VIRUS-L Digest Wednesday, 30 Nov 1988 Volume 1 : Issue 26 Today's Topics: Re: More on Morris Re: Zenith/hardcard problem response (PC) Intro to concepts of virus Re: Flushot. (PC) RE: Hardcard vs. virus protection (PC) re: Local TV broadcast Re: Zenith/Hardcard problem (PC) Availability of Internet Worm report --------------------------------------------------------------------------- Date: Wed, 30 Nov 88 08:11:06 MST From: Alan T. Krantz Subject: Re: More on Morris Uh - I'm not sure where I'm suppose to send it - maybe you'd want to read it. In this issue (#17) someone compared the act of Morris to Union Carbide. I think there are a couple of differences. First, Morris wasn't seeking any direct gains - at least not in terms that can be quantified. Second, estimate of 'damage' are difficult to take. Would a person (or persons) who was detained (or put to work) during the Virus attack lost XXX time (would have been doing XXX time of productive work)? While I admit that some damage was done and that Morris should be punished - I think an issue as to what will be accomplished by the punishment should be brought up. First, I don't think that it will serve as a strong deterrent given the class of people who commit crimes such as Morris. That is to say there seems to be a different mentality involved here than say someone who plans to embezzle money via a bank or corporation computer. (I'm not putting a value judgement here - just trying to justify why I think punishment won't be a strong deteriant). Second, will punishment reform Morris. Well, I don't think sending him to jail will do much good. He appears to have a bright future ahead of him (assuming he can continue at Cornell) and he seems to be a benevolent sort. So, I guess the question I have is what will be accomplished by sending him to prison - - or what sort of punishment does the 'hang`em' crowd have in mind? Personally, I'd like to see him do public service - maybe teaching at a local high-school. alan krantz ------------------------------ Date: Wed, 30 Nov 88 10:16:21 ECT From: Ken Hoover Subject: Re: Zenith/hardcard problem response (PC) In reply to the question about the Zenith PClone with the hard card: I think it sounds like some kind of device driver problem. I haven't worked directly with hard cards, but ask him if his hard card has an installable driver (It would be in his CONFIG.SYS file) to access it properly. If that's the case, then the driver would have to be installed on his 2.11 diskette too. - Ken Hoover (UG) T.J. Watson School of Engineering SUNY-Binghamton Binghamton, NY. [Ed. There are a couple proposed solutions to this problem in this digest; I hope that it helps out. From the sound of things, this sort of incompatability with the hardcard wouldn't provide much utility in the form of virus protection.] ------------------------------ Date: Wed, 30 Nov 88 10:16:59 EST From: "John P. McNeely" Subject: Intro to concepts of virus Hello all, I am new to the Virus community and was wondering if I could get a little help from any willing people. I have read material about virus' and some of the effects they have, but I have yet to find anything which tells a person about the principles of how virus' are developed and how they are destroyed. If anyone out there has a good definition to all of this, I would really appreciate your insight. Thanks, John Mc. P.S. It would probably be best to send replies to me instead of to the list, assuming everyone out there is an expert, they would just get bored. [Ed. There are a couple of books emerging which seem to be a pretty good place to start, including Compute!'s book, "Computer Viruses", which was mentioned in a recent VIRUS-L digest.] ------------------------------ Date: Wed, 30 Nov 88 10:39 EST From: Ain't no livin' in a Perfect World. Subject: Re: Flushot. (PC) > One question, does anyone have an opinion (from use, please!) >on the reliability of FluShot+ 1.4 for the IBM PC and compats? Here at Xavier University we use the flushot on all our DOS disks that we check out to users and also on our self booting hard-drive PC's, and so far, no viruses have shown up. So it would seem to be effective. Tom Kummer Student Consultant, Xavier University, Cincinnati, OH. ------------------------------ Date: Wed, 30 Nov 88 09:52 MDT From: GORDON_A%CUBLDR@VAXF.COLORADO.EDU Subject: RE: Hardcard vs. virus protection (PC) To Paul Coen regarding the hard-card being invisible to MS-DOS 2.11: Any program can bypass DOS and read or write directly to any device through BIOS calls. Thus it appears to