edwin@hcr.UUCP (Edwin Hoogerbeets) (06/30/88)
Keywords: There is an article in the latest FidoNET news about using Public Key Encryption as a means of distributing safe software. The article appeared in comp.org.fidonet (v5n26 digest) on 'page' 9. The idea was to have each developer have his/her own signature key to encrypt files. Or to have the files encrypted by some trusted persons (moderators?) that we know have distributed virus free software before. In light of the recent Amiga viruses, maybe someone should look into this. I have difficulty imagining how you could do this safely, however. A large database of keys would have to be kept. If someone is new to the public domain market for their own machine (hi there), it would be difficult to establish their reputation as they start producing software. Also, who is to say that viruses will not accidentally get encryted into the final distribution file. hmmm. ------ --------- ------------------------------------------- Edwin (Deepthot) Waterloo co-op student, HCR Corporation Hoogerbeets If you can't stand the cold, get into the kitchen! utai!{utzoo,utcsri}!hcr!edwin Null human body; hope that's ok edwin@hcr // Me Tarzan, Unix or: // I/owe is costly ...!hcr!MsgPort!edwin \\ // Amiga This mind intentionally A 2000 running UUPC \X/ Enthusiast left blank
marge@vu-vlsi.Villanova.EDU (Marge Luecke) (07/22/88)
THIS IS A PLEA FOR HELP!!!!! If anybody has ANY infromation on Computer Viruses, Immunizations, etc., please forward the infromation. I am working on a senior project on computer viruses. I would like to try to write an immunization program, however, I cannot obtain enough information from published literature to do so. How do viruses work inside the computer. What are some present methods of detection? Are there any public domain immunization programs available? Where? Somebody wrote in one article that one could write a virus using the pc-dos appendices as reference...I looked this up and was not too successful... how do I do this?...What was meant by this? What are some infected programs which were available? What is the SCORES virus? How about VirusX?, etc... Thank you, Marge Luecke Senior EE, Villanova University P.S. I can be reached several ways: 1. This computer system. 2. FAX: (609) 723-8461 (USA) 3. Mail: Marge Luecke 980 Wakeling Street or Dept. of EE Philadelphia, PA 19124 Tolentine Hall USA Villanova University Villanova, PA 19085 USA 4. PHONE: (215) 645-4970 Day (215) 537-9633 Evening
avenger@runx.ips.oz (Troy Rollo ) (07/24/88)
I was recently asked to consider this problem. The easiest solu- tion I came up with was to write a Virus Immunisation Program (VIP) which calculated cyclic redundancy check numbers for each file on a given device and stored these numbers on a safe medium prior to backup. Regular checks could be made using the VIP, and if the CRC on any program (exe- cutable, source, object or script) does not match (and should not have been modified) the suspect file should be restored from the backup medium. Precautions: 1) The machine should never automatically boot from the hard disk. The operating system on that disk may be infected, and if you subsequently run your backup program or VIP, they may become infected. 2) The machine should be turned off before running either the backup program or the VIP for much the same reasons as (1). 3) Along the same lines as (1) and (2), the backup program and VIP should be contained on separate floppy disks, each with its own operating system. ---------------------------------------------------------------- Internet: avenger@runx.ips.oz.au UUCP: uunet!runx.ips.oz.au!avenger "Watch out for Gobbledocks - they'll steal all your silicon chippies"
papa@pollux.usc.edu (Marco Papa) (10/07/88)
In article <8810062045.AA04638@cory.Berkeley.EDU> dillon@CORY.BERKELEY.EDU (Matt Dillon) writes: > Security is a figment of our imaginations. As the defense department >and univerisities all over the nation have found out, the only reasonably >secure system is an isolated one. Last Wednesday I attended a seminar by Len Adleman [he is the 'A' in RSA, the Rivest-Shamir-Adleman public key crypto system, and thesis advisor of Fred Cohen, the originator of the initial theory and experiences on viruses]. Len presented "work in progress" for a paper on a general theory on computer viruseshe is now developing. One of ffirst results that he came up with was the proof of "undecidability" of whether a program is a virus or not. This means that I can give you the "source" of a program and there is no way for you to decide whether it will act as a virus or not. As Matt pointed out, the only "secure" system is an isolated, un-changing system; one that would be of very little use to anybody. Virus detectors and "antidotes" are just temporary band-aids, until "intelligent" virus writers develop viruses that we con't detect or figure out how they work. That time is certainly not that far away. -- Marco Papa 'Doc' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= uucp:...!pollux!papa BIX:papa ARPAnet:pollux!papa@oberon.usc.edu "There's Alpha, Beta, Gamma and Diga!" -- Leo Schwab [quoting Rick Unland] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
