nevin1@ihlpb.ATT.COM (Liber) (08/05/88)
In article <30587@clyde.ATT.COM> feg@clyde.ATT.COM (Forrest Gehrke) writes: >I think this "virus" scare is the greatest scam since the little >man who spun gold clothes for the emperor, which everybody "saw" >and admired. In other words, you don't think that viruses are possible, or, even if they are possible, they don't exist. >The only people who are hyping this nonsense are those who purvey >"vaccines", and "hypochondriacs" who continue the nonsense. Some of the other people who are, as you say, 'hyping this nonsense', are people who have lost many weeks of valuable work to, as you say, 'the emperor's gold clothes'. Still others noticed that COMMAND.COM had changed size or timestamp and thought this was a bit unusual; I guess you would call this unfounded paranoia. >If anyone has an honest-to-God example of a one of these viruses >please, PLEASE email it to me. PLEASE DON'T!! >I'd love to dissect it to see how >these marvelous things they are supposed to effect are programmed. You either a) Really don't believe that a virus can exist. If this is true, then you don't have a high enough level of expertise with computers to be fooling around with a virus. If you had a higher level of expertise, you would realize that viruses are not only possible but they are (unfortunately) almost trivial to write. or b) Are trying to trick the net into sending you a virus. In which case under no circumstances should you be allowed to study a virus. If you really don't believe that viruses are possible, read Ken Thompson's 1983(?) Turing Award Lecture in the CACM entitled "Reflections on Trusting Trust". Although the article does not directly talk about viruses, it is easy to see that it is very closely related. If you believe that they are possible but don't exist, get the volume 6 archives of comp.risks; there are numerous articles about viruses discovered in late 1987/early 1988. AND PLEASE, DON'T SEND VIRUSES AROUND IN ANY WAY, SHAPE, OR FORM! -- _ __ NEVIN J. LIBER ..!att!ihlpb!nevin1 (312) 979-???? ' ) ) I got a new job, account, 1 out of 2 paychecks, but no / / _ , __o ____ office or *phone*; more details as they are avaiable. / (_</_\/ <__/ / <_ These are solely MY opinions, not AT&T's, blah blah blah
ddb@ns.UUCP (David Dyer-Bennet) (08/09/88)
In article <8475@ihlpb.ATT.COM>, nevin1@ihlpb.ATT.COM (Liber) writes: [while mildly flaming another poster who will remain nameless] > > You either > > a) Really don't believe that a virus can exist. > > If this is true, then you don't have a high enough level of expertise with > computers to be fooling around with a virus. If you had a higher level of > expertise, you would realize that viruses are not only possible but they > are (unfortunately) almost trivial to write. > > or > > b) Are trying to trick the net into sending you a virus. > > In which case under no circumstances should you be allowed to study a > virus. I'm sorry, but I'm getting REALLY sick of this attitude, which I've been seeing here and on Fidonet for the last few years. I believe in viruses in theory, and I believe that they exist in pracice, but I've never actually seen any evidence for their existence. What you are saying is that anybody who expresses interest in seeing a virus is a fool or a criminal; this is blatant nonsese. Some of us want to see viruses out of scientific curiosity, and some of us have been trying to get somebody to send one for YEARS, simply to get some sort of objective estimate of their real frequency. Based on several years of this, the only statement about viruses I could support with any kind of evidence is "Viruses don't exist". Since I don't believe that statement, it bothers me that it's the only one I can offer support for. -- -- David Dyer-Bennet ...!{rutgers!dayton | amdahl!ems | uunet!rosevax}!umn-cs!ns!ddb ddb@Lynx.MN.Org, ...{amdahl,hpda}!bungia!viper!ddb Fidonet 1:282/341.0, (612) 721-8967 hst/2400/1200/300
shehzad@babel.SanDiego.NCR.COM (Mevawalla Shezad) (08/10/88)
In article <727@ns.UUCP> ddb@ns.UUCP (David Dyer-Bennet) writes: >believe in viruses in theory, and I believe that they exist in >pracice, but I've never actually seen any evidence for their >existence. To give you an example of how trivial it can be to write a virus, here is something which is not exactly a virus but should give you some ideas as to how they work. Consider the instruction : MOV A,B (where A is the present address and B=A+1); This instruction reproduces itself and can devour all of memory if it is left unchecked, eating up anything resident in memory. This should make a believer out of you non-believers!
