home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The World of Computer Software
/
World_Of_Computer_Software-02-387-Vol-3of3.iso
/
v
/
vl6-029.zip
/
VL6-029.TXT
< prev
Wrap
Internet Message Format
|
1993-02-18
|
35KB
Received: from fidoii.CC.Lehigh.EDU by abacus.hgs.se (5.65c/1.5)
id AA07213; Thu, 18 Feb 1993 19:00:48 +0100
Received: from (localhost) by Fidoii.CC.Lehigh.EDU with SMTP id AA18986
(5.67a/IDA-1.5 for <mikael@abacus.hgs.se>); Thu, 18 Feb 1993 12:22:14 -0500
Date: Thu, 18 Feb 1993 12:22:14 -0500
Message-Id: <9302181537.AA08740@first.org>
Comment: Virus Discussion List
Originator: virus-l@lehigh.edu
Errors-To: krvw@first.org
Reply-To: <virus-l@lehigh.edu>
Sender: virus-l@lehigh.edu
Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas
From: "Kenneth R. van Wyk" <krvw@first.org>
To: Multiple recipients of list <virus-l@lehigh.edu>
Subject: VIRUS-L Digest V6 #29
Status: RO
VIRUS-L Digest Thursday, 18 Feb 1993 Volume 6 : Issue 29
Today's Topics:
Re: Mainframe viruses? [Sam Wilson:06/13]
References
Defining a virus
Undecidability
Re: [Lambdin's] idea for detecting file infectors
Re: Sale of Viri
***CDEF & Disinfectant 2.9 (MAC)*****
Re: ***CDEF & Disinfectant 2.9 (MAC)*****
re:os2-stuff (OS/2)
February LAT (PC)
Micheangelo Virus (PC)
Zerotime/Slow virus (PC)
Dame virus (PC)
Tequila Virus with my Sound Package? (PC)
Stoned, McAfee Scan update and comments. (PC)
Re: MtE Infected... (PC)
Defects in Scan/Clean (PC)
DECUS Canada Symposium, Montreal, March 1-5, 1993
Conference announcement - Sixth Computer Security & Virus
Symantec address change administrivia
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc. (The complete set of posting guidelines is available by
FTP on cert.org or upon request.) Please sign submissions with your
real name. Send contributions to VIRUS-L@LEHIGH.EDU. Information on
accessing anti-virus, documentation, and back-issue archives is
distributed periodically on the list. A FAQ (Frequently Asked
Questions) document and all of the back-issues are available by
anonymous FTP on cert.org (192.88.209.5). Administrative mail
(comments, suggestions, and so forth) should be sent to me at:
<krvw@FIRST.ORG>.
Ken van Wyk, krvw@first.org
----------------------------------------------------------------------
Date: 16 Feb 93 14:28:22 +0000
>From: Sam Wilson <ercm20@festival.edinburgh.ac.uk>
Subject: Re: Mainframe viruses? [Sam Wilson:06/13]
valdis@black-ice.cc.vt.edu (Valdis Kletnieks) writes:
> brunnstein@rz.informatik.uni-hamburg.dbp.de writes:
> >Sam Wilson mentioned a "survey of 816 European and North America mainframe
> >sites (with) ...35.5% .. disasters .. 60% of which had been due to viruses".
>
> [Description of how Virginia Tech might have been counted in the
> survey deleted.]
>
> Of course, if Wilson's survey *specifically* addressed mainframe-*based*
> viruses, that's a different story. But I doubt that...
If course it didn't - that was the point. It was a survey of disasters
at mainframe sites and despite the only examples given in the text being
about PC viruses or {cr|h}acking problems the journalists still manged
to write a heading saying "MAINFRAMES HIT BY EPIDEMIC OF VIRUSES" and a
subhead saying "Mainframe systems are more at risk from viruses than
from any other form of computer disaster", both of which are clearly
stupidly nonsensical!
Sam Wilson
Network Services Division
Computing Services, The University of Edinburgh
Edinburgh, Scotland, UK
------------------------------
Date: Tue, 16 Feb 93 15:44:07 -0500
>From: Donald G Peters <Peters@DOCKMASTER.NCSC.MIL>
Subject: References
Can anyone contribute the names and dates of prominent magazines
which have done reviews of anti-virus software. All I know of is
the recent PC Week (Nov 9) issue. There must be more. This group
should be able to help (especially if a contributing vendor got
a good review :-)).