rminnich@super.ORG (Ronald G Minnich) (10/07/88)
In article <12643@oberon.USC.EDU> papa@pollux.usc.edu (Marco Papa) writes: >computer viruseshe is now developing. One of ffirst results that he >came up with was the proof of "undecidability" of whether a program is >a virus or not. This means that I can give you the "source" of a program >and there is no way for you to decide whether it will act as a virus or not. Funny you should mention this. There is a program called 'vaccine' for the MAC which will claim that minicad is a virus! It confuses the copy protection of minicad with virus code. ron
rg20+@andrew.cmu.edu (Rick Francis Golembiewski) (10/08/88)
Recently there has been a virus problem here at CMU (the University's Pascal got infected, and since they geve a copy to everyone who was in the intro to computing courses it spread all over.) In any case one of the viruses attached its self to various files, so the question I have is, is there any (knowen) Amiga viruses that do somthing similar (ie. that couldn't be detected on the boot bloc w/ VirusX, Vcheck etc. because there were attached to a FILE)? Also, if there is any of this type on the Amiga, is there a program to find/ remove it? (I'm feeling paranoid about all my disks!) +--------------------------------------------------------------------------+ | Disclaimer: Me? Post That, impossible I never Post anything.... | | TyptoYouLater(Everyone); -> "functional Good bye"... | | Rick Golembiewski [ Pronounciation is half the Battle, spelling the other | +----------------------------------------------------------------------------+
wbralick@afit-ab.arpa (William A. Bralick) (10/11/88)
In article <12643@oberon.USC.EDU> papa@pollux.usc.edu (Marco Papa) writes: >In article <8810062045.AA04638@cory.Berkeley.EDU> dillon@CORY.BERKELEY.EDU (Matt Dillon) writes: [ conserving bandstand ... ] >computer viruseshe is now developing. One of ffirst results that he >came up with was the proof of "undecidability" of whether a program is >a virus or not. This means that I can give you the "source" of a program >and there is no way for you to decide whether it will act as a virus or not. Actually, this means that you cannot be *guarenteed* to be able to detect *all* viruses. This is not to say that the result is insignificant, just that it is possible to decide that some programs are viruses, but provably not all. >As Matt pointed out, the only "secure" system is an isolated, un-changing >system; one that would be of very little use to anybody. Rather, it is a system which has excellent physical security, is electronically isolated, and has good-to-excellent configuration management. There are systems which have these characteristics in the government (and elsewhere) which perform admirably accomplishing the purpose for which they were built. Note that this does not preclude sabotage, etc. > >Virus detectors and "antidotes" are just temporary band-aids, until >"intelligent" virus writers develop viruses that we con't detect or figure >out how they work. That time is certainly not that far away. I dunno, it is tantamount to trying to write a "false" program for which no counterexample can be provided. Goedel incompleteness tells us that this is theoretically possible, but I'll be danged if I can figure out how to write one. Cordially, Will
craig@lakesys.UUCP (Craig Stodolenak) (10/13/88)
In article <814@super.ORG> rminnich@duper.UUCP (Ronald G Minnich) writes: >Funny you should mention this. There >is a program called 'vaccine' for the MAC which >will claim that minicad is a virus! >It confuses the copy protection of minicad with >virus code. _Vaccine_ is a free antiviral CDEV written by Don Brown of CE Software. It doesn't doesn't inspect program code in any way. Whenever a program attempts to install or modify significant resources (CODE< INIT, CDEV, RDEV, or nVIR), _Vaccine_ halts execution and allows the user to either abort or continue. If the copy-protection code attempts to modify or install any resources, then _Vaccine_ would yell and holler. :-) -- Craig L. Stodolenak | {backbone,uunet}!marque!lakesys!craig 3454 So. Quincy Ave. | craig@lakesys.UUCP / Lake Systems, Milwaukee WI Milwaukee, WI 53207 |-------------------------------------------------------- (414) 482-0399 | "DON'T call me stupid!" - Otto, 'A Fish Called Wanda'
