Return-Path: XPUM04@prime-a.central-services.umist.ac.uk
Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3)
        id AA03497; Tue, 19 Jun 90 07:10:12 -0400
Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5)
        id AA28577; Tue, 19 Jun 90 07:10:10 -0400
Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3)
        id AA01582; Tue, 19 Jun 90 07:10:03 -0400
Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK 
           via Janet with NIFTP  id aa05387; 19 Jun 90 9:41 BST
From: Anthony Appleyard <XPUM04@prime-a.central-services.umist.ac.uk>
To: DAVIDF@cs.heriot-watt.ac.uk
Date:         Tue, 19 Jun 90 09:40:48 BST 
Message-Id:   <$TGWFCWKBBCTX at UMPA>
Subject:      Here is Virus-L vol 0 #0912



Virus-L Digest Mon, 12 Sep 88, Volume 0 : Issue #0912

Today's Topics

Infecting "Good" Viruses
virus mutations
"Viruses Don't Exist" and the Marconi Mysteries... (taken from RISKS)
Re: Infecting "Good" Viruses
Re: hypercard virus question
Re: CRC vs. encryption schemes
crc polynomials
Re: Different Operating Systems
Re: crc polynomials
Re:  Re:  CRC vs. encryption schemes

------------------------------

Date:         Mon, 12 Sep 88 00:04:00 MDT
From:         LYPOWY@UNCAMULT
Subject:      Infecting "Good" Viruses

Bernie, since a virus usually just prepends itself to an existing "program"
file, is it not possible that  a  good  virus  could  have  a  "bad"  virus
prepended to it? Then, when this file is executed, the bad virus would have
control,  then  relinquish its control to the good virus (if that is in its
game plan), and then the "good"  virus  would  relinquish  control  to  the
original  program.  Loren  ==> Is it possible to get a copy of the magazine
that you are publishing for the upcoming virus conference??!!

                              Greg Lypowy

--------------------

Date:         Mon, 12 Sep 88 02:23:25 EDT
From:         me! Jefferson Ogata <OGATA@UMDD>
Subject:      virus mutations

>                               But thinking that "good" viri can only
> generate "good" effects is like thinking that guns in the hands of
> policement ("good guns") can only generate "good" effects.

Good God; I hope nobody suggested either of those things! :-)

- Jeff Ogata

--------------------

Date:         Mon, 12 Sep 88 07:56:33 EDT
From:         "Kenneth R. van Wyk" <LUKEN@LEHIIBM1>
Subject:  "Viruses Don't Exist" and the Marconi Mysteries... (taken from RISKS)

I received one of those info-card packs (I forget from whom) as a result of
having my name and address sold by Dr. Dobb's. I filled out a  few  of  the
cards  and  received  a  catalog  from  Public  Brand  Software, which is a
shareware/ freeware clearing house based in Indianapolis, IN.  Here  are  a
few  quotes  on  from  the  third  page  of  their catalog entitled 'Topic:
VIRUSES'

"It seems like a couple of national magazines first thought up the  concept
of  MS-DOS viruses. Unfortunately, a lot of people read these magazines and
believe everything that they read. But let's get a  couple  of  definitions
clear first.

virus, n. 1. a purposely destructive computer program  that  can  propagate
itself  by  modifying other computer programs (such as COMMAND.COM) to make
them destructive. 2. a destructive  myth  perpetrated  to  sell  a  product
and/or fill editorial space."

The  article  goes  on  to  claim  that   viruses   are   myths   akin   to
friend-of-a-friend stories; popular magazines are perpetuating the myths to
have  something sensational to print; engineers are doing the same in order
to sell vaccines. They claim that they've searched high  and  low  and  can
find  no  such  thing  as a virus. 'Simply put, there is no such thing as a
virus. There never has been. Period.'

Sounds like a dangerous attitude to me.

     [Ken - Sounds like a case of foot-in-mouth to me...]

Kenneth R. van Wyk                   Calvin: Ever consider the end of the
User Services Senior Consultant        world as we know it?
Lehigh University Computing Center   Hobbes: You mean nuclear war?
Internet: <luken@Spot.CC.Lehigh.EDU> Calvin: I think Mom was referring to if I
BITNET:   <LUKEN@LEHIIBM1>             let the air out of the car tires again.

--------------------

Date:         Mon, 12 Sep 88 08:30:00 MDT
From:         Bernie' <BSWIESER@UNCAMULT>
Subject:      Re: Infecting "Good" Viruses
In-Reply-To:  Message of 12 Sep 88 00:04 MDT from LYPOWY

I'm thinking more of viri which hide themselves on  unused  sectors.  Mind,
running  a  utility  that  erases  all  unused sectors and checks all files
against the vtoc would be just as effective?

--------------------

Date:         Mon, 12 Sep 88 16:26:53 EDT
From:         Joe McMahon <XRJDM@SCFVM>
Subject:      Re: hypercard virus question
In-Reply-To:  Message of Tue, 6 Sep 88 16:48:00 EDT from <$CAROL@OBERLIN>

>My colleague (bitnet address PRUSSELL@OBERLIN) asks:
>        Does anyone know if Hypercard stacks are capable of carrying
>        Macintsosh viruses?  Are they considered applications or data?

