home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.33
< prev
next >
Wrap
Text File
|
1995-01-03
|
11KB
|
238 lines
VIRUS-L Digest Wednesday, 1 Feb 1989 Volume 2 : Issue 33
Today's Topics:
'Virus' term usage
Re: CP/M Viruses
Re: Virus Terminology
Re: Origin of the term `virus'
Virus epidemics. Is the hype too much?
Categorizing viruses
---------------------------------------------------------------------------
Date: Tue, 31 Jan 89 10:02:08 EST
From: Jefferson Ogata (me!) <OGATA@UMDD.BITNET>
Subject: 'Virus' term usage
One simple reason the term 'virus' wouldn't be used of code before 5
or so years ago is that until about 9 or 10 years ago, the general
public wasn't all that familiar with the details of how a biological
virus works. And those who did know probably wouldn't bother using
the term, since few would understand why it would be appropriate.
You'll also find that in the Middle Ages, not many people used the
term even for biological viruses. :-)
- - Jeff Ogata
------------------------------
Date: Tue, 31 Jan 89 10:22:13 EST
From: Art Larky <AIL0@LEHIGH>
215 Packard Building 19
Subject: Re: CP/M Viruses
I don't know of any CP/M viruses and I suspect there were few or
none. The current virus outbreaks are based upon a couple of things
which weren't applicable to CP/M:
(1) There wasn't as much trading of files and disks because there
wasn't as many personal computers and Bulletin Boards around.
(2) CP/M systems were not accessible at the hardware level to the
same extent as PC's because everyone's hardware was different. My
BIOS is similar to those of other persons, but the underlying ROM
routines are ones that I wrote myself; the disk addresses were chosen
by me; my screen display is similar to some, but not all CP/M systems.
In fact, my screen display is different from the one I started with
and I had to change my programs and my ROM because of it.
(3) There weren't as many assembly language programmers out there
because there weren't as many computers by a factor of 100,000 or
1,000,000 to 1. The more people who have computers to play with and
know how to program, the greater the likelihood of there being a
combination of weirdo and programming in one sicko.
All of which supports what I said before, you can protect yourself
from some viruses by making your system different; e.g., your own
names for files like autoexec.bat and command.com.
Art Larky
CSEE Dept
Lehigh University I know I'm not speaking for Lehigh University,
there's no reason for you to think so either.
------------------------------
Date: Tue, 31 Jan 89 10:32:16 EST
From: Jefferson Ogata (me!) <OGATA@UMDD.BITNET>
Subject: Re: Virus Terminology
J. Yeidel writes that 'virulent' is an inappropriate word for a virus
that spreads rapidly within a system, and that 'extremely contagious'
would be better. I must disagree with the second point, as 'extreme-
ly contagious' implies that the virus spreads from system to system
quickly. In fact, a virus's contagion depends on its contact with the
outside world, which is usually dependent on human factors -- does a
person swap disks often? etc.
Regarding 'benign', I think most people use it in a relative sense; no
one really means the virus does no damage, although viruses could
exist that do no damage (even as far as destroying themselves to avoid
wasting humans' time). However, 'benign' could be applied to the
'virulent' problem, in the sense it is used in describing tumors:
namely, a 'benign' virus would be one that doesn't spread throughout a
machine, and a 'malignant' virus would be one that does. At pres-
ent, 'malignant' cannot be used easily because of its ambiguity in
this regard. And a 'benign virus' may truly be a contradiction in
terms, I suppose. However, a virus could be 'benign' under some
circumstances and 'malignant' under others.
'Misimpressions'? Surely you mean 'false impressions'. :-)
- - Jeff
[Ed. I think that all of this points out yet again that there is
*much* confusion over the terminology that's used - not only by the
media, but us, the computer users/professionals. Developing a clearly
defined set of terms and making everyone understand and use them would
obviously be great, but would prove to be logistically impossible. If
we're all careful in our use of the terminology, and we even
explicitly define what we mean whenever using terms that could be
misconstrued, then perhaps we could try to eliminate *some* of the
confusion. Maybe it would be best to refrain from using such terms as
"virulent", "benign", "virus", etc.? Suggestions?]
------------------------------
Date: Tue, 31 Jan 89 11:39:52 PST
From: PJS%naif.JPL.NASA.GOV@Hamlet.Bitnet
Subject: Re: Origin of the term `virus'
I remember 8 years ago coming across the term `worm' for the first
time: it was a program (developed at Xerox, I believe) that soaked up
spare cpu cycles on networked machines to perform some lengthy,
non-critical task (disk defragmentation or computing pi); there was no
derogatory connotation. Around the same time I read a book, "The
Adolescence of P-1" (forget the author) about a program that took off
across the network in much the same was as the RTM worm, although this
one became sentient and altered technical specs for power supplies at
IBM so that it could turn itself on, survive IPLs, etc, when the
service rep installed the mod.
