home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl3
/
virusl3.17
< prev
next >
Wrap
Text File
|
1995-01-03
|
22KB
|
487 lines
VIRUS-L Digest Monday, 22 Jan 1990 Volume 3 : Issue 17
Today's Topics:
Jury for Morris Trial
Re: Internet worm writer to go to trial Jan 16th. (Internet)
Internet Worm Trial
Internet Worm Trial
Re: Ethical Judgement of the Internet Worm
Internet Worm Trial
Re: Academic Press makes good! (PC)
CLEANP56, SCANV56 and SCANRS56 uploaded to SIMTEL20 (PC)
Universal virus scan.
Re: theoretical virus scanning
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's
LEHIIBM1.BITNET for BITNET folks). Information on accessing
anti-virus, document, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
- Ken van Wyk
---------------------------------------------------------------------------
Date: Fri, 19 Jan 90 15:15:00 -0500
From: "ROBERT M. HAMER" <HAMER@Ruby.VCU.EDU>
Subject: Jury for Morris Trial
Irving Chidsey <chidsey@smoke.brl.mil> writes:
>damon@umbc2.umbc.edu (Damon Kelley; (RJE)) writes:
>
><Isn't a "jury of his peers" called for here?
><
>< She said that the trial would be more impartial if the jury is
><composed of non-tech persons. Comments?
>
... stuff deleted ...
>defense gets more of the latter. Both sides were probably afraid of
>computer knowledgeble jurors because they know something about
>computers. Neither side wants experts on the jury, they are too hard
>to sway and lawyers prefer pliable jurors who can be convinced by
>rhetoric.
I have served as an expert witness and consulted for lawyers in
several cases in which statistical expertise was needed. I will go a
bit further than mr Chidsey:
Lawyers not only do not want 'experts,' they do not particularly want
highly educated people. They HATE Ph.Ds. We are unpredictable, and
likely to pay attention to the things we want to attend to rather than
the things the legal system wants us to attend to. Luckily for
lawyers (and unfortunately for our legal system) most people with
education manage to get themselves excused from jury duty, leaving the
jury pool composed of the unemployed, homemakers, and the retired.
------------------------------
Date: 20 Jan 90 00:49:42 +0000
From: spaf@cs.purdue.edu (Gene Spafford)
Subject: Re: Internet worm writer to go to trial Jan 16th. (Internet)
damon@umbc2.umbc.edu (Damon Kelley; (RJE)) writes:
> I just wanted to inform the readers of this list that Robert
>T. Morris of Arnold, Maryland is going to trial this January 16, 1990
>for unleashing (was it "The Great Internet Worm?") a worm that
>immobilized a certain computer network in November of 1988. Mr.
>Morris is a student who was suspended from Cornell University because
>of his actions.
The trial started January 8. I believe that all witnesses have been
heard for both sides by now, and the final arguments and charge to the
jury will be made on Monday (the 22nd). Expect a verdict Monday or
Tuesday -- it's a single count charge and I don't think the jury will
have too hard a time deciding it.
> When I read the article that I got the above information from,
>I was a bit shocked that the jurors were deliberately picked by the
>U.S. Justice Department lawyers because didn't know *anything* about
>computers. Would the jurors understand enough of the computer talk
>thrown between defense and prosecutor to reach a truly informed
>verdict?
The reporters (and you) don't understand the situation. I was there
to testify as a witness and spoke at some length with the prosecutors
and some others associated with the case.
The fact that the jury is composed of people who don't have computer
experience is an artifact of the jury pool and selection process, not
something done on purpose. The jury pool is dominated by older
people, including many retirees. Professionals and students are
often excused from jury duty because spending 3 weeks on a jury
might be a real hardship for them. Plus, Syracuse is not exactly like
Boston or Sunnyvale where you have a high percentage of
computer-literate adults ready to serve.
The prosecution used none of their challenges to strike anyone from
the jury because of their computer use (I was told this by the
prosecutors). However, the defense MAY have used some of their
challenges to strike computer-literate people from the jury since it
is in their best interest to confuse the jury with jargon and computer
terms. If the jury cannot understand what happened, they will find it
difficult to decide guilt beyond a reasonable doubt.
> My mother and I discussed the issue. I said that the trial
>would be unbalanced and handled badly because every little techie term
>would have to be explained over and over again to the jury, slowing
>down the trial process. Isn't a "jury of his peers" called for here?
A jury of his peers would be 12 careless hackers with little concern
for other people's ownership of their machines and software. (Okay,
so we can have a jury of OSF hackers. :-)
> She said that the trial would be more impartial if the jury is
>composed of non-tech persons. Comments?