I went to the library where I work and saw a very surprisingly
large number of books on viruses, but a sampling showed they
were either old or quite simple. Can people also provide a few
names of books on viruses that they found useful and who should
be reading that book (in your opinion).
The last list I want to assemble is a list of conferences in
which virus papers are welcome. That's all for now.
------------------------------
Date: Wed, 17 Feb 93 07:11:49 -0500
>From: mar@dcc.ufmg.br (Marcio Migueletto de Andrade)
Subject: Defining a virus
NO! It is NOT another natural language definition of a virus.
In the last issues I have seen many postings that try to do that.
Now the question is: is it possible to define a computer virus
using just English words ? I think it is not.
Post a definition and in the next issue you will find at least one
counter example (most of the times a funny counter example).
It is even possible that later one shows a flaw in the flaw and so on.
(We have seen The DiskCopy Virus, The MS-DOS Virus and others).
I am not saying these definitions are not important. They ARE ! Their main
purpose is to provide information, to help in clarifying the concepts.
But one can not expect much more from them. They will always be a little
ambiguous, imprecise, incomplete, just like any other natural language
definition. If you needs precision, turn to a mathematical definition.
I know it has its own problems, but you can not get all...
Marcio.
------------------------------
Date: Wed, 17 Feb 93 07:23:16 -0500
>From: Y. Radai <RADAI@vms.huji.ac.il>
Subject: Undecidability
I wrote:
>> I claim that if
>> one chooses definition (c), and if <condition> is something which is
>> sometimes satisfied and sometimes not (e.g., if it is "x < y" where x
>> and y are numbers supplied at runtime by the user), then the question
>> whether the program is a virus is obviously undecidable *BY APPEARANCE
>> ALONE*, even on a *finite* machine.
Vesselin replies:
> It seems to me that your claim is wrong. On a *finite* machine the
> size of x and y is *finite*, therefore the total number of
> combinations of values for x and y is also *finite*. Thus, you can
> (theoretically) list them all and say that for those of them the
> program is a virus, while for others it is not. Therefore, the
> problem, as stated by you -is- solvable (theoretically) on a *finite*
> machine.
Sorry, but I disagree. According to definition (c), whether the pro-
gram is a virus depends on whether x < y on a *specific* run of the
program, whereas the decision must be based on *appearance* of the
program alone; you can't look at what the user inputs on that run.
Therefore the list which you mention above cannot be used, and your
above comments are irrelevant in this case.
I think there's another mistake in your argument. Suppose, for
example, that a program asks the user to input two integers x, y of
*arbitrary* size, and it will output their sum, even though it is
running on a finite machine. Is such a thing possible? According
to your above reasoning, it isn't. However, you are tacitly assuming
that x and y must be entered completely by the user before the program
can output its result. That is not necessarily the case. Suppose
that the user enters the least significant digit of x and the lsd of
y. Then the program can output the lsd of x+y, storing the carry
digit. Then the user enters the next digits, etc. There is *no
limit* to the size of x and y which can be handled by this method,
even though the machine is finite. True, the *time* is unbounded when
this method is used, but the storage is not.
Y. Radai
Hebrew Univ. of Jerusalem, Israel
RADAI@HUJIVMS.BITNET
RADAI@VMS.HUJI.AC.IL
P.S. Fred, I haven't forgotten you! When I get the time, I promise
to split the two parts of my argument into separate postings, as you
requested, in order to avoid the confusion which you claim exists.
(Just in case you were worried (:-) .)
------------------------------
Date: Wed, 17 Feb 93 08:16:07 -0500
>From: Y. Radai <RADAI@vms.huji.ac.il>
Subject: Re: [Lambdin's] idea for detecting file infectors
Bill Lambdin describes his idea for detecting new and unknown file
infectors. I won't bother quoting any passages from his posting,
since if I understand him correctly, the basic idea can be summed up
in a few words: When you are reasonably sure that your computer is
virus-free, compress copies of a few commonly used program files into
an archive. (This is apparently the BAIT archive in his examples,
although he doesn't explain this fact.) Then periodically re-archive
these files and compare the resulting archive with the original one.
