cmcdonal@wsmr-emh10.army.mil (Chris McDonald ASQNC-TWS-RA) (10/04/89)
I would like to add some additional thoughts to those who have already commented on the NIST "Computer Viruses and Related Threats: A Management Guide." 1. I believe there is a signifiant error on page 2-6. The report in discussing the INTERNET Worm states: "It was unclear what the network worm's objective was, as it did not destroy information, steal passwords, or plant viruses or Trojan horses." I think there is substantial evidence to prove that the Worm in causing denial of service attacks did indeed destroy information. Donn Seeley has made the point that the author of the Worm program specifically "deleted" an audit file so as to hide his location. There are also numberous reports that the program successfully "captured" passwords on other hosts to which the Worm author was not entitled. The NIST authors reference Dr. Spafford's report on page A-1 which addresses the "stealing" of passwords. Both Seeley's and Spafford's analysis of the incident can be found, along with other related papers, in the Jun 89 edition of the "Communications of the ACM." This ACM edition is probably the best reference on the entire incident available in the public domain. I think it should have been included in the NIST reference list. 2. I differ from several commentators who suggest that the document is "prejudiced" against the use of public domain and shareware products. I think on pages 3-3 and 5-3 the document stresses only that organizations should develop a clear policy on the acquisition and on the use of such software. 3. I am struck by the lack of any reference to Virus-L, RISKS Forum and other INTERNET services which have for years provided we users the best available, open source information on the subject of computer viruses. There is also little in the way of reference to the work of professional associations such as ACM, IEEE, the Computer Security Institute, and the Information Systems Security Association in addressing the computer virus phenomenon. Surely "technical managers", who are the audience for this publication, could use such resources to implement the virus prevention suggestions in the NIST publication. Chris Mc Donald White Sands Missile Range