Moderators.Jon.Pugh.and.Dwayne.Virnau...and.Lance.Nakata@SUMEX-AIM.STANFORD.EDU (02/15/88)
INFO-MAC Digest Monday, 15 Feb 1988 Volume 6 : Issue 14
Today's Topics:
Apple's annual report on HyperCard wanted
Problem with Hypercard Phone.
Viruses
more on Mac/HyperCard virus from CompuServe
----------------------------------------------------------------------
Date: 8 FEB 88 21:40-N
From: CZYCHI%CSGHSG52.BITNET@CUNYVM.CUNY.EDU
Subject: Apple's annual report on HyperCard wanted
Hello,
is anybody out there who has apples annual report? I know, I could phone a
toll free number, but that doesn't work from my place in Switzerland.
Thanks a lot for your help.
Gary
Gary T. Czychi University of St.Gallen
EARN%"CZYCHI@CSGHSG53"
==> "CZYCHI%CSGHSG52.BITNET@wiscvm.wisc.edu"
Tel.: --41 / 71 / 27 52 68
--49 / 211 / 46 01 23
------------------------------
Date: Thu, 11 Feb 88 22:34 EST
From: Kang Sun <SUN@VENUS.YCC.YALE.EDU>
Subject: Problem with Hypercard Phone.
Greetings,
I have problems when use the Phone Stack (therefore, the Address
Stack) to dial a telephone. No matter what number I put in the box, the
modem will only dial the one digit and then stops. My modem is claimed to
be 100% Hayes compatible and works fine with MicroPhone. Does anyone have
ever had a similar problem? or any one has a clue to this problem?
Thank you.
-- Kang Sun
------------------------------
Date: Tue, 9 Feb 88 14:00 EDT
From: ELIOT@cs.umass.edu
Subject: Viruses
(1) I think that every hard disk should have a hardware write-lock.
I don't know of any that do, but if people started to complain
to manufacturers about this it would certainly happen.
(2) I think someone could implement a patch to the Mac OS that would
disable all disk write operations. The idea is for every disk write
(or Open for Write) to put up a dialog box informing the user and
asking if it was OK. This should be designed so that it would be
very difficult for a program to figure out ahead of time that it
was going on. That means any virus which escapes this would be bigger
and thus easier to find by other means.
It would be a pain, but concerned users could use this patch when
testing any new software they have aquired. SYSOPs and user's groups
could also screen their programs, as the red cross screens the
blood supply.
Nothing is perfect, but a general purpose tool to *help* detect
viruses is needed.
(3) The Macintosh "Locked" file bit seems to be a sham. As far as
I can tell the only thing that locking a file does is to prevent
the FINDER from trashing it. Any other program can still write to
it, or delete it usign the normal Mac Traps. Apple should
modify the OS so that a locked file cannot be Deleted, or Opened
for Writing (to either fork). A virus could still check for a
change the Locked flag. If a specific trap was the only way
to change the lock bit, then applications could be scanned for
the presence of calls to that trap. Any application which has
a call to change Locked bits would be subject to deeper scrutiny.
Any virus which does not fiddle with the locks could be stopped
by locking the system file.
(4) Large computer systems have a number of security features.
Most of them are designed to protect confidential information,
which is not a concern in personel computers, but some of them
also protect the integity of the system. Small computer
manufacturers like Apple would do well to learn more abou;t
large computer systems. Not just because of viruses, but for
many other reasons as well. In th elong run I think the Mac
should develop into a proper time-shared virtual memory system.
Time sharing doesn't imply multiple users, it just means that
a single computer can pretend to be several computers at the same
time. As we move from switcher to multifinder to ??? it seems
that Apple is being dragged in this direction by customer
demands, rather than proceeding by the guidance of its own vision.
Chris Eliot
[A personal computer is a small box that sits on your desk
and must be plugged into your bank account to draw power.]
------------------------------
Date: 10 Feb 88 06:49 EST
From: science@nems.ARPA (Mark Zimmermann)
Subject: more on Mac/HyperCard virus from CompuServe
<<sorry about length of the following -- may want to truncate/synopsize
before forwarding ... ^z>>
#2558 NewApp.sit "virus"
S 1 / Forum Business
7 messages
Read? (Y or N) ! y
#: 2558 S1/Forum Business
08-Feb-88 00:01:28
Sb: #NewApp.sit "virus"
Fm: Bryan McCormick 71600,3710
To: SYSOP (X)
Hi. I am curious to know if "NewApp" unpacked under another name. I want to
make sure I didn't download and use the file. Thanks./ex
1 Reply
*** More ***
Read action:
#: 2572 S1/Forum Business
08-Feb-88 03:04:37
Sb: #2558-#NewApp.sit "virus"
Fm: Richard Reich 76011,1775
To: Bryan McCormick 716x,3710 (X)
Also, perhaps somebody with Level 4 microbe containment facilities has
disassembled the beast? Billy? I'm curious what the little s__t had in mind
for all of us.