There are various details which could be discussed (e.g., is it
really justified to limit this to only *a few* files?), but the main
point is that this is simply a form of *integrity checking* which,
contrary to most implementations, does not use checksums. What can it
offer that the checksum method does not? It certainly requires much
more storage for each such file (roughly speaking, it adds about 70%
of the size of each such file instead of the 4 bytes required by most
checksum algorithms). It also requires much more time to re-archive
the files than to run most checksum comparers on the same number of
files. Considering that checksum programs can be obtained as share-
ware or even freeware, I find no compensating advantages for this
method over checksumming.
Y. Radai
Hebrew Univ. of Jerusalem, Israel
RADAI@HUJIVMS.BITNET
RADAI@VMS.HUJI.AC.IL
------------------------------
Date: 17 Feb 93 08:06:32 +0000
>From: tedwards@eng.umd.edu (Thomas Grant Edwards)
Subject: Re: Sale of Viri
rikardur@rhi.hi.is (Rikhardur Egilsson) writes:
>Let's say that someone leaked to the police that *I* was the one
>responsible for the Michaelangelo outbreak.
..
>If someone would ever look through my files and data they *WOULD*
>find the sourcecode for MA, documented, and some other viruses.
>Where could that leave me ?
Here are some questions:
1) Is writing a virus (and not distributing it) illegal?
2) Is writing then distributing a virus (though hiding it
in trojan horse programs on BBS's) illegal?
3) Is writing a virus, then distributing it, but making sure
people know it is a virus (i.e. virus's for sale!) illegal?
4) Is receiving a virus, then passing it on illegal?
5) Is possesion of a virus illegal?
Please differentiate between civil and criminal legality, and
mention jurisdiction.
I am just wondering if you got a virus, and passed it on accidently,
could you be held civilly at fault for thousands of dollars of
damage say if it got into a business?
- -Thomas
------------------------------
Date: Tue, 16 Feb 93 16:05:19 +0000
>From: mukasa@Panix.Com (Michael K Mukasa)
Subject: ***CDEF & Disinfectant 2.9 (MAC)*****
I am using the Disinfectant 2.9 init to check for viruses and a computer
got infected with CDEF and the init did not flag it. When i used the
Disinfectant application, it saw the virus but the init still did not see
it, even after reinstalling the init after cleaning and reinfecting the
the disk on purpose. The computer was a Mac IIcx on system 6.05. I am
also running tests on Macs running system 7.0.1 and the inits don't seem
to see the virus. Rebuilding the desktop destroys the virus but if I
cannot dtect it in the first place I will have to rebuild desktops every
morning.
Does anyone know anything about this phenomenon. Is there a new CDEF out
there?? Can I send a copy to the maker of Disinfectant 2.9 . What is
his/her name and address. Has this happened to anyone else??
Is disinfectant init 2.9 system seven compatible?/
Is the CDEF virus system seven compatible?? if there is any such criteria
of judging viruses??
If the virus came from an undetected system seven computer onto the IIcx
with system 6.05, would it still be detectable?? Is this the case I am
experiencing??
Can this lack of detection spread to cover other viruses??
Are there any known inits that disable or corrupt the functioning of the
Disinfectant init??
The disinfectant init always loads first and it even did not flag floppy
disks.
I need quick replies so please e-mail me with any answers or questions.
Thanks a million in advance for the help.
Kiggundu
mukasa@panix.com
------------------------------
Date: Tue, 16 Feb 93 12:16:58 -0600
>From: j-norstad@nwu.edu (John Norstad)
Subject: Re: ***CDEF & Disinfectant 2.9 (MAC)*****
>I am using the Disinfectant 2.9 init to check for viruses and a computer
>got infected with CDEF and the init did not flag it. When i used the
>Disinfectant application, it saw the virus but the init still did not see
>it, even after reinstalling the init after cleaning and reinfecting the
>the disk on purpose. The computer was a Mac IIcx on system 6.05. I am
>also running tests on Macs running system 7.0.1 and the inits don't seem
>to see the virus. Rebuilding the desktop destroys the virus but if I
>cannot dtect it in the first place I will have to rebuild desktops every
>morning.