Peter Scott (pjs@naif.jpl.nasa.gov)
------------------------------
Date: Tue, 31 Jan 89 12:26:33 PST
From: <SPOCK@CALSTATE.BITNET> (Commander Spock)
Subject: Virus epidemics. Is the hype too much?
I just wanted to throw up an interesting idea that other developers
and myself have been talking about for the last few weeks.
Our group theorized about the recent virus epidemics that are
currently spreading around for both IBM as well as Macintosh
computers. Theory: there is big money (currently) for writing
ATNI-VIRUS software to "protect" users against the nasty 'ol viri,
right? How do we know (users and developers alike) that these
software makers of ANTI-VIRUS programs are not the true culprits
behind the distribution (initially or re-distributed) of the various
viri that's been creating havoc for the rest of the world (those
affected). I admit though, it's jumping to conclusions. But has
anyone else considered this possibility? How would we know if our
software is "safe" anymore? The problem is, we cannot.
Pleaase note that I did not infer *ANY* organizational names of any
nature, just merely threw up the possibility that we may be cutting
our throats by attempting to protect ourselves. Paranoia is the
largest factor that causes viri to be passed around. Fear of
contamination, fear of destruction; all of this creates a unique blend
of craziness.
Think it over before you purchase your next software package that
guarantees that it's "safe" of any bugs or viri.
Robert S. Radvanovsky
California Polytechnic University
Pomona, California
P.S. I will be willing to discuss this with those who feel that this
viri epidemic has gone a bit out of hand. Should you feel that you
would like to contact me, please send appropriate mailings to:
spock%calstate.bitnet@cunyvm.cuny.edu <- Internet
spock@calstate.bitnet <- BITNET
I've finally found out what our correct addresses are. Mind
you, the views expressed here are "theories", nothing more.
------------------------------
Date: Wed, 1 Feb 89 07:58:18 est
From: ubu!luken@lehi3b15.csee.lehigh.edu
Subject: Categorizing viruses
A while back (October 31, 1988 in log file VIRUS-L LOG8810E), Len
Levine (len@EVAX.MILW.WISC.EDU) suggested denoting viruses which make
use of features in an operating system as "Feature Exploiting
Viruses", and viruses which make use of bugs as "Error Exploiting
Viruses". I think that it could be a good idea to classify viruses in
a manner such as this. However, I would like to expand on Professor
Levine's idea a bit, if I may; viruses which use hardware (I use the
term "hardware" very loosely - meaning anything which bypasses the
operating system, including the BIOS) to propagate should be
classified as "Hardware Exploiting Viruses".
Hardware Exploiting Viruses (HEVs) would thus be isolated to PCs and
other (expletive deleted) computers that have no sort of hardware
protection in the form of, for example, privileged commands for
accessing i/o devices. An example would be the Brain virus which uses
ROM BIOS routines to write to the boot sector. This would not work if
the hardware restricted BIOS/hardware access to the privileged
instructions (callable only by the operating system), assuming the OS
is functioning properly. These viruses could be stopped by adopting
computer architectures which provide such hardware security.
Error Exploiting Viruses (EEVs) would be caused by (presumably) bugs
in the operating system, such as undocumented system calls or even
documented system calls which perform in an unexpected (by the
manufacturer) manner. A hypothetical example here might be a system
call to write to disk which, when given "appropriate" parameters,
allows the calling routine to write to the boot sector due to a
programming error in the call. These viruses would probably be the
toughest of the three to stop since the bugs would generally only
become evident when programs like the Internet Worm bring them to
light. The Internet Worm is a non-hypothetical example of an EEV.
Extensive (read: costly) quality control in the form of testing could
reduce the instances of EEVs.
Finally, Feature Exploiting Viruses (FEVs) would take advantage of
procedural shortcomings such as lax usage of file read/write
permissions on a system which would allow data to move from one
filespace to another. Such a virus could propagate even on a system
which has the potential for neither HEVs nor EEVs. Rather, it would
be up to the system administration to establish proper operating
procedures, such as file permissions. An example of an FEV is the
Lehigh Virus, which made use of MS-DOS operating system calls (INT
21H) to attach itself to COMMAND.COM files; this could be prevented by
using the MS-DOS file attribute of READ-ONLY.
It would, of course, be possible for a virus to be made up of a
combination of HEV, EEV, and FEV code. The Internet Worm, for
example, used several attack methods (sendmail bug, finger bug, etc.);
it could well have been the case that these attack methods each fell
into different categories. The Lehigh Virus could also fall into more
than one category since it used MS-DOS to propagate, but used a lower
level (Absolute Disk Write) routine to destroy disks.
Why bother with categorizing viruses? To learn more about them and to
be able to disseminate information (fixes, etc.) effectively. Of
course, that's just my opinion... Anybody have anything to add or
change?
Ken van Wyk
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253