Related subject: ad in recent New York Times business section promises total
de-virusing for a fee. Only gives phone number -- not even an indication of
what systems they can handle. This virus thing is gonna flush lots of "quacks"
out of the woodwork.
-r
2 Replies
*** More ***
Read action:
#: 2619 S1/Forum Business
08-Feb-88 21:38:13
Sb: #2572-NewApp.sit "virus"
Fm: Bryan McCormick 71600,3710
To: Richard Reich 76011,1775 (X)
Hmm. I'm sure s--t and p-ss for brains had many bad things in mind for all of
us. Hope he dumped it by mistake on himself. CNN carried a feature (yes, 30
seconds in TV is now a feature) on computer "worms" and "viruses". IBM is
scared s--tless, because, so the story goes, someone poured on of the boogers
into one of their larger client's systems--theyhave no idea of how to control
the problem either.
*** More ***
Read action:
#: 2620 S1/Forum Business
08-Feb-88 22:06:10
Sb: #2572-#NewApp.sit "virus"
Fm: Bryan McCormick 71600,3710
To: Richard Reich 76011,1775 (X)
Hello again. I just signed onto GEnie and they had/have a similar "virus"
problem. Was the file here (CIS) the new Apple Product stack? If so, then it
is the same one they had/have on GEnie. Not to worry. It seems to be an init
that is self-installing (activates, once, on March 2nd) and self-removing after
one run. I don't know if there are any other effects. The whole story is in a
file on the GEnie Mac forum. A message of world peace...? Who are Drew
Davidson and Richard Brandow anyway (they are the authors of the init). What
is MacMag?
1 Reply
*** More ***
Read action:
#: 2639 S1/Forum Business
09-Feb-88 00:58:23
Sb: #2620-#NewApp.sit "virus"
Fm: Richard Reich 76011,1775
To: Bryan McCormick 71600,3710
Yeah, Billy doped out the INIT and Neil chased the perps and found out the same
stuff over here. I'd love to hear Wiggo on the subject of what viruses could
do to IBM OS's. Gotta be a riot. The Mac is really an easy mark compared to
something like VMS, which of late has pretty good CAPABILITY for informing
system police of lots of different kinds of infection attempts. But I bet that
even VMS is vulnerable.
-r
1 Reply
*** More ***
Read action:
#: 2647 S1/Forum Business
09-Feb-88 08:35:52
Sb: #2639-#NewApp.sit "virus"
Fm: Bill Cook (Sysop*) 76703,1030
To: Richard Reich 76011,1775 (X)
Richard,
Without going into specifics, you would win your bet. But... It takes a
very good programmer to beat VMS. Doable, yes but...
Bill(Deputy Dawg)Cook
1 Reply
*** More ***
Read action:
#: 2658 S1/Forum Business
09-Feb-88 12:59:12
Sb: #2647-NewApp.sit "virus"
Fm: Richard Reich 76011,1775
To: Bill Cook (Sysop*) 76703,1030 (X)
Back a couple of years, before I got Mac-ized, I was a very good VMS systems
type. The system was not as secure then, and certainly not as easy to monitor
in terms of security. Even so, I really admired the extreme cleverness of the
two or three system-busting techniques which became well known at that time. A
good person has to spend A LOT of time on an effective VMS killer.
The things in the VMS world that diminish security:
(1) VMS people insist on being secretive about system holes that they know
about. Thus, system managers who would instantly correct the problem on their
machines are kept in the dark.
(2) Many system managers are just dopes -- see the Sloan-Kettering VAX that
was penetrated by a kid who knew the passwords on the RELEASE tape (which DEC
tells you in bold caps to change immediately). Btw, DEC fixed this one even
though it wasn't their fault in my opinion.