>Does anyone know anything about this phenomenon. Is there a new CDEF out
>there?? Can I send a copy to the maker of Disinfectant 2.9 . What is
>his/her name and address. Has this happened to anyone else??
>Is disinfectant init 2.9 system seven compatible?/
>Is the CDEF virus system seven compatible?? if there is any such criteria
>of judging viruses??
>If the virus came from an undetected system seven computer onto the IIcx
>with system 6.05, would it still be detectable?? Is this the case I am
>experiencing??
>Can this lack of detection spread to cover other viruses??
>Are there any known inits that disable or corrupt the functioning of the
>Disinfectant init??
>The disinfectant init always loads first and it even did not flag floppy
>disks.
>I need quick replies so please e-mail me with any answers or questions.
This is all explained in some detail in the Disinfectant online manual. I
will summarize briefly:
The Disinfectant INIT catches viruses at the point of attack. The INIT does
not scan volumes looking for dormant viruses like some of the commercial
anti-viral INITs. If a virus never attacks, the INIT will not catch it.
System 7 is immune to the desktop viruses WDEF and CDEF. They never attack
under System 7. Hence, under System 7, the Disinfectant INIT does not catch
them.
WDEF and CDEF normally attach under System 6, and the Disinfectant INIT
normally catches them.
In either case (System 6 or System 7), if the Disinfectant INIT is properly
installed and active, neither WDEF nor CDEF should be able to spread from
an infected floppy or other volume to the Mac hard drive or other volume.
If this is indeed hapenning to you, I definitely want to see a copy of the
virus. It may be a slight variant of the known CDF strain, or there may be
some other problem.
John Norstad
Academic Computing and Network Services
Northwestern University
j-norstad@nwu.edu
------------------------------
Date: Wed, 17 Feb 93 01:59:50 -0500
>From: KARGRA@GBA930.ZAMG.AC.AT
Subject: re:os2-stuff (OS/2)
Hi,
the question, whether a dos-virus can access a DLL is definetively to be
answered with YES. I run my both HDs with HPFS. In order to install the
english version of the servicepack over my german version I had to change 2
bytes in OS2SYSLEVEL(?) which is not a DLL but this does nothing about it.
I used DEBUG from a DOS-session to do this, as I had no hex-editor available.
Therefore: If a user can access any file which is not in use by another program
,
then a virus can do this too... It is not a question of protected mode or
whatever state the CPU is in (unless it is hung :-)
This is why I think DLLs should be scanned too.
HTH, Alfred
################################################################################
Alfred Jilka #This place intentionally left blank. This place intent
Geologic Survey, Austria #onally left blank. This place intentionally left blank
KARGRA@GBA930.ZAMG.AC.AT #. This place intentionally left blank. This place inte
################################################################################
------------------------------
Date: 15 Feb 93 06:19:00 +0000
>From: bill.lambdin%acc1bbs@ssr.com (Bill Lambdin)
Subject: February LAT (PC)
LAT 9302
Product Total Detected Ratio Flags
+--------------------------------------------------------+
| Virus Net 2.06B | 725 | 723 | 99.7% | C |
| F-Prot 2.06a | 725 | 721 | 99.5% | S |
| VIRx 2.6 | 725 | 712 | 98.2% | S |
| | | | | |
| Scan 100 | 725 | 708 | 97.7% | S |
| IM-141A | 702 | 668 | 95.2% | DGS |
| UT Scan 25.1 | 702 | 657 | 94.0% | CDG |
| | | | | |
| TBAV 5.03 VSIG9214 | 725 | 680 | 93.8% | S |
| SD Scan 1.0 | 702 | 655 | 93.3% | CD |
| PC Scan sig 16 | 725 | 664 | 91.6% | S |
| | | | | |
| WIN-Rx 1.0 | 725 | 588 | 81.1% | S |
| Virucide 2.37 | 702 | 530 | 75.5% | CD |
+--------------------------------------------------------+
C- Commercial software
D- This product does not scan for boot sector viruses
inside droppers. I tried to be fair.
G- Generic Virus detector. The other utilities with
this product may detect viruses that this scanner
misses, so don't judge this product too harshly
because the scanner isn't as effective as you would
like.
S- Share Ware or Free Ware procuct.
