mchinni@PICA.ARMY.MIL (Michael J. Chinni, SMCAR-CCS-E) (11/13/90)
Date: Sun, 21 Oct 90 12:10:12 PDT From: Peter Rowell <thirdi!peter@pyramid.com> Subject: Request for Risk Assessment Original-To: security@rutgers.edu My wife is the publications editor for a charitable organization. In connection with a journal they are working on, they will be receiving floppies from authors all over the U.S. (and possibly elsewhere). They may also be sending out floppies for review by content editors, etc. I expressed concern that they might very well be laying themselves wide open to god-knows-what in the way of viruses/worms/whatever. I also thought that they could act as a very efficient spreader of these same nasties to other unsuspecting victims. Their local "expert" told them that they had nothing to worry about, but that if "something happened" to call him and he would "fix it". QUESTIONS: Is my concern valid, even if they only read/write files in MS Word format (or Wordperfect or ??)? If it is valid: What is out there that they need to look out for? How do they detect it? How do they fix it? Can they (should they?) perform checking/sanitizing on a machine on the net or on an isolated machine? Is there a source of information on this (book/mag/etc)? The environment in question is a network of machines (mostly HP Vectras + some others) connected by ethernet, running DOS and applications such as Word, Wordperfect, Lotus 1-2-3, some-sort-of-e-mail, etc. Please e-mail any help you can offer. - ---------------------------------------------------------------------------- Peter Rowell peter@thirdi.uucp Third Eye Software, Inc. ...!{apple,pyramid,sun}!thirdi!peter 750 Menlo Avenue, Suite 300 (415) 321-0967 Menlo Park, CA 94025
mchinni@PICA.ARMY.MIL (Michael J. Chinni, SMCAR-CCS-E) (11/17/90)
I have gotten several responses to my forwarding of Mr. Rowell's message. Since they have been sent to me, it obviously wasn't clear that: 1 - I did not originate this message, I only forwarded it to the virus- l list from security@pyrite.rutgers.edu (general security list) 2 - All answers should be sent to Mr. Rowell <thirdi!peter@pyramid.com> and not to me specifically. Again please send ALL responses to Mr. Rowell <thirdi!peter@pyramid.com>. Respond to the virus-l list as well if you want, but do not send your responses to me <mchinni@pica.army.mil>. Thank you. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Michael J. Chinni US Army Armament Research, Development, and Engineering Center Picatinny Arsenal, New Jersey ARPA: mchinni@pica.army.mil UUCP: ...!uunet!pica.army.mil!mchinni /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/