Return-Path: XPUM04@prime-a.central-services.umist.ac.uk
Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3)
        id AA04437; Wed, 20 Jun 90 17:13:50 -0400
Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5)
        id AA06915; Wed, 20 Jun 90 17:13:51 -0400
Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3)
        id AA22941; Wed, 20 Jun 90 17:13:42 -0400
Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK 
           via Janet with NIFTP  id aa22764; 20 Jun 90 16:14 BST
From: Anthony Appleyard <XPUM04@prime-a.central-services.umist.ac.uk>
To: DAVIDF@cs.heriot-watt.ac.uk
Date:         Wed, 20 Jun 90 16:29:00 BST 
Message-Id:   <$TGWGCZNQBTKJ at UMPA>
Subject:      Virus-L vol 0 issue #1005



Virus-L Digest Wed, 5 Oct 88, Volume 0 : Issue #1005

Today's Topics

TRAPDISK
Re: TRAPDISK
nVir virus
Conference Outline/Agenda
verbosity

------------------------------

Date:         Wed, 5 Oct 88 00:22:21 EDT
From:         me! Jefferson Ogata <OGATA@UMDD>
Subject:      TRAPDISK

I don't think this program  is  meant  to  PROTECT  you  from  Trojans  and
viruses;  I  think  it's intended for checking out NEW programs you've just
got hold of. Using it all the time would be silly. It merely allows you  to
find  out what sort of disk accesses a suspicious program calls for, so you
can test it a bit before you let it loose. - Jeff Ogata

--------------------

Date:         Wed, 5 Oct 88 08:15:41 EDT
From:         Ken van Wyk <luken@SPOT.CC.LEHIGH.EDU>
Subject:      Re: TRAPDISK
In-Reply-To:  Your message of Wed, 5 Oct 88 00:22:21 EDT

> I don't think this program is meant to PROTECT you from Trojans and
> viruses; I think it's intended for checking out NEW programs you've
> just got hold of.  Using it all the time would be silly.  It merely
> allows you to find out what sort of disk accesses a suspicious prog-
> ram calls for, so you can test it a bit before you let it loose.

That's a good point, if you make a couple  of  assumptions.  Looking  at  a
scenario in which some program X is being tested, if X is indeed a (fill in
your favorite malicious program type), and if X either bypasses INT 13h, or
perhaps  sees  that  INT 13h is currently owned by a program other than the
operating system and thus doesn't do its dirty work until  sometime  later,
then  the  TRAPDISK  program  would  be useless and would only give a false
sense of safety. Also, lets say that X is a game and it uses disk files for
keeping track of old scores,  for  overlay  space,  for  temporary  scratch
space, or whatever the reason; then the TRAPDISK program would give lots of
disk  read/write  warnings  even  though  X  may  not  be  in the least bit
malicious.

In short, TRAPDISK may well be an effective program for  doing  quick  (and
dirty)  tests on new programs, but the user really should take its messages
(or lack thereof) with a grain  of  salt,  and  by  no  means  consider  it
conclusive.

Ken

Kenneth R. van Wyk                   Calvin: I'm gonna learn to ride this bike
User Services Senior Consultant         if it kills me! ...  AAAAAUUUGGGHHH!!!
Lehigh University Computing Center   Hobbes: Did it kill you?!
Internet: <luken@Spot.CC.Lehigh.EDU> Calvin: No, it decided to maim me first.
BITNET:   <LUKEN@LEHIIBM1>

--------------------

Date:         Wed, 5 Oct 88 11:35:17 EST
From:         Joe Simpson <JS05STAF@MIAMIU>
Subject:      nVir virus

The listserv at scfvm  has  a  very  nice  suite  of  documented  Macintosh
anti-viral  software,  including  a  comprehensive  hypercard documentation
stack.

--------------------

Date:         Wed, 5 Oct 88 12:33:12 EDT
From:         Loren K Keim   -- Lehigh University <LKK0@LEHIGH>
Subject:      Conference Outline/Agenda

Because I cannot get mail through to all conference attendies, I  will  put
it up here. There is no need to read this if you don't wish to.

[OUTLINE OF CONFERENCE]

I believe everyone has already made flight arrangements,  if  anyone  needs
help, please contact me (215) 865-3904. I have sent out a number of packets
to  people attending, some haven't gone out yet, because I'm not sure those
people are coming.

For those of you who don't have hotels yet, directly across  from  the  ABE
airport  is  the  Sheraton Jetport Lehigh Valley (Phone: 215-266-1000). The
conference will not be too far from the airport, so this should be  a  good
place  to  stay.  The  prices  here are a bit higher than some of the other
hotels for those of  you  on  tight  budgets.  Nearby  the  airport  is  an
Econolodge  (Believe  it or not, its not a bad hotel! Phone: 215-867-8681),
as well as a Macintosh Inn (Good for those of you who like Apple Equipment,
I cannot find the phone number for this, I'm still looking),  and  the  Red
Roof  Inn (I have heard a number of complaints about this hotel, so you may
want to avoid it. It looks nice  from  the  outside,  but  rumors  pervade.
215-264-5404).

[Friday, Oct 21]:

Approximately half of those coming to  the  conference  will  be  there  on
Friday. Introductions will be in order, we will hand out copies of the book
(although  copies  will  be available to those coming Saturday). We will be
holding this introduction at one of my offices. This will be  held  at  701
Main Street in Hellertown (a suburb of Bethlehem).

