Return-Path: XPUM04@prime-a.central-services.umist.ac.uk
Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3)
        id AA03556; Tue, 19 Jun 90 07:25:04 -0400
Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5)
        id AA28703; Tue, 19 Jun 90 07:25:02 -0400
Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3)
        id AA01888; Tue, 19 Jun 90 07:24:52 -0400
Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK 
           via Janet with NIFTP  id aa08349; 19 Jun 90 11:05 BST
From: Anthony Appleyard <XPUM04@prime-a.central-services.umist.ac.uk>
To: DAVIDF@cs.heriot-watt.ac.uk
Date:         Tue, 19 Jun 90 09:40:24 BST 
Message-Id:   <$TGWFCWKBBCTR at UMPA>
Subject:      Here is Virus-L vol 0 #0911



Virus-L Digest Sun, 11 Sep 88, Volume 0 : Issue #0911

Today's Topics

Re: Different Operating Systems
** no subject, date = Sun, 11 Sep 88 17:43:00 MDT
Re: Different Operating Systems

------------------------------

Date:         Sun, 11 Sep 88 15:46:46 MEZ
From:         Konrad Neuwirth <A4422DAE@AWIUNI11>
Subject:      Re: Different Operating Systems
In-Reply-To:  Message of Wed,
              7 Sep 88 20:28:01 EDT from <David.Slonosky@QUEENSU.CA>

Hi, as an amiga user,  too,  and  having  been  affected  i  can  tell  you
something  about  the  amiga viruses. A nice guy from switzerland ( of SCA)
wrote a virus on the amiga, just to proof it is possible. Now there exist a
lot of mutations of this virus, the  most  commonly  know  the  byte-bandid
virus.  To understand the amiga viruses, it is necesary to know a bit about
the amiga OS. It uses, as most machines do,  the  first  track  as  a  boot
track,  but it doesn't write too much into it, so there is a goos space for
a virus. As the amiga is a multitasking machine, it is not too hard to make
up a virus, as it just has to be a task, which doesn't have a  window.  The
amiga  OS  is  not  a too good Multitasking enviroment, as it has almost no
ways to protect one task from another. You certainly can imagine what  that
does  mean for a virus. The SCA virus is, thank god, not a destructive one,
but it is still enough. But the author did make a good thing in the virus (
if you can say good things about viri ;-)), he built in a self  destruction
feature.  There  also  exist programs to protect the machine, and even some
are small tasks chacking each inserted disk for a nonstandart boot block. I
personally use VirusX, which is such a program. I don't know more about the
other machines

                               SIGNED, AS ALWAYS
                                     I%  /I  +----
                                     I %/ I  +--
                                     I    I  +----
 "SORRY FOR LIVING, I WILL NEVER DO IT AGAIN"
                    KONRAD NEUWIRTH (A4422DAE AT AWIUNI11) (KONRAD ON RELAY)

--------------------

Date:         Sun, 11 Sep 88 17:43:00 MDT
From:         Bernie' <BSWIESER@UNCAMULT>

Mike <Wieser@UNCAMULT.BITNET> commented, re "mutations",

   > ... in the chance of a bug (mutation) code is more likely
   > to crash or hang than to follow some destructive path.

I'd  agree.  However,  random  zapping  of  an  execuing  program   doesn't
necessarily  involve the zapping of code; data required by the "good" virus
may be the component  that  is  accidentally  modified.  In  my  work  with
systems,  I've  seen  cases where instructions have been modified such that
the system continues to function without a hard failure. And let  me  point
out  the  case  in  CACM  again  (I'm at home now, so let me quote from the
article):

"... We have speculated that a  copy  of  the  program  (the  worm)  became
corrupted  at  some point in its migration, so that the initialization code
would not run properly ..."

Coupled with their environment, the unexpected result  of  an  uncontrolled
worm  became  a  reality.  Note  that  the programs involved do not have to
function correctly or anything; as long as  it  "reproduces",  a  corrupted
virus is dangerous.

To stretch the biological analogy perhaps to  the  breaking  point,  recall
that  although  individual  occurances of mutations might be recall, simply
multiplying the probability of their occurance by the  number  of  possible
PCs  wherein  they can occur can give rise to an unexpectedly large number.

I don't want to over-emphasis this; in fact, I'd guess that this threat  is
probably  relatively minor. But thinking that "good" viri can only generate
"good" effects is like thinking that guns in the hands of policement ("good
guns") can only generate "good" effects.

              Glen Matthews

--------------------

Date:         Sun, 11 Sep 88 12:24:00 EDT
From:         WHMurray@DOCKMASTER.ARPA
Subject:      Re: Different Operating Systems
In-Reply-To:  Message of 7 Sep 88 20:28 EDT from "David.Slonosky%QUEENSU.CA at
              CUNYVM.CUNY.EDU"

David Slonosky asks "Are all operating systems equally vulnerable?" Of  the
examples  that  he calls out the answer is essentially yes. This is because
they  are  all  designed  for  personal  computing  and  for  single  state
processors.  However, we when you get into multi-state systems you begin to
enjoy the opportunity for high integrity  procss-to-process  isolation.  At
that  point operating systems begin to differ dramatically in their ability
to resist viruses. They differ  in  terms  of  the  amount  of  generality,
flexibility,  and transitivity that they reserve to the user. The more that
they are prepared to reserve to themselves, the more  resistant  they  are.
Applications  also  vary  dramatically.  Those  that  do  not  permit  user
programming (yes Virginia, there are such applications)  are  significantly
less  vulnerable than those that do. Those that maintain strong segregation
between data and procedure are also less vulnerable.

William Hugh Murray, Fellow, Information System Security, Ernst & Whinney
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840

--------------------

*** end of Virus-L issue ***