Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA03487; Tue, 19 Jun 90 07:09:39 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA28565; Tue, 19 Jun 90 07:09:36 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA01558; Tue, 19 Jun 90 07:09:28 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa05105; 19 Jun 90 9:36 BST From: Anthony Appleyard To: DAVIDF@cs.heriot-watt.ac.uk Date: Tue, 19 Jun 90 09:42:56 BST Message-Id: <$TGWFCWKBBCVR at UMPA> Subject: Here is Virus-L vol 0 #0927 Virus-L Digest Tue, 27 Sep 88, Volume 0 : Issue #0927 Today's Topics Re: 2 years probation Re: Conference Continued Pennsylvania Legislative virus recommendations Virus strikes Tuscaloosa. Conference Speeches Outlined ------------------------------ Date: Tue, 27 Sep 88 01:21:00 EDT From: me! Jefferson Ogata Subject: Re: 2 years probation >>Probation is a breeze. >Is that from personal experience? heh heh. yup. of course, you knew that, Eric. By the way, I think it will be easy for Burleson to find another job, as long as his name is not too widely publicized. Of course, this depends on whether the conviction is a felony conviction or a misdemeanor conviction. With a sentence like two years probation, it sounds like a misdemeanor. Most employers are not very concerned about misdemeanor convictions. - Jeff Ogata -------------------- Date: Tue, 27 Sep 88 08:29:40 EDT From: Ken van Wyk Subject: Re: Conference Continued In-Reply-To: Your message of Mon, 26 Sep 88 16:37:30 EDT > I am glad it is closed! I would be very upset if my name appeared on > a junk mailing list. Actually, the list is quite open; anyone who wants to be on the list can be on the list (as long as they abide by the guidelines). The list of subscribers, however, is not available for public perusal, for just the reason mentioned above. Regarding the Burleson case, I believe that the AP article said that he was convicted of a third degree felony. I'd imagine that would make it at least a bit difficult for him to get a job with a reputable firm. Ken Kenneth R. van Wyk Calvin: I'm gonna learn to ride this bike User Services Senior Consultant if it kills me! ... AAAAAUUUGGGHHH!!! Lehigh University Computing Center Hobbes: Did it kill you?! Internet: Calvin: No, it decided to maim me first. BITNET: -------------------- Date: Tue, 27 Sep 88 14:39:10 EDT From: Ken van Wyk Subject: Pennsylvania Legislative virus recommendations I just received a copy of the Pennsylvania Legislative Budget and Finance Committee's paper, "Study of Computer 'Viruses' and Their Potential for Infecting Commonwealth Computer Systems", which was released on September 21, 1988. While I haven't had too much time to read it thoroughly yet, it seems as though the Committe spent a lot of time on it, and that it could be of value. The report starts by defining what a virus is and how a virus can spread. It then categorizes the different types of known viruses and discusses methods for prevention, detection, and recovery from viruses. Next, it analyzes what the Commonwealth (of PA) is currently doing to prevent, detect, and recover from a virus. Finally, it presents additional action that may be warranted to prevent, detect, and recover from viruses. To summarize the conclusions of the Committee: 1) They recommend that "All Commonwealth agencies which utilize computer systems such as personal computers, minicomputers, and mainframe computers should formally assess the risk of each computer system against the infection from computer viruses." 2) "All Commonwealth agencies utilizing any form of electronic data processing (EDP), including personal computers, minicomputers, and mainframe computers, should establish routine backup procedures (at least on a weekly basis) for all active files and programs. Backup copies of the agency's files and programs should be maintained in a secure location for several months since a virus could lay dormant for an extended period of time." 3) "The Commonwealth, through the Bureau of EDP/Telecommunications Technology, should establish formally written policies on obtaining and using computer software." These include guidelines for software sharing and copying (including via modem), "restrictions on obtaining software from unknown or secondary sources, such as associates, peers, or in the mail through an unfamiliar vendor", restrictions on the use of electronic bulletin boards, and "strict internal controls over access to computer programs and files by EDP users." 4) "Commonwealth agencies using computer systems should conduct computer security awareness training for EDP users." 5) "Commonwealth agencies should also establish a formal procedure for testing existing computer files and programs for the presence of computer viruses using methods as anti-virus software, using 'checksums' prior to running a program, and developing in-house programs to check for unexpected access to programs and files." 6) "Commonwealth agencies which have identified highly sensitive data should explore the feasibility of using encryption to protect against virus infection." They include in this encryption of binaries such that "any unauthorized changes to the program would result in it being unusable." 