From: Anthony Appleyard <XPUM04@prime-a.central-services.umist.ac.uk>
To: DAVIDF@cs.heriot-watt.ac.uk
Date:         Wed, 20 Jun 90 16:33:40 BST 
Message-Id:   <$TGWGCZNQBTRC at UMPA>
Subject:      Virus-L vol 0 issue #1023


Virus-L Digest Sun, 23 Oct 88, Volume 0 : Issue #1023

Today's Topics

virus
Virus Conference
The Virus Conference - thank you
The Book / Effects of the Conference

------------------------------

Date:         Sun, 23 Oct 88 13:07:17 EDT
From:         Jean Coppola <SSAT@PACEVM>
Subject:      virus

Well we have a little more on the Norton virus. It eats command.com and the
system files, as well as destroying both Fat tables and  all  know  backups
like  Mace  utilties  and  Disk  optimizer  produce.  This is a little more
vicious than most because a FULL format of the hard disk is required  after
being attacked. By full I mean both low level and dos formats must be done.
Otherwise  the  little bugger is still on the disk (boy did we find out the
hard way) and will reattack you at a later date.

--------------------

Date:         Sun, 23 Oct 88 18:00:15 EDT
From:         "David A. Bader" <DAB3@LEHIGH>
Subject:      Virus Conference

I would like to thank the eight out-of-town individuals who I  met  at  the
virus  conference this weekend in the Lehigh Valley, Pa. I can't say that I
learned anything that I didn't read on virus-l, but being able  to  discuss
these  topics  in  a  little  greater  depth and on a closer basis was very
informative. I handed  out  disks  to  most  of  the  participants  with  a
collection of public domain anti-viral/trojan packages and would appreciate
any  comments  and evaluations of these products sent to me. (Especially on
FluShot Plus 1.4; it seems as though no one will  try  this  package,  even
though  it has most of the bugs worked out from the older versions.) Thanks
a lot, David Bader DAB3@LEHIGH ZDABADE@VAX1.CC.LEHIGH.EDU

P.S. To the Calgary Contingency:  When  Chris  and  I  make  our  ways  out
there... we'll be sure to call.

--------------------

Date:         Sun, 23 Oct 88 23:15:20 EDT
From:         Loren K Keim   -- Lehigh University <LKK0@LEHIGH>
Subject:      The Virus Conference - thank you

Actually David, I'm intrigued by your comments:

You mentioned something about  all  that  we  discussed  were  old  virus-l
topics,  and  I  don't  believe that's ctrue. Since you weren't present for
quite a bit of the conference, you may have missed some of  the  things  we
discussed,  but  we  did  go over organizations tracking viruses, integrity
systems including  the  Bell-Lapadula,  Limited  Transistivity,  Complexity
Based Integrity and Separation (I think we have baredly touched on these on
the  list), and we did talk about Wroms in greater detail than on the list.

We ended up having a  total  of  14  people  show  up  for  the  conference
(although several people were there only half the ftime).

I had gotten worried early on that the conference might have  problems,  we
had  two people call and cancel at the last minute, two that said they were
coming never showed (JD Where are you?), and two groups  that  said  they'd
send  representatives  didn't.  We  had  the  additional  progblem that the
printer company I usd to print and bind the  books  seems  to  have  broken
their tape binding machine and we had to give out the book in loose form in
folders.

However, as one person stated "Its easier to talk, discuss subjects and get
points across in smaller groups", and I think it went quite well. We had an
excellent group of people with a greatly varied knowledge  of  the  subject
viruses

I do want to say thanks to everyone who came! It  was  really  appreciated,
and I hope you all took something out of the conference.

The conference ended up being more informal than formal and I believe  that
worked  quite  well  with  this group of people. It's always interesting to
meet people who you have been discussing  subjects  with  for  some  months
without meeting them face to face. Thanks go to Chris Haller of Cornell who
corrected  many  of  my  spelling atrocities (that word isn't even close is
it?) Also, Steve Okay from the Source took notes on his  laptop  throughout
the 3 days and apparently will be making the notes available in the future.
Because  it  was  lengthy, I believe it will take him some time to confvert
his notes to something readable. (Please excusse my typing, I  seem  to  be
missing the backspace key)

Thanks to all who made this conference psossible!