me that the drive would probably *NOT* be protected by booting with the floppy and DOS 2.11. Furthermore, some soft- that will be testing may require DOS 3.xx or higher to work. Allen Gordon University of Colorado Boulder ------------------------------ Date: Wed, 30 Nov 88 13:59 EST From: Mitchel Ludwig Subject: re: Local TV broadcast To any and all who might have taken my previous message to Loren as a flame, I apologize. It was not meant to be taken as such. Although I should have known it would be taken that way by Loren, I mistakenly assumed that a request for information about Loren's anti-virus program would be taken as such. Since I was wrong, I will change my request. When will your program be released? THIS IS NOT TO BE TAKEN AS A REQUEST FOR PURCHASE!! I know Ken's policy concerning sale of merchandise over this medium and I don't want anyone to take this wrong. All I want to know is the projected date of his pc version of Innoculator. I would like to know this because I have been compiling some work involving the various methods used by the different anti-viral programs that exist and if Loren's is going to be showing up soon, I'd like to include it in the list. I hope that the program is going to be released before the end of January, as the 31st of that month is when I need to have my list compiled. You did mention that the program had been completed (I think... Considering how inaccurate I was with my last posting I might be wrong) and if so, it shouldn't be too long before it gets released? Lastly, Loren, could you please throw your postings through a spelling checker before sending them out. You turned what could have otherwise been a very interesting message (your reply to me) into a fight for comprehension. Again, sorry if it seemed like I was attempting to start a flame war. Unless your overly paranoid, I don't see how you could take it that way. Mitch Disclaimer? I don't need one. No body takes me seriously anyway... ------------------------------ Date: Wed, 30 Nov 1988 15:52 EST From: Wim Bonner <27313853@WSUVM1.BITNET> Subject: Re: Zenith/Hardcard problem (PC) |From: Paul Coen | Also, a friend of mine has a hard card, on a Zenith Z-157 | (100% PC compatable, supposidly). Using DOS 3.2, he can access his | card. However, if he puts a floppy in drive A and boots off of it | instead of the card, and the disk has the MS-DOS 2.11 system, it | doesn't know that his card is there...anyone trying to do anything | with drive c: is told that it is an invalid drive specification. Two | questions: Why? and Can this be used to protect his hard card while The probable reason that the disk cannot be accessed is taht under dos 2.xx disks larger than 10meg must have 4k clusters. The partition table tells what type of partitions are on the disk. A 3.xx or 4.xx disk has a different type specified in the partition table, and so Dos 2.xx will not recognize the partition as being a dos partition. It is Still possible for a program to attack the disk, but much less likely. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - -=-=-=-=-=-=-=-=-=- 10,000 Lemmings can't be wrong! -=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Wim Bonner Bitnet:27313853@WSUVM1 Compuserve:72561,3135 (King-Rat) The Loft - (509)335-7407 - 300/1200/2400 - 24hrs/day - PCboard 12.1/d Acknowledge-To: <27313853@WSUVM1> ------------------------------ Date: Wed, 30 Nov 1988 16:46:13 EST From: Ken van Wyk Subject: Availability of Internet Worm report Gene Spafford of Purdue University has made available a very thorough report on the recent Internet Worm, for which we all owe Gene a wholehearted thank you. It was originally available by anonymous FTP from a machine at Purdue, but they quickly got swamped with FTP requests. I was one of the lucky individuals who got the file before their machine went down, and I'd like to make it available to our VIRUS-L readers. There's a problem, though, the file that I have is a very large PostScript file. So, you would need a PostScript printer to create anything readable from it (surely everyone has a PS printer?...), and distribution via the LISTSERV would create problems on BITNET since the file is larger than the maximum allowable (300,000 character) limit on BITNET. Sure, it can be broken into several pieces, but I'd rather not. If anyone can offer a reliable anonymous FTP site, that would probably be the best solution. Ideas, comments, suggestions? Of course, this could all be moot if interest in the worm has died... Ken ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253