What's impartial? A jury of little old ladies who all think that Robert
looks like their grandsons would be worse than an otherwise random jury.
> Does the Justice Department have a prejudice against computer
>enthusiasts? Perhaps so. In the article I read, the lawyers excluded
>persons who owned computers, but included persons whose jobs involved
>"pushing buttons," such as flight reservation clerks and insurance
>claim processors.
The reporters don't understand the nuances of jury selection and are
making the wrong conclusions. And no, the prosecutors do not have
anything against computer enthusiasts at all. Quite the opposite.
- --
Gene Spafford
NSF/Purdue/U of Florida Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
------------------------------
Date: Fri, 19 Jan 90 22:14:00 -0500
From: WHMurray@DOCKMASTER.ARPA
Subject: Internet Worm Trial
>I would remind you that he _allegedly_ unleashed the Internet Worm.
>Innocent before proven otherwise and all that stuff, you know...
Not so. It is a finding of fact that he released the worm. It
is alleged that that was a criminal act. He is guilty of
releasing the worm. He is innocent of a crime until it is proven
that the act was criminal.
William Hugh Murray, Fellow, Information System Security, Ernst & Young
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
------------------------------
Date: Fri, 19 Jan 90 22:42:00 -0500
From: WHMurray@DOCKMASTER.ARPA
Subject: Internet Worm Trial
>This raises the questions of appropriate punishment and rehabilitation.
>What punishment is appropriate for what he did?
The law provides for a fine of up to $250,000 and up to five years in
a Federal penetentiary. However, this punishment is intended to
protect society from criminal acts.
There is also the issue of the obligation that a postulant to a
profession owes the profession and what requirements the profession
places upon aspirants to the profession. Most Professions will not
grant credentials to convicted felons. Neither will they grant
credentials to those that violate the canons of the profession during
their training. They will will revoke the credentials of those who
violate the canons of the profession. The professions do this to
protect the reputation of the profession and the integrity of the
credential rather than to punish the violator.
>Can he be rehabilitated?
There seems little doubt that young Morris can be rehabilitated.
>Should he then be employed in the field (of) Computers?
That depends upon where the profession sees its interests. If he were
an aspiring physician and violated the ethics of Medicine, he could be
employed in medicine but would not likely be granted professional
credentials.
>If not, does this mean that breeding virii is the unforgivable
>sin?
No, only that it is not behavior tolerated by a profession of its
members.
>Or just that although he can eventualy be forgiven, he cannot be
>trusted?
The sanction is not invoked because the individual is no longer to be
trusted, but rather to be sure that the profession is.
William Hugh Murray, Fellow, Information System Security, Ernst & Young
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
------------------------------
Date: 20 Jan 90 19:11:01 +0000
From: khijol!erc@cs.utexas.edu (Edwin R. Carp)
Subject: Re: Ethical Judgement of the Internet Worm
WHMurray@DOCKMASTER.ARPA writes:
>I suspect the conclusion of the authorities at Cornell that young Morris
>acted with "reckless disregard" for the consequences is the closest that
>we will ever get to an ethical judgement about his actions.
[...]
>Of course the ACM does have such a code, and it is likely that young
>Morris has or would subscribe to it. However, it did not deter him.
>Since his lawyer plans for him to testify, we will likely get to hear
>his rationale for his behavior. However, I doubt that he seriously
>considered the ethics of his actions until confronted with the
>consequences.
Why is it likely that "young Morris" has or would subscribe to any
moral or ethical code, other than his own? I find the discussion of
computer ethics particularly amusing, considering the political
posturing, infighting, and one-upmanship games played by so-called
"professionals". Everyone else, it seems, follows their own ethical
code, so why expect someone else to uphold an ethical code in one
area, while refusing to uphold a similar ethical code in another?
>Had he done so, I am not sure that it would have altered his behavior.
>Like many of his defenders in the net, I suspect that he would have seen
>as ethical, or as not an ethical issue. There does not seem to be a
>concensus among his contemporaries that that kind of behavior is
>reprehensible. Neither does there appear to be a concensus among them
>that they have an interest in an orderly playground.
Who does? Orderly, perhaps, in one's own viewpoint, which may not
match another's, so can hardly be viewed as a "concensus".
>Note that though Morris aspires to be a professional in the field, and
>is, therefore, subject to professional sanctions, most of his
>contemporaries who use computers have no such aspirations and are not
>subject to such sanctions.