Loren Keim

--------------------

Date:         Sun, 23 Oct 88 23:41:43 EDT
From:         Loren K Keim   -- Lehigh University <LKK0@LEHIGH>
Subject:      The Book / Effects of the Conference

Reading through my notes and letters to me, several people have asked if  I
think  we'll  see  any  effects of the conference. I'd like to forward this
statement through the list to everyone who did come and ask  them  if  they
think it helped them.

For me, I got a number of ideas and quite a bit of help on correcting mahny
of the ideas I had previously. Joe Sieczkowski gave us some unique ideas on
Unix protection schemes, which I greatly enjoyed and we may  see  something
come  of that over the next year. I believe the group helped him to look at
different aspects of what he wanted to do  .  Hopefully  we've  also  given
people  that little bit of information that they might need to help prevent
viruses in the future. I believe there were a few good points about network
security, and we may see more security at some  colleges  through  networks
due to some of our discussions. I really felt it was much easier to disucss
the  problems  in  group  than to write them in short letters over the net.

As for the book, we've gotten numerous requests for  it.  We  have  located
another  printer and gotten some prcice quotes today for anyoje interested.
I want to point out that the price I am setting the  book  /  notes  at  is
about  5  prercent higher than MY cost. I'm doing that to cover the expense
of the conference (I ran into the hole on it slightly), and to make sure  I
am  covered, as I always seem to underestimate the costs. I'm pointing aout
that I'm not making money off this for the  simple  reason  that  we  can't
advaertize  over bitnet and I've already had one woarning that I may not do
so.

The book is broken down into a few sections:

- Introduction to Computer Viruses (Definitions, Detection methods)
- Background and Experiments (From Von Neumann through Kraus through Cohen,
  including Computer VWorms, Core Wars and so on)
- Major Viruses  and  Resultant  Detection  Schemes  (Mainframe  and  Micro
  viruses  including  the source code to the Christma Exec which now should
  be powerless and has been published elsewhere, and a look at  2  versions
  of the Brain, Lehigh, Aldus and the Israeli)
- Early Defense Methods (Partition Models and Flow Models)
- Practical Defense Methods (Complexity Based Integrity and other ideas)
- The Future (Secure Systems in danger, dangers viruses pose)

and 4 appendices :

-  Term Glossary
-  List of Known Viruses
-  Viruses in the Classroom
-  Virus Law

I will also include a paper that Pam Kane sent me.

(Those of you who have already gotten thr packet, as I said, I am going  to
enhance  the "Future " Section, and include the 3 missing appendices in the
mail this week)

The known viruses section is a bit sketchy in that it doesn't include quite
a few viruses in existance. I would like to see a break down or flow  chart
of  how  each virus works from a reputable source before I s include it, so
anyone who has worked with one recently, please send me  what  you  can  to
LKK0  at  LEHIGH.  I  do  inlcude  a  number  of viruses howevera and their
breakdowns).

Prices:

The Book - Tape Bound / Soft Back / Printing on Right page only... 18.50
The Book - Tape Bound / Soft Back  /  Printing  on  Left  page  only  (some
     requested this bcause it's easier to take notes on the right)... 22.50
(The publisher has to actually physically turn half of it around and  wants
     more to do that)
The Book - Spiral Bound / Soft Back / Printed on Right... 20.00
The Book - Spiral Bound / Soft Back / Printed on Left...  22.50
The Book - Hard Bound  / Hard Spine / Printed on Right... 45.00
The Book - Hard Bound / Hard Spine / Printed on both sides... 48.00
The Book - Spiral Bound / Printed on both sides...  22.50
The Book - Tape Bound / Soft Back / Printed on both sides ... 21.00

For anyone who wants a copy oin the US... please send 4.50 to cover  P&S...
I  will  return the unused portion if any. In Canada or Germany (or anywher
for that matter, I just happen to have people in both who  want  copies)  I
don't have a n exact quote yet on mailing costs so hold off a little while.

Send it to : Loren K Keim, P.O. Box 2423, Lehigh Valley, Pa 18001

Incidently, when I talk about defense methods in the book, I just  describe
them,  I don't prove them matehematially, although I've been asked at times
to do so. I will be trying to put together a book  later  this  year  (with
much  better  editing)  which will be about defense methods, including some
ideas I've had and several that have been send  to  me  (with  full  report
going  to  the  author  of  each)  and will be shoing the math. I ll try to
pubisdh that if I can.

If you have any questiosn, don't hesitate to write:...

Loren Keim

--------------------

*** end of Virus-L issue ***