7) Revisions should be made to "Disaster Recover Plans for Commonwealth agencies to include provisions for the recovery from the infection of a computer virus." 8) "Since computer viruses are not specifically defined in the PA computer crime statue, the General Assembly should consider amending state law to specifically define each type of action which would be considered a computer crime and also amend the statute to directly relate the penalty imposed to the damaged suffered as a result of the computer crime." 9) "The General Assembly should consider enactment of legislation to require and encourage state agencies to develop and implement effective computer security plans and procedures." Any opinions? Ken Kenneth R. van Wyk Calvin: I'm gonna learn to ride this bike User Services Senior Consultant if it kills me! ... AAAAAUUUGGGHHH!!! Lehigh University Computing Center Hobbes: Did it kill you?! Internet: Calvin: No, it decided to maim me first. BITNET: -------------------- Date: Tue, 27 Sep 88 15:24:00 CST From: James Ford Subject: Virus strikes Tuscaloosa. Well gentlemen (and women), it seems that a virus has struck Tucsaloosa and I've been called on to try and help. I haven't seen the infected computers yet, but here is a discription of what I do know. 1) The FAT that points to valid data space corrupted. It shows one giant corrupted file. 2) All data has been overwritten with FF(hex) The computers are backed up once a week, so there is a copy of the data that was lost. However, transactions since then are not recorded. Is there any way to recover the corrupted data? (I believe that they were using COMPRESS, MIRROR and PCBACKUP to back up the files...) Any hints on what this problem might be? Its rather important to find out, since the affected facility is in the health field. Any comments/hints/suggestions would be appreciated. James -------------------- Date: Tue, 27 Sep 88 21:42:39 EDT From: Loren K Keim -- Lehigh University Subject: Conference Speeches Outlined Here's a quick outline of the speeches to be held at the conference. Any questions or suggestions (as we've had several people ask to discuss telecommunications concerns and ATM concerns) we'll review and try to accomodate. SPEACHES - ------ What are Viruses? - --------------- What are viruses? Where do they come from? Reviews of different forms they take, including Boot Sector Viruses, .EXE viruses, Unix and VMS viruses. Reviewing the Lehigh, Yale, Brain, Christmas, and Israeli viruses. Tracking Computer Viruses - ----------------------- How several organizations track virus writers. Computer TapeWorms - ---------------- Reviewing the Xerox research on Computer Worms and their dangers. Computer Security Concerns I - -------------------------- Are schools in real danger of losing research? How can we protect businesses and colleges from the dangers? Computer Security Concerns II - --------------------------- System Integrety in large networked environments. Government security systems, banking systems, and virus defense designs. Included will be Limited Transitivity models, Limited Functionality ideas, the Bell-LaPadula Model, the Biba Model, and the Complexity Based Functionality Model. Future concerns will be discussed. Future Virus Concerns - ------------------- The ease in which a complicated virus could attack our banking systems and major industries. How we will stop these happenings. AT&T's new defense models and other companies packaging software protections with their programs. PANEL DISCUSSIONS - --------------- Panel Discussion on Current University Computer Concerns - ------------------------------------------------------ Several panelists from different anti-viral companies will be discussing this. Suggested: - ------- Panel discussion on ATM networks and telecomunications. DEMONSTRATIONS: - ------------ Demonstration of the various anti-virus program by their respective companies will take place. A demonstration of a tape worm will be performed. A demonstration of Unix System viruses will be performed. ROUND TABLE DISCUSSIONS: - --------------------- People would be free to discuss viruses and computer security concerns with each other, and freely introduce themselves. We've also been asked to hold sessions concerning banking systems and the danger to ATM networks, and the danger to networking in general and telecommunications. PAPERS: - ---- A variety of papers and books will be available for free and for sale. BOOK: - -- A book with copies of some of the speeches given, and several articles on viruses, computer security, encryption schemes, and computer law will be printed and distributed to those who show up. We will include a paper on worms, a paper on virus-like games, a detailed look at security models / their uses and limitations, a full listing of known viruses / psuedocode breakdowns / possible defenses. -------------------- *** end of Virus-L issue ***