C S S C    N E W S L E T T E R                                                                                                                                                                                   Vol 1  No 7                                                  July 21, 1993   There is more CSSC news forthcoming.  Stay tuned for issue 8 which will  be coming out hopefully in the next week.  TABLE OF CONTENTS  1.0  PMDF documentation...available on SBSCVA's Bookreader  2.0  Viruses  3.0  Calls received/answered by SCACAD, SCADM and SCSYS for May 1993  1.0  PMDF documentation...available on SBSCVA's BOOKREADER       The latest available version (thru GETSOFTWARE) of PMDF (v 4.2) no       longer has postscript files for the documentation set.  Instead,       they have made the documentation available in BOOKREADER format.  If       you don't have BOOKREADER on your own system, this PMDF       documentation is now up on the Support Center's BOOKREADER system,       under Third Party Products, listed last under the main LIBRARY menu.       If you have questions related to accessing the Support Center       BOOKREADER system, email your questions to either SCSYS (if using       VS3100 type workstation) or SCACAD (if using Pathworks).  2.0  Viruses       With PC's and Mac's in abundance in our academic institutions and       the "shareware" mentality of all users, computer viruses are bound       to appear.  We would like to give you some information on viruses       currently in existence and how to obtain information about them.       Four classifications of viruses in existence today:       "1.  Boot Sector Viruses - typically hide or embed themselves into       the first sector of a disk.  This type of virus loads itself into       memory before the traditional anti-viral software can come on line       and detect it.  Prevention programs alone are defenseless against       Boot Sector Viruses because the virus runs every time you boot up or       when any software is being run.            Types:  Stoned Virus, Marijuana       2.  TSR RAM Virus - install themselves in RAM and take control of       the operating system.  They affect I/O routines, command       interpreters, SYS. files, etc.  They usually enter memory by       replacing the DOS Function Interrupt.  Thus, each time DOS is       executed, the virus gains control to do what it wants and passes       this request on to DOS.  As a result, many files are infected by       running a TSR RAM Virus only once, and the system continues to       operate under the influence and control of this virus.  TSR RAM       viruses are the most widespread of all viruses.            Types:  Autumn, Cascade-B, Virus 1701       3.  Application Software Viruses - generic viruses that attack a       .COM, .EXE, or SYS. file by appending (or inserting and prepending)       itself to an executable or overlay file.  Application Software       Viruses are offensive because they search for an uninfected file,       infect it, and operate each time the infected file is run.  The       original application program runs seemingly unaffected whenever the       infected file is executed.  That makes this type of virus the most       difficult to detect.            Types:  Vienna, PC Boot, Austrian, Virus 648       4.  New Generation Viruses - written by skilled authors who have       expended a great deal of effort to build-in scan detection       avoidance, just as the U.S. built "Stealth" fighter/bomber avoids       detection by enemy radar.  This virus installs itself as a memory       resident program and bypasses DOS interrupt vectors and directs       access to the ROM BIOS disk I/O routine.  In doing so, these new       generation viruses are able to avoid checksum algorithms and       anti-viral software monitoring.            The "Stealth" virus is a popular strain of new generation       virus that constantly changes its pattern so that it cannot be       detected by the traditional anti-viral software.  During the       replication stage, the Stealth virus recognizes the file size as the       initial number (the seed), then encrypts this code into the file to       be infected and generates an entirely new set of program codes.       Since the seed is constantly changing, the Stealth virus will never       have the same pattern from one infection to another.  It is clear to       see how a Virus Pattern Bank, which scans and matches sets of virus       patterns, would be ineffective against the ever-changing Stealth       virus.  This is a new strain of virus that is rapidly spreading       throughout the world."*            Types:  Virus 4096, Stealth, 100 year       Preventive maintenance suggestions:       1. "Obtain your software from a reputable source, i.e. in           original shrink-wrap from a reputable dealer.       2.  If you receive your programs from a network, quarantine them           as you would a new diskette.       3.  Develop proper disk handling techniques that prevent           contamination or data loss.       4.  Use the DOS ATTRIB command to make your key programs Read-Only.       5.  Check for viruses before backing up your programs or files.       6.  Install and use a reliable anti-virus program."*       There is an excellent document, FAQ.virus-l, provided through the       VIRUS-L list which discusses                  a) Sources of information and anti-viral software                  b) definitions                  c) virus detection                  d) protection plans                  e) facts and fibs about computer viruses                  f) miscellaneous questions                  g) specific virus and anti-viral software questions       It's a little dated (November 18, 1992) but an excellent document.       You can access it by ftping to cert.org (pub/virus-l/FAQ.virus-l)       Also X-VIRUS-L can be accessed on the Support Center's machine's VAX       Notes.  This is the best way to get up-to-the-minute virus       information.       * source taken from "Six Important Questions about Computer       Viruses...  What you Need  to Know But Didn't Know to Ask" booklet       by Trend Micro Devices, Inc., September, 1990, pages 3-4 and page       17.  3.0  Calls received/answered by SCACAD, SCADM and SCSYS for May 1993                                    Vendor support                    SCACAD    22      DSN - 1                    SCADM     79      Oracle - 1                    SCSYS    198      DSN - 1                                                                                           Editor:  Betty Spencer                                                                                                       SCACAD@SNYBSCVA

ITEC Home Page