mchinni@PICA.ARMY.MIL (Michael J. Chinni, SMCAR-CCS-E) (11/13/90)
Date: Sun, 21 Oct 90 12:10:12 PDT
From: Peter Rowell <thirdi!peter@pyramid.com>
Subject: Request for Risk Assessment
Original-To: security@rutgers.edu
My wife is the publications editor for a charitable organization.
In connection with a journal they are working on, they will be
receiving floppies from authors all over the U.S. (and possibly
elsewhere). They may also be sending out floppies for review by
content editors, etc.
I expressed concern that they might very well be laying themselves wide
open to god-knows-what in the way of viruses/worms/whatever. I also
thought that they could act as a very efficient spreader of these same
nasties to other unsuspecting victims. Their local "expert" told them
that they had nothing to worry about, but that if "something happened"
to call him and he would "fix it".
QUESTIONS:
Is my concern valid, even if they only read/write files in MS Word
format (or Wordperfect or ??)?
If it is valid:
What is out there that they need to look out for?
How do they detect it?
How do they fix it?
Can they (should they?) perform checking/sanitizing on a
machine on the net or on an isolated machine?
Is there a source of information on this (book/mag/etc)?
The environment in question is a network of machines (mostly HP Vectras
+ some others) connected by ethernet, running DOS and applications such
as Word, Wordperfect, Lotus 1-2-3, some-sort-of-e-mail, etc.
Please e-mail any help you can offer.
- ----------------------------------------------------------------------------
Peter Rowell peter@thirdi.uucp
Third Eye Software, Inc. ...!{apple,pyramid,sun}!thirdi!peter
750 Menlo Avenue, Suite 300 (415) 321-0967
Menlo Park, CA 94025mchinni@PICA.ARMY.MIL (Michael J. Chinni, SMCAR-CCS-E) (11/17/90)
I have gotten several responses to my forwarding of Mr. Rowell's message.
Since they have been sent to me, it obviously wasn't clear that:
1 - I did not originate this message, I only forwarded it to the virus-
l
list from security@pyrite.rutgers.edu (general security list)
2 - All answers should be sent to Mr. Rowell <thirdi!peter@pyramid.com>
and not to me specifically.
Again please send ALL responses to Mr. Rowell
<thirdi!peter@pyramid.com>. Respond to the virus-l list as well if
you want, but do not send your responses to me
<mchinni@pica.army.mil>.
Thank you.
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Michael J. Chinni
US Army Armament Research, Development, and Engineering Center
Picatinny Arsenal, New Jersey
ARPA: mchinni@pica.army.mil UUCP: ...!uunet!pica.army.mil!mchinni
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/