davidf@cs.heriot-watt.ac.uk (David.J.Ferbrache) (06/04/89)
The idea of a handbook associated with the newsgroup is an excellent one, although I would caution that such a handbook can not be a comprehensive guide to known viruses and trojan horses without a significant (major) amount of effort on the part of the editorial committee. There are a number of excellent general papers available describing the nature of computer viruses, and the countermeasures which can be taken to prevent their spread. A general guide should probably incorporate this information, together with a short symptomatic description of the major common computer viruses across all systems. It would also be worth incorporating and updating the Dirty dozen list (by the way 8D available from Heriot-Watt University archive). It would also be useful to incorporate a public domain anti-viral software guide (a la Compute's computer virus book), including details of software availability via Jim Wright's archive site initiative. > (1) How much information should be provided in the general guide? Hmm, I would say that the guide should be aimed at casual non-systems programmers. The use of binary and resource editors together with disk recovery and reconstruction techniques are probably best ommitted from the beginners section. It might be possible to describe the use of norton utilities to destroy boot sector viruses on the IBM, and resedit to identify and repair infected Mac applications. In general however there is little or no reason to utilise Resedit directly when such powerful repair tools as Disinfectant are available. The guide should include: 1. A general introduction to the concept of a virus 2. Brief historical overview and perspective on the threat 3. Operational principles of viruses in brief (v101?) 4. Prevention, detection and recovery from viral infection (ie backups, software policies, use of checksum and file alteration checking techniques, disk access monitors etc.. mentioning the categories of anti-viral software). (maybe also include a checklist of simple anti-viral measures) 5. Known viruses (symptomatic description in brief) a. IBMPC b. MAC c.Atari d.Amiga e.Apple II 6. Trojan horses and other replicating programs Appendices: Glossary. Public domain software - availability and review. References. Dirty Dozen Trojan List. Bulletin Board contacts. > (2) How best do we handle duplicate effort? There is quite a bit of duplication to date, in Europe Klaus' virus directory will hopefully serve as a central focus for the viral code analysis and disassembly. In the UK there is CoTRA (computer threat research association) and the BCVRC (British computer virus research centre). A number of people are producing listing of known viruses, documentation on anti-viral techniques and software etc. The Homebase bulletin board, CVIA, SDCNA, NCSC, MacMash etc all jump to mind as possible organisations worth contacting. > (3) How do we assemble the editor staff? Tricky. Ideally you want the widest possible spread of expertise, preferably including an Atari ST and Amiga expert (George Woodside, Steve Tibbett ??). When the project gets off the ground I am sure you will not be short of volunteers for the project, if you wish any feedback on the UK virus scene then please get in touch and I will be happy to help. > (4) How much staff do we need? One or two for each supplement? One > for each general chapter? Should we have a chief editor or two to > oversee the whole effort and help to assure that project goals are > being met? How about a temporary peer review group to evaluate each > section as the guide is being built for the first time? Ideally a general editor who has a wide experience of viruses across all systems to prepare the introductory section, volunteers for each major machine type to deal with the specific problems of that machine (known viruses, specific disinfection software reviews etc). If you wish to include a degree of technical detail then this might include advanced recovery techniques (eg boot sector, partition record, resource and binary editing), use of signature recognition to detect viral infection, repair of infected application programs, maybe even a catalog of viruses with algorithmic descriptions. > (5) How about a different name for the effort? I would suggest an ad-hoc mailing list. Such discussion is not suitable for a newsgroup as such (unless possibly a temporary alt. group). Easiest is to add volunteers or interested parties to the list, with a known redistribution address at your site. I suspect that the effort may generate a great deal of discussion which would probably swamp most newsgroups! Thanks for volunteering Jim, Good luck. - ------------------------------------------------------------------------- Dave Ferbrache Internet <davidf@cs.hw.ac.uk> Dept of computer science Janet <davidf@uk.ac.hw.cs> Heriot-Watt University UUCP ..!mcvax!hwcs!davidf 79 Grassmarket Telephone +44 31-225-6465 ext 553 Edinburgh, United Kingdom Facsimile +44 31-220-4277 EH1 2HJ BIX/CIX dferbrache - -------------------------------------------------------------------------