========================================================================
I have tested the following generic products, and
recommend them.
Victor Charlie (Bangkok Security Associates)
PC-Rx (Trend Micro Devices)
Untouchable (Fifth Generation Systems)
Integrity Master (Stiller Research)
PC-cillin (Trend Micro Devices)
========================================================================
I would like to thank most of these companies for
providing me with evaluation copies of their
software to test.
========================================================================
These tests were performed on a 33 MHZ 486
Bill Lambdin
P.O. Box 577
East Bernstadt, Ky. 40729
- ---
* WinQwk 2.0 a#383 * 1554 activates Oct 1 - Dec 31
------------------------------
Date: 14 Feb 93 18:07:00 +0000
>From: bill.lambdin%acc1bbs@ssr.com (Bill Lambdin)
Subject: Micheangelo Virus (PC)
Quoting from Weinberg Raina to All About Micheangelo Virus (PC) on
02-13-93
WR> I am writing an article for our Campus Paper on the Micheangelo Virus
WR> could someone please send me any inforamtion they have on this.
The Michelangelo virus hides in the boot sectors of floppies, and in the
partition table of hard drives.
Michelangelo is a variant of Stoned, and will infect any diskette you
access in drive A:
On March 6th at bootup this virus will activate, and write random
characters to the first 9 Megabytes of data stored on the hard drive.
Hope this useful to you.
Bill
- ---
* WinQwk 2.0 a#383 * 903 activates any day in March
------------------------------
Date: 14 Feb 93 18:11:00 +0000
>From: bill.lambdin%acc1bbs@ssr.com (Bill Lambdin)
Subject: Zerotime/Slow virus (PC)
Quoting from Bernie Groen to All About Zerotime/Slow virus (PC) on
02-13-93
BG> Anyone have any idears on how to get rid of this problem.
It sounds like you have run into a new variant of Zero Time.
I would suggest for you to copy an infected file, and send it to a virus
researcher for study.
Bill
- ---
* WinQwk 2.0 a#383 * Hacked version of Q-Modem. 4.51
------------------------------
Date: 14 Feb 93 17:24:00 +0000
>From: bill.lambdin%acc1bbs@ssr.com (Bill Lambdin)
Subject: Dame virus (PC)
Quoting from Ching S Siow to All About Dame virus (PC) on 02-08-93
CS> I would like to find out more about this "DAME Virus". My network has
CS> 3 files infected with this virus and would appreciate some help in
CS> cleaning it out. I have tried netscan and inoculan, both of which
CS> failed to discover the virus.
DAME is not a virus. It is a routine that virus authors can add to the
viruses they write.
DAME is an acronym for "Dark Avenger Mutation Engine" It is also known as
MtE.
The Mutation Engine adds about 3.5K to the virus, and enables the virus to
mutate so the virus hardly ever appears the same way twice.
McAfee's Scan can detect the MtE, but if it isn't satisfactory, try
F-Prot. I have 2.06a, but have heard that F-Prot 2.07 has been released.
Hope this has been helpful.
Bill
- ---
* WinQwk 2.0 a#383 * PLASTIQUE activates Sep 20 - Dec 31
------------------------------
Date: 16 Feb 93 17:50:24 +0000
>From: ddre!yzs2047@dsac.dla.mil (Jo Ann M. Schultz)
Subject: Tequila Virus with my Sound Package? (PC)
I recently purchased the ProAudio Spectrum 16 multi-program MIDI
package for use on my home PC. I am also reviewing Novi Anti-Virus
Software by Certus, v 1.1.
Novi is instructing me that the program (within ProAudio Spectrum), Monolog.exe
contains the Tequila Virus. I contacted Media Vision and made them aware
of this 'problem.' They agreed to send me another copy of the monolog.exe.
Well, it arrived yesterday and I scanned it with Novi immediately. Again,
I am being informed of a Tequila Virus in Monolog.exe. Being that the
Tequila Virus is stealth and multi-partite, I am being very cautious; but
I do not know which way to go.
Anyone have any suggestions?