-r
-----
#: 2588 S1/Forum Business
08-Feb-88 13:25:49
Sb: #The "Virus"
Fm: Neil Shapiro 76703,401
To: All
After a lot of work on the part of the sysops, we have determined what the
"virus" in the NEWAPP.STK HyperCard stack does. Billy Steinberg was able to
reverse engineer (disassemble) the INIT that the virus places into System
files. The good news is that the virus is harmless. But it _is_ a computer
virus. If you have it in your System then on March 2nd it will display the
following message:
RICHARD BRANDNOW, Publisher of MacMag, and its entire staff
Would like to take this opportunity to convery their
UNIVERSAL MESSAGE OF PEACE
To all Macintosh users around the world.
(graphic of a world globe).
If you want to see if you have it, set your System clock to March 2, 1988 and
reboot. If you want to get rid of it, set your clock to March 3 and it will
show itself once and then remove itself from your System.
According to Brandnow, who I spoke to, it was not his intention to place it in
a HyperCard stack nor to have it on CIS. What he did do was to develop the INIT
in December and "left" it on their (MacMag's) own machines with the hope that
"it would spread." It appears to have been the uploader who added it to his
stack. That person has been locked off the network until we can contact him to
speak with him.
Mr. Brandnow tried to communicate to me his feelings of pride in this INIT
which he said is "non-destructive" and "neat." I am afraid that I cannot bring
myself to agree with Richard on this. While the INIT itself is non-destructive
I believe it was at least irresponsible for MacMag to have perpertrated this
type of problem and to have caused the confusion that they did. I also fear
that this could give other people ideas on less peaceful uses of such a virus.
I believe that MacMag has opened here a Pandora's Box of problems which will
haunt our Community for years.
CONTINUED
1 Reply
*** More ***
Read action:
#: 2589 S1/Forum Business
08-Feb-88 13:28:33
Sb: #2588-#The "Virus"
Fm: Neil Shapiro 76703,401
To: Neil Shapiro 76703,401 (X)
CONTINUED FROM PREVIOUS
I hope I am wrong. According to Richard, "It's a difference in culture. Here in
Canada we don't own guns. It's the United States that has the nasty people." I
think that Richard, and all of us, may find to our distress that nastiness
knows no national boundaries. But, hopefully, there will be no repeat of such a
thing here or on any other network or BBS.
It is my opinion that no one has any right, for any purpose, to fool around
with other people's computer systems. Obviously, we will try to guard against
this in the future but, as always, we will have to count on the goodwill, and
the good SENSE, of most of our membership. Thank you,
-- Neil Shapiro (Chief Sysop)
3 Replies
*** More ***
Read action:
#: 2590 S1/Forum Business
08-Feb-88 14:33:46
Sb: #2589-The "Virus"
Fm: Ray Sanders 70277,3233
To: Neil Shapiro 76703,401 (X)
Neil: I also dis-assembled the stack Sunday night. I encountered it on GEnie
and somehow suspected that a Virus (WORM ?) might be lurking. I believe that no
stack, application or any other software should modify the System file I am
working without my knowledge and express consent. Perhaps what we really need,
is an INIT that monitors for resource updates and/or writes to the System file.
The user would have to confirm or deny permission. Oh well.... point and
counter-point ad-infinitum.
--- Ray Sanders ---
*** More ***
Read action:
#: 2595 S1/Forum Business
08-Feb-88 17:30:21
Sb: #2589-The "Virus"
Fm: Jeanne DeVoto 76117,2702
To: Neil Shapiro 76703,401 (X)
I agree completely. NO PROGRAM should modify a System file without the user's
knowledge. It is not a matter of which country "has the nasty people"; it's
common courtesy and good sense. (Does Richard know *for certain* that there is
no possibility his INIT can cause unforeseen System problems later on? If not
(and I don't believe the answer can be a certain "yes"), then he has no
business promoting its use in this manner.)
I think Richard would be annoyed if I broke into his house in order to leave
behind something I consider "non-destructive" and "neat" (but which he might
not want). What the stack does is not really different.
jeanne devoto
*** More ***
Read action:
#: 2601 S1/Forum Business
08-Feb-88 19:28:58
Sb: #2589-The "Virus"
Fm: Shawn Goodin (Sysop) 76703,1034
To: Neil Shapiro 76703,401 (X)
The very first virus of a computer variety was for the Apple //! Called
"Disease DOS", it propogated itself as disks were passed from user to user in
the Chicago area. Unfortunately, its author lost control of it and for a time,
he circulated a similar virus killer to eradicate it.
Fortunately, it was a DOS 3.3 virus and used to INIT command to get from disk
to disk. The author was not proud of the notoriety and I understand that there
were many people who wanted to break his arms.....
Shawn (this was about 4 or so years ago...)
------------------------------
End of INFO-MAC Digest
**********************