dont@xios.XIOS.UUCP (Don Taylor) (03/17/88)
There has been much talk of virus programs lately. Recently somebody posted the advice that s/he would only aquire binaries from a known source, presumably a software manufacturer, that 'free' software without sources is just too risky to use. I thought at the time that this made (a sad sort of) sense, but an article in this morning's Toronto Globe and Mail has started me thinking that ANY sort of binary is a risk. Apparantly, a Montreal magazine (MacMag) released a virus that simply (we hope) displayed a pop-up message of peace. This virus has travelled the world and infected many sites, including a system at Aldus Corp. It has appeared in software sold by Aldus. This is really scary stuff. If this had been a malicious virus, then Aldus would have distributed it on to their customers. How can we be protected against this? Can software manufacturers be held responsible for the 'cleanliness' of their distributions? If my disk gets wiped by a virus distributed with a piece of software that I have paid hundreds of dollars for, then I am going to want somebody's head, and I am sure that I would not be alone. My confidence in the big manufacturers quality control on this sort of thing is pretty low since the day I did a 'strings' on MS Word (version 2 I think) and I saw a chilling message that said something to the effect: 'the fruits of evil are bitter, wiping your hard disk now...'. Bill Gates was questioned about this at the time and claimed that MS did not authorize the insertion of this message, that it was done by a co-op student whose intentions were good, but misguided. Apparantly, this message would be triggered if a copied version of Word is used without the key disk that was required at that time. It did not actually wipe your hard disk, just scare you a little. What bothered me most at the time was that MS let something like this slip by them, this was something that could have been caught by simply reading the code. How much more likely is it that somebody will let a much more difficult to spot virus through? Shudder... I think that this stuff is really serious. Unless some sort of protection against these viruses (virii?) can be devised, then I can't see how public domain and shareware software can continue. I feel that it is now just a matter of time before a major software manufacturer re-distributes a deadly virus with their software with widespread disastrous consequences. Even if the manufacturer could not be held legally liable for the consequences of its negligence, then surely it would go out of business through lack of consumer confidence. Finally, let us not forget that PC software is used in many applications besides the office (clinical, manufacturing, ...). I sure hope that someone can give me some good reasons for not being so pessimistic about this issue. Don. PS. I just heard about a virus generator called OSIRIS. (Cute etymology). Now you don't have to be even moderately competent technically to create and distribute a new virus, anybody with a PC and a modem can start an infection. I should be interested to hear anything about this program. I should like to have my hands around the neck of jerk who wrote it... -- Don Taylor ...!uunet!mnetor!dciem!nrcaer!xios!dont 54, Chimo Drive, Kanata, Ontario, Canada, K2L 1Y9 (613-) 592-3894
tneff@atpal.UUCP (Tom Neff) (03/25/88)
How do we protect ourselves against viruses? [1] PHYSICALLY limit access to the computer, where practicable. Don't let the kids play on it. Don't let your secretary's PC "guru" friend come in and "optimize" her system without your prior approval and direct oversight. Don't let your employees bring in their favorite utilities and editors and chess games and whatnot "from home" or "from the club" and install them on the company's computer. These things may sound like a severe case of "oh, you're no fun anymore," but you do not want to have to explain to the board of directors that you lost a month's worth of revenues because your girlfriend likes to play Asteroids. [2] BACK UP your damn system! Regularly, fully, with verify turned on. I ought to be able to walk into your office with a 15-pound sledge hammer, reduce your workstation to smoldering ruins with a few mighty swings, and cost you no more than a day's work as a result. You know this; everybody knows it. Most people observe it in the breach. 