He is not necessarily subject to professional sanctions, at least not
those as harsh as would be assessed on yourself (or me, for that
matter). A child is not assessed the same punishment as an adult for
the same crime. If a man drives his car down the street in a reckless
manner, and in doing so runs over and kills someone, that man is
liable for civil damages as well as severe criminal penalties. A
child who does the same thing has a much less strict penalty accrued
to him.
The point being a child is still in a learning process, whereas the
adult is assumed to know better (a dangerous assumption, admittedly).
>It seems equally clear that this profession does not have sufficient
>integrity to inoke such sanctions. Though Cornell concluded that he
>did it (and he does not deny it), they have said that he is eligible
>to re-apply for admission to continue his studies. Other
>"responsible" members of the profession have been willing to employ
>him. Thus his contemporaries could conclude that, while such actions
>might be in technical violation of the ACM's code, they are not in
>violation of community standards.
The Internet is generally regarded as an experimental media for the
proliferation of experimental software and techniques by students (who
are still learning), as well as professionals. Some of the traffic
carried by the network is of such low quality that one questions the
professionalism of those proliferating such traffic. However, *their*
integrity is never questioned.
Who can conclude otherwise, when society itself rewards those who "get
away" with moral and ethical "crimes" (and sometimes criminal), while
at the same time punishing those who have the courage to stand up to
those perpetrate such unethical behavior. I shudder to think what
would happen to my marketability if I were to pursue litigation
against one of the largest employers of computer "professionals" in
this country (litigation that my attorney assures me I would win). On
the other hand, unethical and downright illegal activities perpetrated
by this same company are ignored and even condoned as "good business
sense". One can only interpret this to mean that "good business
sense" entails doing anything to make a buck and prevent your
competition from doing so, as long as you don't get caught, and even
then, it's "may the best lawyer win". It's no longer a case of what
you do, but how you can make it look.
>If the profession and society are to be protected from such impolite,
>disorderly, and destructive behavior, then we must reach a collective
>conviction we are prepared to consistently support in both
>voice and action. In the absence of such a concensus, we can expect
>more of the same.
I must disagree. If we held everyone to the same standard of conduct
that you propose, half of the programmers and most of the managers in
the DP arena would immediately lost their jobs. Even managers, who
should know better, display immature, disorderly, impolite, and
destructive behavior to a much higher degree than does the average
programmer, because their position allows them to escape the
consequences of their childish and irrational behavior. Even in
academia, such games constantly proliferate.
If we insist on judging others, let us be measured by the standards the we
wish to impost upon others.
If we wish to judge Robert Morris on his behavior and conclude that it
was childish, immature, destructive, impolite, or improper, let us
look to our own ranks and ask ourselves the question: Are we *really*
any better?
- --
Ed Carp N7EKG/5 (28.3-28.5) uunet!cs.utexas.edu!khijol!erc
Austin, Texas (512) 832-5884 "Good tea. Nice house." - Worf
"The best diplomat I know of is a fully activated phaser bank." -- Scotty
------------------------------
Date: Sat, 20 Jan 90 14:44:00 -0500
From: WHMurray@DOCKMASTER.ARPA
Subject: Internet Worm Trial
>I can hardly imagine the software industry ostracising "Young
>Morris" for this offense. His kind of smarts are worth big, big
>bucks, .....
Perhaps. However, that is a short term view. The software industry
is only a few decades old. Over time their view of their self
interest may change. Incidentally, critics of the code were not much
impressed with its creativity or quality.
> .......and he is most unlikely to pull this kind of crap on a
>development company's LAN.
That is an interesting assertion. I would be interested in your
rationale. It may be similar to that employed by SRI International
when it decided to employ "Dark Dante."
While people often abandon behavior which they find to be
self-destructive, they rarely give up behavior which they perceive as
making them famous or wealthy, or which is otherwise seen as being
valued and rewarded by others. If you hire someone in spite of
hacking, and for work unrelated to hacking, they may do what you hired
them to do. However, if you hire them BECAUSE of hacking, and for
work that is related to hacking, you are naive if you expect them to
stop.
Also, the distinction between professional and non-professional work
applies here. Permitting young Morris to work writing code under
supervision would be one thing. Employing him to work deciding what
code is to be written, without supervision, and directing the work of
others, might be another.
Since some software has been written as individual effort, some
thought experiments might be useful here. Given a choice between code
with Ken Norton's name on it and code with Morris's name on it, which
would you choose? Which do you think the majority of buyers would
choose? If you were Morris, would you attempt to sell your product
under your own name or a under a psuedonym?