Jo Ann Schultz
jschultz@ddre.dla.mil
- --
Jo Ann M. Schultz jschultz@ddre.dla.mil dsac!ddreg1!jschultz
Defense Distribution Region East, INFORMATION CENTER-Customer Support Branch
DDRE-ZEC, Building 54-2, New Cumberland, PA 17070-5006
DSN: 977-7864 COMM: 717-770-7864 FAX: 717-770-5918/7395
------------------------------
Date: 16 Feb 93 12:13:52 -0700
>From: CASTILLO@nauvax.ucc.nau.edu (Ulysses Castillo)
Subject: Stoned, McAfee Scan update and comments. (PC)
Thanks to everyone who explained what was going on with Scan. To
summarize, most people recognized that Stoned was being loaded into
memory when the boot sector was read to perform a scan. As most
people pointed out, although stoned was in memory, it was not active
and was in fact completely harmless. That's the good news.
The bad news (and comment), of course, is that McAfee's Scan/Clean
INSISTS on making a truly annoying and unnerving beeping sound,
declares Stoned to be active in memory, tells you to shutdown
immediately, and then promptly turns itself off. Frankly, for all the
skill/intelligence necessary to write an anti-virus program, this is
pretty retarded IMHO.
Anyhoo.... Thanks again for all the help folks!
Ulysses.
_____
Ulysses Castillo (aka Belgarion) Trr, lbh zhfg or n irel phevbhf crefba!
Castillo@nauvax.ucc.nau.edu
"And be assured, I am with you always, to the end of Time.", Matt. 28:20
------------------------------
Date: Tue, 16 Feb 93 20:04:01 +0000
>From: sis!antkow (Chris Antkow)
Subject: Re: MtE Infected... (PC)
NAV detects quite a few false positives with the MtE scanning
algorithm. For what it's worth, try scanning some Sierra game demos with
NAV v2.1 and you will find that 85% of the DRV files are "infected" with
an MtE virus (A GROSS false positive).
I'm not saying that you are not infected, just merely stating that NAV
has a tendency of being overly paranoid in detecting MtE engines. More
information would be of value in determining whether or not you are
really infected. Try McAfee's SCAN v100 which detects MtE more reliably.
Chris
antkow@eclipse.sheridanc.on.ca
------------------------------
Date: Tue, 16 Feb 93 21:24:12 -0500
>From: "Roger Riordan" <riordan@tmxmelb.mhs.oz.au>
Subject: Defects in Scan/Clean (PC)
worley@a.cs.okstate.edu (WORLEY LAWRENCE JA) writes
> A friend of mine has a 486 that recently crashed. After booting on a
> clean disk, I ran ScanV100 on it, and found that it had the Stoned
> virus. I cleaned it off, and ran scan again, only to find that it now
> had Michaelangelo virus. I ran clean again, this time with [Mich],
> and it reported that the virus had been cleaned off. However, after
> cleaning, ScanV100 still reported it was in the partition table, and
> the drive will still not boot. Both floppies in the computer are
> write protected and are virus-free. I have now run Clean c: [Mich]
> approx. 30 times, each time, it says it cleaned the drive, and then
> after rebooting, Scan still reports the virus is there. Any ideas?
When Michelangelo virus infects the hard disk it saves the original
MBR in sector 7, head zero, track zero, and puts itself in sector
one. So when you boot it runs, installs itself, and then loads &
runs the original MBR from sector 7. No worries!
Stoned does exactly the same, and again no worries. However neither
recognises the other, so if you have Michelangelo, and boot from a
floppy infected with Stoned, it puts the MBR (ie Michelangelo) in
sector 7, and puts itself in sector one. Now, when you try to boot,
Stoned installs itself, and loads and runs sector 7. However this
contains M, which installs itself, and loads & runs sector 7.
However this .... Big troubles!
This presents no problem to properly written software, but Clean
just says "Oh; You've got Stoned (or M)? No worries; I'll just copy
sector 7 back to sector 1, & that'll fix it." It does just that,
without ever bothering to check that the sector it is putting back
is clean.
So the first time it ran it replaced the Stoned with the M. Now
each time you run it it simply copies the M back from sector 7 to
sector 1.
The immediate solution for your friend is to run FDISK /MBR from
DOS 5, but the long term solution is to buy a program which will
check that the recovered sector is clean before it puts it back, and
put back a "plain vanilla" boot sector if it can't find a clean one.