Yes. The first known Mac virus was spread  via  a  Trojan  horse  HyperCard
stack.  It is also possible to write self-propagating XCMDs/XFCNs which can
spread viruses. Lastly, it is possible to write viruses in  HyperTalk  (the
HyperCard language) which can spread only from stack to stack.

- - Joe M.

--------------------

Date:         Mon, 12 Sep 88 11:52:11 EDT
From:         SHERK@UMDD
Subject:      Re: CRC vs. encryption schemes
In-Reply-To:  Message received on Tue, 30 Aug 88  19:00:38 EDT

Sorry if this is a bit late in the conversation but I have been on vacation.

Dr. Levine is quite right when he states that there are two distinct  times
when  one  wants  to check an application's integrity. One time is when you
recieve a program distribution and you want to check  if  you  got  a  good
copy.  Another  time  to check an application is at boot time or before you
exec it. It seems to me that these two types  of  checking  could  use  two
different schemes.

Scheme 1: Software distribution. The publisher of a software product should
publish a list of several different CRC polynomials and their results.  Say
two  or  three.  This  way, the recipiant can check his downloaded software
with a couple of CRCs. I do not beleive it is possible  for  two  different
programs  (i.e.  the original and the infected) to have the same CRC number
for two different CRC polynomials. That is:

      if CRC( prog1, poly1) equals CRC( prog2, poly1)
      then CRC( prog1, poly2) can not equal CRC( prog2, poly2).

Scheme 2: Personal CRC Once you have verified that you recieved a good copy
you can then pick your own personal CRC polynomial out of  the  70  million
"irreducible"  polymonials. (You should pick one that is different from the
published one.) Then record the CRC number and use  this  new  CRC  in  the
future.

It seems to me that this dual approach would be hard to beat.

Erik Sherk, Computer Science Center, University of Maryland.
sherk@umd5.umd.edu

--------------------

Date:         Mon, 12 Sep 88 21:21:11 EDT
From:         me! Jefferson Ogata <OGATA@UMDD>
Subject:      crc polynomials

It IS possible for two different programs to have  the  same  CRC  for  two
different polynomials. - Jeff Ogata

--------------------

Date:         Mon, 12 Sep 88 22:55:54 EDT
From:         David.Slonosky@QUEENSU.CA
Subject:      Re: Different Operating Systems
In-Reply-To:  <QUCDN.X400GATE:LVVG8F1Y*>

>David Slonosky asks "Are all operating systems equally vulnerable?"  Of
>the examples that he calls out the answer is essentially yes.  This is
>because they are all designed for personal computing and for single
>state processors.  However, we when you get into multi-state systems you
>begin to enjoy the opportunity for high integrity procss-to-process
>isolation.  At that point operating systems begin to differ dramatically
>in their ability to resist viruses.
>William Hugh Murray, Fellow, Information System Security, Ernst & Whinney
>2000 National City Center Cleveland, Ohio 44114
>21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840

Ok, so what  are  examples  of  multi-state  systems?  Anything  below  the
minicomputer/mainframe range?
                                       __________________________________
David Slonosky/QueensU/CA,"",CA       |         Know thyself?            |
<SLONOSKY@QUCDN>                      |  If I knew myself, I'd run away. |
                                      |__________________________________|

--------------------

Date:         Mon, 12 Sep 88 21:34:20 EDT
From:         ENGNBSC@BUACCA
Subject:      Re: crc polynomials
In-Reply-To:  Message of Mon, 12 Sep 88 21:21:11 EDT

Without annotated source, I would be  reluctant  to  completely  trust  any
program...  And  it's  a  little  tough  getting  annotated source for some
strange reason :-) Bruce Howells

--------------------

Date:         Mon, 12 Sep 88 23:04:02 EDT
From:         Steve <XRAYSROK@SBCCVM>
Subject:      Re:  Re:  CRC vs. encryption schemes

Of course it's possible to have two different programs with  two  different
polynomials  and the same CRC. In fact, two different programs can have the
same CRC using the same polynomial (which is a weakness  of  CRC  schemes).
This should be immediately intuitively obvious just from realizing that the
number  of  possible  (distinct) programs is far greater than the number of
available CRCs (but each program will have a CRC assigned to it anyway), so
the mapping of programs into CRCs cannot be 1 to 1.
- ------------------------ ----------------------------------------------
Steven C. Woronick        | Disclaimer: These opinions are entirely my    |
Physics Dept.             | own.  No responsibility or liability is       |
SUNY @ Stony Brook        | assumed regarding the use or misuse or        |
Stony Brook, NY  11794    | the reliability of the information preceeding.|
                          | Just kidding...
- ------------------------ -----------------------------------------------

--------------------

*** end of Virus-L issue ***