Those of you who have gotten directions in the mail have gotten a small map
of the area, so it will be easier for you to find things, but for those  of
you who might not get mail in time:

Directions from Sheraton Jetport, follow Airport Rd South to  Rt  22  East.
Take  the  next exit off 22 onto Rt 378 South. Follow Rt 378 to the Hill to
Hill Bridge (a large old structure where the road  narrows,  its  the  ONLY
large  bridge on the road so it is recognizable.). Bear left off the bridge
onto 3rd Street of South Bethlehem (Its the old section of town, so  please
excuse  its appearance, its undergoing revitalization). At any of the first
four traffic lights, make a right hand turn and a left on  the  next  major
road,  4th  st. Follow 4th street for about 4 miles, the road will curve to
the  right  twice.  Eventually,  4th  street  will  become   Main   Street,
Hellertown.  Our  office  is  a  Century 21 Keim Realtors, but its new so I
doubt we'll have a freestanding sign by the time  of  the  conference.  The
easiest  way  to  recognize  the building: You will see a new highway being
constructed OVER Main Street; this is the new I78 project that's getting so
much national attention. We are DIRECTLY across from the furthest exit,  at
a stoplight which has not been turned on yet. We are between Gutshall Chevy
and Potts Doggie Shop.

6:00 PM - 7:00 PM - Introductions with Coffee and Snacks,  handing  out  of
book.

7:00 PM - 8:30 PM - What Are Viruses? What are viruses, what forms do  they
take,  including  boot  sector viruses, .EXE viruses, Unix and VMS viruses,
and a look at some of the new MacIntosh woes. Reviewing and  outlining  the
ways  the  Lehigh,  Brain,  Christmas  and  Israeli  viruses  worked.  Also
comparing the Brain and Yale Viruses.

8:30 PM - 9:00 PM - Questions

9:00 PM - Morning - Discussion, adjourning to a local bar or restaurant  to
talk.

Saturday, Oct 22:

Much easier directions, we'll be holding it  at  WALPS  Restaurant  at  the
corner  of  Airport  Road and Union Blvd for ease. Simply follow Airport Rd
South for about 2 1/2 miles to Union Blvd, Walps  will  be  on  your  left.

10:00 AM - 11:00 AM - Coffee will be served,  "Tracking  Computer  Viruses"
will be the topic covering how some groups track computer viruses, and some
examples.

11:00 AM - 12:00 Noon - A look at "Computer Tape Worms",  their  uses,  how
they  can  cause damage, and why they might be the virus of the future. The
damage they can cause. How we'll have to stop damaging ones.

12:00 PM - 1:00 PM - Break for lunch. People are welcome to  stay  and  eat
lunch  at  Walps,  but  Union  Blvd is a fast food lovers paradise, it also
contains a major AT&T research facility. People  can  discuss  what's  been
said so far.

1:00 PM - 2:00 PM - Computer Security  Concerns  I.  Are  schools  in  real
danger  of  losing research? How can we protect our businesses and colleges
from the dangers?

2:00 PM - 3:00 PM - Computer Security  Concerns  II.  System  Integrety  in
large  networked  environments and mainframes. Government security designs,
banking systems  and  virus  defense  designs.  Included  will  be  Limited
Transitivity  models,  Limited Functionality concerns, Bell-LaPadula Model,
the Biba Model, Complexity Based Functionality, and the  Separation  Model.
Future concerns will be discussed.

We're going to break up early,  although  people  are  welcome  to  discuss
Computers  and  Security,  I  feel  this  lecture  will  provoke  a  lot of
conversation. You have time to wander and find dinner.

6:00 PM - 9:00 PM - Back in the  Hellertown  office,  we  will  be  holding
demonstrations.  We will be demonstrating various viruses, including a Unix
virus, various anti-viral programs and  hopefully  a  Worm  program.  Again
Coffee  and snacks (baked cookies, brownies and so on) will be provided. We
will also at this time be having a  panel  discussion.  Questions  will  be
fielded by a panel of anti-virus program writers.

Sunday, Oct. 23:

10:30 AM - 12:00 Noon - "Future Virus Concerns", closing up the lecture  on
Computer Security, and open forum on ideas and questions.

12:00 Noon - 1:00 PM - Lunch

1:00 PM - 4:30 PM - Some controlled discussion, some open forum.  We'll  be
discussing  possible  protection schemes, reviewing some of the ideas we've
gone over, hopefully working on a new conference some  time  next  year  in
another  part  of  the  country, discussing the possible dangers to the ATM
networks and the dangers to telecommunications.

I think the main emphasis of this conference will be a pulling of ideas and
hopefully getting some people to meet and discuss  problems  face  to  face
rather than over a computer.

Comments:

University of Texas, I've had problems getting through to you, please write
me at LKK0@LEHIGH or call me at 215-865-3904.

We'll have a price for the book some time in the next few days.

People who haven't so far, please write me and tell me  what  day  you  are
coming in.

Dennis Director, please call me.

Also, a number of people mentioned  that  they  would  like  directions  to
Philadelphia  to  see the sights and so on. I'll be making full maps of the
Lehigh Valley Area, Pennsylvania and Philly available to you when  you  get
here. If you are coming early, I will mail them to you, please let me know.
If  anyone  wants  to  spend an hour and a half to trek to New York City, I
will try to get you some maps.

Any questions???   Loren Keim

--------------------

Date:       Wed, 5 Oct 88 23:40:53 EDT
From:       me! Jefferson Ogata <OGATA@UMDD>
Subject:    verbosity

Has anyone else ever noticed that  postings  disdaining  the  verbosity  of
other postings are invariably between 3 and 5 times as verbose as what they
criticize?  This seems to hold over a number of mailing lists. - Jeff Ogata

--------------------

*** end of Virus-L issue ***