cmcdonal@WSMR-EMH10.ARMY.MIL (Chris McDonald ASQNC-TWS-RA) (10/05/89)
THE WSMR ANTI-VIRUS PROGRAM
The subject of computer "viruses" has attracted considerable
attention in the last three years. The publicity of a Columbus Day
virus and the continuing infection rates of several Friday the 13th
viruses has pointed out the necessity of ensuring all users are aware
of common sense policies and procedures to minimize the threat of
viral attacks. This article attempts to describe our virus defense
program at the Range.
We at White Sands have a unique history in viral research.
In the summer of 1984 we at White Sands Missile Range sponsored a
computer virus "experiment" by a University of Southern California
(USC) undergraduate, Mr. Fred Cohen. Fred went on to obtain his PhD
and has written and lectured extensively on the computer virus
phenomenon. So we have had some direct experience in the area at a
rather early stage.
The definition of a "virus" from Dr. Cohen's original research
work is short, but extremely important to understand some recent viral
attacks. He defined a "virus" as "a computer program that can infect
other programs by modifying them to include a possible evolved copy of
itself." With the infection property a virus can spread throughout a
computer system or network using the authorizations of every user who
might use it to infect their own programs.
Viruses can spread on personal computers as well as on
mainframes. For a variety of reasons we have seen the majority of
viruses infecting personal computers. An Israeli researcher has
published a catalog of 77 identified MS-DOS viruses, including their
variations, as of 2 Oct 89. Other researchers have identified at
least 10 Macintosh viruses, including variations, as of 3 Oct 89.
"Variations" occur as individuals receive a copy of an original virus
and then make some change to it for the purpose of creating a "new"
virus.
If a "computer virus" is similar to a "biological virus," then
could one apply the defenses or at least the methodology used to
counter infectious human diseases to the issue of automation security?
On the assumption that the comparison holds, then prevention,
treatment and education would seem logical control measures.
We can limit our exposure to computer viruses by controlling
and by monitoring the source of our software. We can "buy" from
reputable sources. We can apply the two-person rule to the
development and to the review of software which we develop in-house.
If we must use public domain and shareware software, then we have an
obligation to observe the policies and procedures which our particular
organization has for the acquisition, control and testing of such
software. Users should also be aware that certain tenant activities
at WSMR prohibit the use of public domain software.
We have at our disposal both commercial and shareware software
products to detect known computer viruses. We have advertised over
the Workplace Automation System (WAS) electronic bulletin board the
availability of VIRUSCAN which specifically detects several Friday the
13th and Columbus Day viruses identified as the DatacrimeI and
DatacrimeII viruses. Users can contact either Bob Rothenbuhler, the
installation systems security manager, at 678-4236, or Chris Mc
Donald, an ISC information systems management specialist, at 678-4176
for assistance.
There are a variety of "disinfectant" programs for the MS-DOS
and for the Macintosh worlds which we maintain in the event of a viral
outbreak. We also have access to the resources of the National
Computer Security Center (NCSC), the Computer Virus Industry
Association (CVIA), and the Computer Emergency Response Center (CERT)
in the event of viral attacks. While it is impossible to stockpile
all possible "treatment" remedies, we have at least a good foundation.
Finally, an article such as this serves to "educate" you, the
user community, as to the threats and to some of the defenses
applicable to the computer virus problem. We have available a
briefing on computer viruses entitled "Everything the New England
Journal of Medicine will never tell you!" which discusses this
subject in some detail. The Information Systems Command has also
initiated an eight hour training class, "Protection of Automation
Resources", which will address the whole subject of automation
security, to include viruses. Both Bob and Chris are always available
to answer specific questions and to assist users within their
respective fields of interest.
While we cannot eliminate computer viruses, we can maintain a
program of prevention, detection and education to minimize the
possibly negative impact on our computing environment. Using good
common sense computing practices can reduce the likelihood of
contracting and spreading any virus.
- Backup your files periodically
- Control access to your PC or terminal and limit use to those people
whom you know and trust
- Know what software should be on your system and its characteristics
- Use only software obtained from reputable and reliable sources
- Test public domain, shareware, and freeware software before you use
it for production work
- If you suspect your PC contains a virus, STOP using it and get
assistance