'Nuff said. [3] RUN HIGH TECH vaccines, trojan finders and bug sniffers if you want, but don't rely on them. They will fail you when you need them, I guarantee you. Use this rule of thumb: If your electronic guard dogs successfully detect one virus a month, you will probably be safe for a FQ at a time. If you never see any viruses at all, WATCH OUT because you have *no* idea whether you even *can* detect them! "All quiet" is not reassuring in this game. [4] PLAY WITH YOUR CALENDAR when you install a new package. The MacMag virus, and presumably others written or as yet unwritten, wait for some indeterminate expiration date before they pounce. The easiest, cheapest way to predict whether your current software set will still be running normally next November is to fool your computer into thinking it IS November for a while! There are several loopholes in this approach, but it is still worth trying. One of the high tech sniffers that doesnt exist yet, but should (I hope someone writes it), would change your computer's clock tick rate so that time "flashes by" radically quickly! Let your PC or Mac sit there and experience a year's worth of "time" a la H.G.Wells, while you watch. If there is a time bomb buries inside, it may well go off on cue. These are a few thoughts. Others include avoiding self-extracting archives (pace Phil K.) and README.COM type things - use LIST and ARCE, much safer. I welcome other suggestions. TMN -- Tom Neff
tada@athena.mit.edu (Michael Zehr) (03/25/88)
In article <500@xios.XIOS.UUCP> dont@xios.XIOS.UUCP (Don Taylor) writes: > > ["hacks" by programmers slipping through] >How >much more likely is it that somebody will let a much more difficult to spot >virus through? Shudder... > There's a (nameless) company which produced a custom hardware/software combination for application development. They had a high turn over rate among their staff, who were mostly college students. Some of them must have had a strange sense of humor, because the error messages had a lot of hacks in them. For example: You deserve to lose, because you did _____ [followed by system crash] or, (and this appeared once during a client demo) File system all f***ed up. When one of them was found and a complaint sent, the company would eventually track it down and fix it. (Says something about their design that they didn't have an easy to look at list of all error messages...) The units would crash frequently, and I wonder of some of the crashes were due to a virus an employee put in as a hack... ------- michael j zehr "My opinions are my own ... as is my spelling."
hawkins@bnrmtv.UUCP (Peter Hawkins) (03/25/88)
In article <500@xios.XIOS.UUCP>, dont@xios.XIOS.UUCP (Don Taylor) writes: [deleted stuff] > I thought at the time that this made (a sad sort of) sense, but an > article in this morning's Toronto Globe and Mail has started me thinking > that ANY sort of binary is a risk. Apparantly, a Montreal magazine (MacMag) > released a virus that simply (we hope) displayed a pop-up message of peace. > This virus has travelled the world and infected many sites, including a > system at Aldus Corp. It has appeared in software sold by Aldus. This is > really scary stuff. If this had been a malicious virus, then Aldus would > have distributed it on to their customers. [deleted stuff] > quality control on this sort of thing is pretty low since the day I did > a 'strings' on MS Word (version 2 I think) and I saw a chilling message > that said something to the effect: 'the fruits of evil are bitter, wiping > your hard disk now...'. Bill Gates was questioned about this at the time > and claimed that MS did not authorize the insertion of this message, that > it was done by a co-op student whose intentions were good, but misguided. > Apparantly, this message would be triggered if a copied version of Word > is used without the key disk that was required at that time. It did not > actually wipe your hard disk, just scare you a little. What bothered me [deleted stuff] > I sure hope that someone can give me some good reasons for not being > so pessimistic about this issue. [deleted stuff] > PS. I just heard about a virus generator called OSIRIS. (Cute etymology). > Now you don't have to be even moderately competent technically to create > and distribute a new virus, anybody with a PC and a modem can start an > infection. I should be interested to hear anything about this program. I > should like to have my hands around the neck of jerk who wrote it... Wow!! All this talk about software viruses... I'm not quite sure just what the definition of virus is in this context. Obviously, it has a negative effect that is spread from one computer to another, but what I don't understand is by what means it is spread. The talk about trojan horse programs and things like what you discussed with MS Word sound like either just bugs in the software or in the case of the MS Word thing (if it were actually carried out) as being a *very* stupid way of trying to punish *assumed* pirates (I say assumed because many people try installing their software a little different than the manual suggests in order to suit their needs or disk organization better). On the other hand though, it sounds kind of like you are talking about some code that causes some sort of damage (or peace message in the case you mentioned) that mysteriously works itself into other programs and accross phone lines on it's own. I can not concieve of this being possible. Please, this topic sounds very interesting, describe a "virus" in more detail. Pete ...hplabs!bnrmtv!hawkins until April 8th ...csun!polyslo!phawkin after April 8th