jjv3345@ritcv.UUCP (Jeff Van Epps) (10/14/88)
[Is the line-eater a virus?] Thoughts: 1. We DO NOT have virus-detection programs. We have a few pretty trivial special-case programs (i.e. only looking at the boot block or only recognizing one strain of virus) and we have a few programs which yell if a file is a different size than it used to be. 2. Deciding whether or not a given program is a virus: You would have to search the entire execution tree, taking all possible branches, using all possible values for external input. You would also have to deal with a mutating tree (self-modifying code). 3. Since doing (2) fully is equivalent to running every possible execution of the program, ever, it is unlikely to be accomplished in a reasonable amount of time. Something that looks more possible is to examine the program for external interactions (disk, output port, screen, keyboard, even memory). Unfortunately, any useful program will have many of these. Then trace backwards and figure out what conditions must be true to get you to this point in the program, and what values the data involved may have. You can eliminate some of the interaction categories if your system has certain characteristics. If you have memory protection, ignore memory interactions. If your keyboard has no keys that can be reprogrammed, and can't be made to produce input that you didn't type, ignore keyboard interactions. Etc. 4. Even (3) looks far too hard to work on anything except possibly one of the languages developed to be useful in terms of program verification. 5. Statements claiming UNIX is not susceptible to a virus are false. Manifestly so, since it has happened. Statements claiming it has better virus protection than, for example, MS-DOS, are true but misleading. Certainly it's better to have a newspaper to shield yourself from the rain than nothing at all, but it only stops the laziest of raindrops. You still get awfully wet. 6. My Amiga has remained virus-free so far, but then I've never even been near a user's group or other gang of disk-swappers. I have run all sorts of binaries from the net (don't have a compiler yet) without incident. 7. Programs are not the only means of propagation available to a virus. This very message might contain some sequence of control characters that could reprogram your function keys. The key you thought held your signature might now contain the same sequence of control characters, plus perhaps a command to format your disk. Who knows? 8. Danger lurks everywhere. 9. That article in Time Magazine was ridiculous. They actually made a cartoon out of someone getting infected by a virus. Enough gloom for one night. (Geez, how would I feel if I *had* been infected already?).
peter@sugar.uu.net (Peter da Silva) (10/14/88)
In article <934@ritcv.UUCP>, jjv3345@ritcv.UUCP (Jeff Van Epps) writes: > 5. Statements claiming UNIX is not susceptible to a virus are false. I don't think ANYONE is claiming this to be true. > Statements claiming it has > better virus protection than, for example, MS-DOS, are true but > misleading. Certainly it's better to have a newspaper to shield > yourself from the rain than nothing at all, but it only stops the > laziest of raindrops. You still get awfully wet. This analogy is way too harsh, unless you're running UNIX in an open academic environment. Most commercial UNIX sites don't have any easy way for a virus to get in. For these it's more like a set of raingear. > 6. My Amiga has remained virus-free so far, but then I've never even been > near a user's group or other gang of disk-swappers. I have run all sorts > of binaries from the net (don't have a compiler yet) without incident. My Amiga has been virus-free and I've been an active member of a user's group. Since I never unprotect my workbench disk and run SYS: out of vd0: the easy avenues for infection are cut off. If someone wants to write a virus to get me, they can, but it's a lot easier for them to get people who boot random programs and have half a dozen alternate workbenches they're always modifying. > 7. Programs are not the only means of propagation available to a virus. > This very message might contain some sequence of control characters > that could reprogram your function keys. That'd be a pretty daft virus, since (a) very few terminals have the same set of function key formats, and (b) vnews doesn't pass them on anyway. > 8. Danger lurks everywhere. No, danger doesn't lurk everywhere. You're getting paranoid. > 9. That article in Time Magazine was ridiculous. They actually made a > cartoon out of someone getting infected by a virus. I'll go along with this one. -- Peter da Silva `-_-' peter@sugar.uu.net Have you hugged U your wolf today?