All this has been well known for several years (I described this,
and an even more serious bug in Scan/Clean, in New York in 1991
(1.)), but McAfee has never seen fit to do anything about it.
Roger Riordan Author of the VET Anti-Viral Software.
riordan.cybec@tmxmelb.mhs.oz.au
1. VET; A Program to Detect & Remove Computer Viruses. Proc 4th
Annual Computer Virus & Security Conference. NCC 1991
CYBEC Pty Ltd. Tel: +613 521 0655
PO Box 205, Hampton Vic 3188 AUSTRALIA Fax: +613 521 0727
------------------------------
Date: 16 Feb 93 14:05:00 -0600
>From: "Rob Slade, DECrypt Editor, VARUG NLC rep, 604-984-4067" <roberts@decu
s.arc.ab.ca>
Subject: DECUS Canada Symposium, Montreal, March 1-5, 1993
Here is the english text that is in the FAX that is being sent to
Quebec members.:
LATE BREAKING NEWS
DECUS SYMPOSIUM IN MONTRIAL
MARCH 1-5,1993
DECUS Canada is pleased to offer this special promotion:
PRE-REGISTRATION RATES ARE STILL IN EFFECT !
THERE IS STILL TIME TO "REGISTER NOW AND SAVE" !
Don't miss this opportunity to catch up on your training in any of our
20 full days seminars or more than 250 on or two hour sessions. This
training will help maximize your performance and posotion your
information systems environment.
What's more, you will be able to explore the demo area that will span
some 20000 square feet. You'll find the laters Digital products and
services, including the Alpha AXP product line running OpenVMS, OSF-1
and Windows NT. Come and see for yourself and learn about these new
architectures.
In the delegates' area, you'll get hands-on experience with many of
DEC's latest products. In addition, 23 engineers from DEC's central
engineering group will be available on-site to discuss new features and
answer your technical questions. Who better to answer yoru questions
than the people who are responsible for writing the software ?
SYMPOSIUM (Tue,Wed,Thu) SEMINARS (Mon,Fri)
3 days $485
2 days $375 each full day seminar : $295
1 day $270
DECUS is proud to maintain its low prices for its renowned high quality
education.
HURRY ! TIME IS RUNNING OUT !
Special offer: with 5 or more 3-day registrations, your company may
send different employees each day.
If you have already registered, pass teh ews to your colleagues, they
may be able to take advantage of this new offer !
Call us for moe information: (514) 748-3566 or (416) 597-3437
fax: (416) 971-5295
(Ces informations sont aussi disponibles en frangais)
------------------------------
Date: Tue, 16 Feb 93 22:29:15 -0800
>From: "Richard W. Lefkon" <dklefkon@well.sf.ca.us>
Subject: Conference announcement - Sixth Computer Security & Virus
MARCH SECURITY CONFERENCE - 21-DAY AIRFARE
==========================================
SIXTH INTERNATIONAL COMPUTER SECURITY & VIRUS CONFERENCE and Exposition
sponsored by DPMA Fin.Ind.Chapter in cooperation with
ACM-SIGSAC, BCS, CMA, COS, EDPAAph, ISSAny, NUInyla, IEEE Computer Society
Computerworld, Information Week, Teleprofessional, Communications Week
Box 894 Wall Street Station, NY NY 10268 FAX: (303) 825-9151
Complete information immediately faxed by calling (800) 835-2246
Among 70+ MAINSTREAM VENDORS with Exhibits and/or products being shown are
AIM, American Power Conversion, Arcus, ASP, Banyan, Central Point, ChiCor,
Comdisco, Computer Associates, DEMAX, DCA, Dr.Solomon/OnTrack, Fifth Gene-
ration, Fischer, Futurex, Intel, International Business Machines, Janus,
LeeMah Datacom, McAfee Associates, Microcom/Dataguard, Novell, Norton, Racal
Guardata, Raxco/Clyde, Safetynet, Security Dynamics, Sun, Symantec/SAM, USL
Uti-Maco/Safeguard, Xtree. Exhibits mgt by Expoconsul (DEXPO originators).