loci@csccat.UUCP (Chuck Brunow) (08/10/88)
In article <727@ns.UUCP> ddb@ns.UUCP (David Dyer-Bennet) writes: >In article <8475@ihlpb.ATT.COM>, nevin1@ihlpb.ATT.COM (Liber) writes: >> b) Are trying to trick the net into sending you a virus. >> >> In which case under no circumstances should you be allowed to study a >> virus. > > I'm sorry, but I'm getting REALLY sick of this attitude, which >I've been seeing here and on Fidonet for the last few years. I >believe in viruses in theory, and I believe that they exist in >pracice, but I've never actually seen any evidence for their >existence. > What you are saying is that anybody who expresses interest in >seeing a virus is a fool or a criminal; this is blatant nonsese. Some >of us want to see viruses out of scientific curiosity, and some of us >have been trying to get somebody to send one for YEARS, simply to get >some sort of objective estimate of their real frequency. > Based on several years of this, the only statement about viruses I >could support with any kind of evidence is "Viruses don't exist". >Since I don't believe that statement, it bothers me that it's the only >one I can offer support for. >-- Don't rock the boat! If viruses really existed, they would be an indication of the skill of computer users exceeding the skill of manufacturer's product designers and clearly mere users don't have the clout of said manufacturers so they can't be better. Even a fool or a criminal can understand that! Scientific curiousity is dangerous to the public order and must not be allowed to survive. This is generally true, as can be seen by all the terrible things that have resulted from it, and is especially true of computers because only experts can fully appreciate the financial and security concerns involved. It is far better to stop all curiosity than to allow even one potential abuser and risk embarrassment to those patriotic high-priests who make decisions for us all. If you have wasted years on this frivolous pursuit, you have a lot to atone for. As pentence, you should memorize the complete text of the prototype of modern law and order today, The Nuremberg Laws of the early 1930's. And remember, "might makes right". -- CLBrunow - ka5sof clb@loci.uucp, loci@csccat.uucp, loci@killer.dallas.tx.us Loci Products, POB 833846-131, Richardson, Texas 75083
wew@naucse.UUCP (Bill Wilson) (08/10/88)
> Don't rock the boat! If viruses really existed, they would be > an indication of the skill of computer users exceeding the skill > of manufacturer's product designers and clearly mere users > don't have the clout of said manufacturers so they can't be > better. Even a fool or a criminal can understand that! > > Scientific curiousity is dangerous to the public order and > must not be allowed to survive. This is generally true, as > can be seen by all the terrible things that have resulted from > it, and is especially true of computers because only experts > can fully appreciate the financial and security concerns > involved. It is far better to stop all curiosity than to allow > even one potential abuser and risk embarrassment to those > patriotic high-priests who make decisions for us all. > > CLBrunow - ka5sof I hope you are kidding. It is a philosophy like this one that spawned the Spanish Inquisition and the dark ages. Viruses apparently do exist (Aldus Pagemaker is one good example of a commercial package that was infected) and the more we can learn about them and about trojan programs the better off we are. I am not for mass hysteria, but I do believe that we can be bitten. I've been hit by psuedo-trojan programs (pranks) and it wouldn't take much to make one dangerous. If I wanted I could produce a trojan program that would format a hard drive or look for certain files to destroy. A good example of mainframe viruses is the corewars program. Start it up and it gobbles memory until the machine chokes. On Sigma Six computers (old Xerox) there were ways to simulate the system and let someone log on to gain their passwords. If curiosity was stifled then systems programmers would not be able to fight this type of activity. Their may be no true viruses that can completely replicate themselves, but there are trojans and learning how to combat them is in the end helpful. Let's not go back to the dark ages! Progress or regress, that's all we get! -- Bill Wilson (Bitnet: ucc2wew@nauvm) Northern AZ Univ Flagstaff, AZ 86011 {These views are mine and do not necessarily reflect those of my employer}
wew@naucse.UUCP (Bill Wilson) (08/10/88)