tsub@pnet02.cts.com (Tom Wang) (02/09/89)
I'm starting a term paper on computer viruses. The varieties, how each affect the computer system, how they are made, etc. I was looking for just a general usenet newsgroup on computers, but found only computer/modems, etc. So I thought I would post it here(since I have an Amiga). Well, any info would be great, just e-mail it. Thanks in advance, I would really appreciate it. -- Tom UUCP: {ames!elroy, <backbone>}!gryphon!pnet02!tsub INET: tsub@pnet02.cts.com
martens@meter.cis.ohio-state.edu (Jeff Martens) (02/10/89)
There's been an active discussion of viri (sp?) in misc.security
joe@vixen.uucp (Joe Hitchens) (10/18/89)
I recieved this in my mail. I have no idea who this person is, or why he sent it to me. I thought perhaps someone could forward it to Steve Tibbett. > From utah-cs!cs.utexas.edu!computer-science.strathclyde.ac.uk!cinglis@caeco.uucp Mon Oct 16 16:12:07 1989 > Return-Path: <utah-cs!cs.utexas.edu!computer-science.strathclyde.ac.uk!cinglis@caeco.uucp> > Received: by vixen.uucp (3.2/SMI-3.2) > id AA17505; Mon, 16 Oct 89 16:12:06 MDT > From: utah-cs!cs.utexas.edu!computer-science.strathclyde.ac.uk!cinglis@caeco.uucp > Received: by caeco.scs-ut.uucp (3.2/SMI-3.0DEV3) > id AA01251; Mon, 16 Oct 89 14:43:40 MDT > Received: from cs.utexas.edu by cs.utah.edu (5.61/utah-2.4-cs) > id AA13357; Mon, 16 Oct 89 14:29:33 -0600 > Posted-Date: Mon, 16 Oct 89 17:50:54 GMT > Received: from uunet.UU.NET by cs.utexas.edu (5.59/1.43) > id AA09935; Mon, 16 Oct 89 15:05:26 CDT > Received: from mcsun.eu.net by uunet.uu.net (5.61/1.14) with SMTP > id AA27866; Mon, 16 Oct 89 13:17:33 -0400 > Received: by mcsun.EU.net via EUnet; Mon, 16 Oct 89 18:15:49 +0100 (MET) > Received: from cs.strath.ac.uk by kestrel.Ukc.AC.UK via Janet (UKC CAMEL FTP) > id aa22949; 16 Oct 89 17:53 BST > To: vixen!joe%cs.utexas.edu@uunet.UU.NET > Subject: Re: VirusX 3.2, VirusX 3.1 > Newsgroups: comp.sys.amiga > In-Reply-To: <308@vixen.uucp> > References: <1389@ultb.UUCP> <1940@sactoh0.UUCP> <2233@cbnewsl.ATT.COM> > Organization: Comp. Sci. Dept., Strathclyde Univ., Scotland. > Date: Mon, 16 Oct 89 17:50:54 GMT > Sender: utah-cs!cs.utexas.edu!computer-science.strathclyde.ac.uk!cinglis@caeco.uucp > Message-Id: <8910161750.aa12316@baird.cs.strath.ac.uk> > Status: RO > > Hey I think I should tell you a fact about viruses that nobody seems to > take into account. All the viruses I have written intercept the OS DoIO() > routine and feed the user a normal bootblock if one of my viruses is there. > > You would be surprised how few virus killers actually use the hardware > directly to check. This would certainly defeat casual detection. I don't know if VirusX would be fooled by this or not, I haven't examined the source. j.h. ========================================================================== Joe Hitchens -- Artist, Sculptor, Animator of Sculpture, Iconographer Adept joe@vixen ...!uunet!iconsys!caeco!vixen!joe joe@amie ...!uunet!iconsys!caeco!i-core!amie!joe Phone: (801) 292-2190 -- ========================================================================== Joe Hitchens -- Artist, Sculptor, Animator of Sculpture, Iconographer Adept joe@vixen ...!uunet!iconsys!caeco!vixen!joe joe@amie ...!uunet!iconsys!caeco!i-core!amie!joe Phone: (801) 292-2190