FEATURES:
FULL TIME LAN TRACK - NOVELL/BANYAN STAFF & TOP EXPERTS
TRAINING SESSION ON NIST'S NEW "ORANGE BOOK" FOR INDUSTRY
LEARN ANTI-HACKER TIPS FROM HACKERS, TELCO'S, POLICE, SECVENDORS
IN-DEPTH TREATMENTS OF UNIX SECURITY, CRYPTOGRAPHY, VIRUSES
57 varieties of the 90 SPEAKERS & CHAIRS in 5 CONF. TRACKS (48 Sessions):
Conference Committee (plus those asterisked below):
K.Brunnstein,U.Hamburg; H.Highland,Compulit; R.Lefkon, NYU;
G.Mallen,U.Iberoamerica; W.Murray,Deloitte; E.Okamoto, JAIST
Keynote Speaker: Kanwal Rekhi, Novell EVP for Networks & UNIX
Heads of Electronic Security:
Apple: J.Paradise*; BellAtlantic: R.Ganesan; IBM: W.Vance; MCI: N.Mae;
Novell: E.Babcock(viruses); NYSE: S.Meglathery; NT: E.Fulford; Sun: R.Borgia
Government and project leaders:
S.Charney,U.S.Justice; K.Citarella,WestchesterD.A.; D.Delaney,
NYS PoliceLabs; I.Gilbert,NIST; G.Hammonds; H.Hosmer; S.Katzke*, NIST;
N.Lynch,NIST; K.vanWyk*,DISSP; P.Toth,NIST; G.Thackeray*,MaricopaCo
Network Protectors:
J.J.Bloombecker, NCCCD; T.Duff*,AT&T; S.Garfinkel,NeXT; S.Gomoll,ChiCor;
S.Gordon,Fidonet; J.Hawkins,Schmidt; W.Houston,Comdisco; R.Kabral,Telemate;
S.O'Brien,Raxco; D.Parker*,SRI; S.Purdy,Kroll; K.Weiss,SecDynamics; others
& crackers: I.Murphy ("Sneakers'" Capt.Zap); R.Schiffreen (Buckingham Palace);
"Joe Smith" (Inside Look at Phalcon/Skizm)
Leading UNIX/DOS anti-malware figures:
M.Bishop,Dartmouth; V.Bontchev,Bulgaria; F.Cohen*,ASP: L.Duong,SAM;
A.Fedeli,IBM; C.Fischer, Karlsruhe; D.Gryaznov,Russia; K.Levitt*,U.C.Davis;
P.Peterson*,MartinMarietta; R.Riordan, MichelangeloCatcher/VET; B.Schneier;
M.Schwimmer;A.Seijas,Novell; F.Skulason*,F-PROT; A.Solomon; P.Tippett,Certus
Journalists: J.Daly,Computerworld; D.Kuit,PC Magazine; K.Noakes-Frye,Datapro
With the wide cooperating sponsorship shown above for this its sixth year,
the conference will be held Wednesday thru Friday March 10-12, 1993,
at the Madison Square Garden Ramada Hotel in New York City. Most food,
a 900-page bound Proceedings, Empire State Building Observatory reception,
and discounted hotel rooms ($44.50 p/p dbl) are available with registration.
The Ramada is convenient to all three New York airports (especially LaGuardia),
Amtrak (across the street in Pennsylvania Station), and parking. Spouse tour
is available, as are courses in IntroSec, Banyan, NetWare, Cryptography,
UNIX, Viruses, Telecom.
Fees range from $325 for repeat attendees through $395 for association
members who sign up on time. The $975 group rate covers four (4) people.
------------------------------
Date: Tue, 16 Feb 93 16:21:00 -0500
>From: Jimmy Kuo <cjkuo@symantec.com>
Subject: Symantec address change administrivia
We've been undergoing a change in our connection to Internet. As a
result, my address has changed to
cjkuo@symantec.com
I am sorry to have not responded to (probably did not receive) any
messages over the past 3 weeks to a month. If you tried to reach me
or still have an issue I need to address, please send mail to the new
address.
Thank you.
Jimmy Kuo cjkuo@symantec.com
Norton AntiVirus Research
PS. "LIBERATE COMMUNICADO! I'm in communicado!" (mis-quote from
"Fame.")
------------------------------
End of VIRUS-L Digest [Volume 6 Issue 29]
*****************************************