From article <299@babel.SanDiego.NCR.COM>, by shehzad@babel.SanDiego.NCR.COM (Mevawalla Shezad): > In article <727@ns.UUCP> ddb@ns.UUCP (David Dyer-Bennet) writes: > To give you an example of how trivial it can be to write a virus, here is > something which is not exactly a virus but should give you some ideas as > to how they work. > > > Consider the instruction : MOV A,B (where A is the present address and B=A+1); > > This instruction reproduces itself and can devour all of memory if it is left > unchecked, eating up anything resident in memory. > Here is another one. Make a program that is to do trick directories. Actually make it look at the command.com and change all interrupt 37 to intterupt 38 thus changing all absolute disk reads to disk writes. You now have a nice disk eating facility that will stay until it is used on the hard drive or boot disk and thus destroys itself. You could make sure to make the program do something useful at the same time so that it doesn't look like a trojan. There are lots of ways to destroy a disk. Another one would be to write all over the partition table of a hard drive. Very easy to do and extremely destructive. Let your mind run free. You could probably think up all sorts of ways to destroy a disk. -- Bill Wilson (Bitnet: ucc2wew@nauvm) Northern AZ Univ Flagstaff, AZ 86011 {These views are mine and do not necessarily reflect those of my employer}
brickman@cme-durer.ARPA (Jonathan E. Brickman) (08/11/88)
In article <727@ns.UUCP> ddb@ns.UUCP (David Dyer-Bennet) writes: >believe in viruses in theory, and I believe that they exist in >pracice, but I've never actually seen any evidence for their >existence. Perhaps you have never had occasion to have your system crash and disk(s) wiped and/or corrupted by a virus; lucky you. I have. When one makes a practice of trying out each and every good-looking (from descriptions) PD program on all local BBS's and NETs, one finds that viruses are not imaginary.
ddb@ns.UUCP (David Dyer-Bennet) (08/12/88)
In article <569@rtg.cme-durer.ARPA>, brickman@cme-durer.ARPA (Jonathan E. Brickman) writes: > Perhaps you have never had occasion to have your system crash and > disk(s) wiped and/or corrupted by a virus; lucky you. I have. While I've been lucky (and careful) enough not to get anything trashed by a trojan, I know lots of people who have. The discussion was about virus programs, not trojan horse programs. While I can see many ways to create a virus, and have seen published reports of their existence, I've never seen one, and I don't personally know anybody who has. The only reason this matters to me is that I'm trying to estimate, informally and just for my own interest, the virus population. Trojan horses are a dime a dozen. -- -- David Dyer-Bennet ...!{rutgers!dayton | amdahl!ems | uunet!rosevax}!umn-cs!ns!ddb ddb@Lynx.MN.Org, ...{amdahl,hpda}!bungia!viper!ddb Fidonet 1:282/341.0, (612) 721-8967 hst/2400/1200/300
haugj@pigs.UUCP (Joe Bob Willie) (08/14/88)
In article <577@rtg.cme-durer.ARPA> brickman@rtg (Jonathan E. Brickman) writes: >Here's another one. Simple as can be. It's a csh script for any and all >Unix systems: >----------------START------------ >$HOME/tw & >$HOME/tw & >----------------END-------------- >where "$HOME/tw" is the name of the csh script. The result of running this >is the devouring of all available processes, until all process space is >taken up. this would have to be run as root and would probably only work ONCE. the reason being that MAXUPC sets the maximum number of processes a user may have to be some fixed value. run away process can't run too far ... also, only root can take the last process table slot. this means in effect that root can eventually wrest control away from something like this. or, failing a reasonable approach, telinit s will surely return something resembling sanity. (or kill -1 1 for the xenix crowd.) or, better still, if you are running a real unix derivative, /etc/killall should clean things up with one single command. there are REAL ways to totally trash a unix machine, this is just not one of them. -- jfh@rpp386.uucp (The Beach Bum at The Big "D" Home for Wayward Hackers) "Never attribute to malice what is adequately explained by stupidity" -- Hanlon's Razor
brickman@cme-durer.ARPA (Jonathan E. Brickman) (08/15/88)
----------------START------------ $HOME/tw & $HOME/tw & ----------------END-------------- where "$HOME/tw" is the name of the csh script. The result of running this is the devouring of all available processes, until all process space is taken up. >this would have to be run as root and would probably only work ONCE. the >reason being that MAXUPC sets the maximum number of processes a user may >have to be some fixed value. run away process can't run too far ... Try this on a Sun server sometime. Only if you happen to have the reboot key though! ||Jonathan E. Brickman