William Hugh Murray, Fellow, Information System Security, Ernst & Young
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
------------------------------
Date: Fri, 19 Jan 90 21:52:11 +0000
From: Carolyn M. Kotlas <kotlas@uncecs.edu>
Subject: Re: Academic Press makes good! (PC)
Subject: Re: Academic Press makes good! (PC)
In article <0001.9001191231.AA26811@ge.sei.cmu.edu>, IRMSS100@SIVM.BITNET
writes:
> I'm not sure why it took them so long, but at least AP is taking
> responsibility. I imagine their senior executives are holding
> their aching heads and wondering why they decided to enter the
> software publishing business. Books never require product recalls.
^^^^^ ^^^^^ ^^^^^^^ ^^^^^^^ ^^^^^^^
Not so! Microsoft Press had to recall their first edition of the
MS-DOS Encyclopedia due to an embarrassingly large number of errors.
We had to get authorization from the publisher to send our copy back
and qualify for a replacement copy. (Couldn't just send back the
manual's title page to prove our legal ownership.) It was about a year
(and several phone calls) before we finally got our non-beta edition
of this book.
Carolyn Kotlas (kotlas@uncecs.edu)
UNC-Educational Computing Service P. O. Box 12035 2 Davis Drive
Research Triangle Park, NC 27709 State Courier #59-01-02 919/549-0671
------------------------------
Date: Fri, 19 Jan 90 12:27:00 -0700
From: Keith Petersen <w8sdz@WSMR-SIMTEL20.ARMY.MIL>
Subject: CLEANP56, SCANV56 and SCANRS56 uploaded to SIMTEL20 (PC)
Yesterday I announced new versions of McAfee Associates' anti-virus
programs. Today I received updates and they are now on SIMTEL20.
These files were obtained from the HomeBase BBS.
pd1:<msdos.trojan-pro>
CLEANP56.ARC Universal Virus disinfector, heals/removes
SCANRS56.ARC Resident virus infection prevention program
SCANV55.ARC VirusScan, scans disk files for 61 viruses
--Keith Petersen
Maintainer of SIMTEL20's CP/M, MSDOS, & MISC archives [IP address 26.2.0.74]
Internet: w8sdz@WSMR-SIMTEL20.Army.Mil, w8sdz@brl.arpa BITNET: w8sdz@NDSUVM1
Uucp: {ames,decwrl,harvard,rutgers,ucbvax,uunet}!wsmr-simtel20.army.mil!w8sdz
------------------------------
Date: Fri, 19 Jan 90 19:56:06 -0400
From: GEORGE SVETLICHNY <USERGSVE@LNCC.BITNET>
Subject: Universal virus scan.
In Virus-L V3 No 15, Dave Myers (mummy!dave@asuvax.eas.asu.edu) expreses
a doubt about Vesselin's (T762102@DM0LRZ01.BITNET) proof of the
impossibility of a universal virus detector(Virus-L V3 No 13):
> I may be missing something, but it seems the above program makes the
> assumption that A cannot detect some virus. If A can detect all
> virisus then P1 will in fact be unable to infect another program and
> is thus not a virus.
>
> dave
You're not missing anything Dave, it'p precisely the *assumption* that
A detects all viruses that is shown to be untenable, and so no such
algorithm can exist. Reductio-ad-absurdum pure and simple. Think of it
this way: your friend *claims* he has a universal virus detector A.
You write Vesselin's program P1, and give it to your friend. He runs A
on it. If A say "O.K" you invite him (grinning) to run P1 on his
machine. If A says "Virus" you run P1 on *your* machine (also
grinning). In any case A was fooled.
The same type of informal proof can be used to show the impossibility
of an algoritm to say if a program will stop or not. Let now A(P) mean
"program P will stop" and write the program
Program P2
begin
if A(P2)
repeat
while TRUE
else
exit
end
A very simple argument and very powerful.
George Svetlichny usergsve@lncc.bitnet
/\/\/\/\/\/\/\ (Waves on Copacabana beach, its 40 Centigrade here).
------------------------------
Date: 20 Jan 90 04:18:17 +0000
From: kelly@uts.amdahl.com (Kelly Goen)
Subject: Re: theoretical virus scanning
All proofs aside on a practical level... it is possible with memory
protection architectures to defend totally(well at least 99% of the
time) against intrusion by infectious processes...I speak from
REAL-LIFE experience here... so all these great proofs again theory
and real-life do not match or perhaps the theory is a CROCK of
S____!!the remaining 1 % are easily caught by an informed and
knowledgable user....I for one am not going to give up and claim its
impossible to detect all viruses..... flames >/dev/null
cheers
kelly
p.s. when your conclusions appear to be in error check your premises...
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253