freeware back to it? > > >Steven C. Woronick >Physics Dept. >SUNY @ Stony Brook >Stony Brook, NY 11794 What an evil thought, which means there's a good chance it's happened at least once. Talk about your market forces... David Slonosky/QueensU/CA,"",CA | Know thyself? | | If I knew myself, I'd run away. | -------------------- *** end of Virus-L issue ***