jmolini@nasamail.nasa.gov (JAMES E. MOLINI) (10/19/90)
After several months as a computer hermit and Virus-L parasite, I
guess it's time to sharpen up the old electronic writing stick and
join the fray again. I owe this recurrence to Paul Furnanz (#171) and
Dave Grisham (#170) who asked for advice on virus defense.
Well, gentlemen, I am not very good at advice, but will you settle for an
opinion?
First, for all of those lost puppies who want to compare viruses to
living organisms (yes, I've still been reading all this time), let me
reiterate one of my earlier points:
Viruses are a computer INTEGRITY problem, nothing more. The broader
issue of malicious code can be another story, but viruses violate
system integrity. Let me elaborate.
A virus must modify some other EXECUTABLE resource on a computer
system to replicate. If it doesn't modify another executable resource
and still replicates then it can obtain computer resources on its own.
This makes it a Worm.
If it doesn't replicate, it is not a virus, it is a Trojan Horse. And
unfortunately, no one can protect you from yourself.
(If you want to know what is executable, please look up the Mar-May
issues of Virus-L. We beat that horse to death back then.)
This is all fairly basic stuff that is traceable back to Cohen, et al.
So what does this mean to you the computer user? It means that as
long as you can maintain the integrity of executable resources on your
computer system, you can protect yourself from virus infections.
Unfortunately, this is impossible to guarantee on most
micro-computers, so we are back to relative levels of risk and
effective detection.
Before I get too far off track, let me describe the approach taken
where I work. We have over 6000 IBM PC compatibles on-site and
another 4-8000 in the local area.
All users who wish to obtain Public Domain software are encouraged to
download it from a BBS that we professionally maintain and register
all users for. Every piece of software we put on the board is scanned
before it is placed in the download directories. Nevertheless, we
also display a disclaimer that we are not perfect and users should be
careful.
Software is not routinely exchanged over networks, but data is. We
recommend that users buy software when they need it and have "demo"
copies of most packages for users who want to test drive something.
This software and all PC's that run in the demonstration facility are
checked daily for viruses. This does 2 things. It makes users feel
safe when they come in to try out the software, and it allows us to
spot check user diskettes in case they are one of the walking wounded.
We have a reliable and organized method for reporting infections and
have done our best to tell users that getting infected is not a
criminal offense. When an infection occurs, any user can call a
support desk and get expert assistance with the problem. This also
applies to possible infections.
As a result, we have experienced an infection rate of less than 1 per
1000 PC's per year. Most of those infections have involved some type
of shared machine. Therefore we are increasing our virus surveillance
efforts around shared PC's and terminal areas.
Even though we do have infections, as far as we know, we have not lost
any data to viruses over the past 2 years. This is primarily due to
the relatively long latency (time between infection and destruction)
shown by the viruses we have seen. As far as I can see, the average
latency for a virus is on the order of weeks, or months. Of course
this is not always the case, but walking across the street is a crap
shoot too. Just ask any armadillo.
We are taking further steps in the future, but I will save that for a
future edition of Virus-L.
BTW, if John Perry is reading, he may be interested to know that his
infection was pre-dated by a major infestation of the Ohio Virus at a
university within 50 miles of his location. They were very lax about
correcting the situation and I would not be surprised if his situation
were an unfortunate consequence.
I hope this helps.
Jim Molini ----------------------------------------------
"Revoke 'em all & let God sort 'em out."