home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.268
< prev
next >
Wrap
Text File
|
1995-01-03
|
6KB
|
128 lines
VIRUS-L Digest Friday, 22 Dec 1989 Volume 2 : Issue 268
Today's Topics:
Re: Virus trends
WDEF virus infects Lehigh (Mac)
WDEF / Apology to Mainstay Software (Mac)
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's
LEHIIBM1.BITNET for BITNET folks). Information on accessing
anti-virus, document, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
- Ken van Wyk
[Ed. You may notice a slight format change here - the Topics are
listed before the "boilerplate". This was suggested to make browsing
the subject lines easier. Goes to show you - some people only read
articles with interesting and informative Subject: lines...
"That's the news and I am out of here." - Dennis Miller, SNL]
---------------------------------------------------------------------------
Date: Fri, 22 Dec 89 09:37:04 -0500
From: dmg@retina.mitre.org (David Gursky)
Subject: Re: Virus trends
I wish to take issue with Gene Spafford's Theorem 4:
"Theorem #4) Within the next few years, there will be at least one
major problem where some purported anti-viral/security software will
be made available, and it will contain a logic bomb or trojan horse in
it that causes more damage than what it is supposed to fix. (Minor
thesis: the likely author of such software will be someone marketing
commercial security software, and the logic bomb version will be a
public-domain package not traceable to the author. The purpose -- to
discredit public domain anti-virus software.)"
This assumes the unavailability of high-quality PD/Shareware/Freeware
anti-electronic vandalism software, or rather, that at a certain
point in time, such software will not be available (i.e. the existing
software will be outmoded, as say Interferon is). It also assumes the
author is able to completely cover his or her steps, as Spaf does
correctly point out, but I would counter that this is harder than it
seems.
Consider the current situation. Of the PD/SW/FW tools in use today
(FluShot Plus, Gatekeeper, Disinfectant, et. al.), their authors are
well known, and it is well known when they release new copies of their
software. Any Trojan Horse masquerading as a tool against electronic
vandalism would therefore have to be as good as these tools, and would
probably have to be much better. Otherwise, people will simply keep
using what they are using (look at how many people still use
Interferon!) If people are not going to easily switch from one
PD/SW/FW to another, there is an inherited limiting factor on the
"effectiveness" of a Trojan Horse implanted in anti-electronic
vandalism tools.
Furthermore, the code hiding the logic bomb will have to persist in a
large number of unknown user configurations. Look at the new WDEF
virus on the Mac. It is simply incompatible with the new Mac IIci,
and it doesn't like the IIcx or any Mac with 8M of RAM that much
either.
I would worry much more about the following:
"Theroem 6": As the trend towards open systems continues, where a
given programming environment can exist over several platforms
(Examples: Smalltalk/V under the Mac OS and Presentation Manager,
X-Windows, etc), instances of machine dependant vandalism will
decrease, and environment dependant vandalism (example: The Dukakis
Hypercard Virus) will increase. The power of the specific machine's
operating system will be easier to access through these programming
environments, opening up these systems to a larger number of people,
and consequently to a larger number of vandals.
------------------------------
Date: Fri, 22 Dec 89 00:00:00 +0000
From: "Rich Silvius" <RASB@LEHIGH.BITNET>
Subject: WDEF virus infects Lehigh (Mac)
We discovered the WDEF A virus on each of the five Mac computers in
our User's Area. Two of the Macs also had nVirA. Disinfectant 1.5
was used to successfully clean up both viruses. We posted signs in
the User's Area and a system bulletin on our Network Server [Ed. IBM
mainframe] to notify the campus community. We had a small reoccurrance
the next day, but for now, all is well. Other labs were notified
about the WDEF virus and given Disinfectant. It also showed up in the
Ed Tech lab of the University.
------------------------------
Date: Fri, 22 Dec 89 12:51:35 -0500
From: jln@acns.nwu.edu
Subject: WDEF / Apology to Mainstay Software (Mac)
I have a major public apology to make to 1st Aid Software. I just
learned that their product Anti-Virus Kit is effective against the new
WDEF virus, and I have been saying that "none of the popular virus
prevention tools were effective against WDEF." This was obviously a
gross error on my part. My only excuse is that I don't have a copy of
Anti-Virus Kit that I can use for testing. This is not a good excuse
- - I shouldn't have made the statement if I couldn't back it up.
1st Aid Software deserves a great deal of credit for having the only
virus prevention tool that was capable of catching WDEF. Everybody
else failed, including Symantec's SAM, HJC's Virex, Gatekeeper, and
Vaccine. I don't know about MainStay's AntiToxin - I don't have a
copy of that either (yet).
In the future I'll try very hard not to make claims that I can't back
up with solid evidence.
John Norstad Northwestern University jln@acns.nwu.edu
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253