Copy Link
Add to Bookmark
Report
40Hex Issue 07 File 001
40Hex Number 7 Volume 2 Issue 3 File 001
WISHFUL THINKING WILL NOT MAKE PUBLICITY-SEEKING VIRUSES GO AWAY
[Hmmmm, a publicity seeking virus. I had a virus like that. It
infected my computer and called every news agency telling them what it
had done.]
By: Paul Melka for Infoworld 4/27
We have all heaved a collective sigh since March 6 came and went
with little computer damage from the Michelangelo Virus. But this sense
of relief obscures what I believe is a very important fact: Michelangelo
was a turning point in the industry, as much as Microsoft's Windows 3.0
was.
Prior to March 6, the trigger date for the virus, many people hours
were spent in organizations large and small trying to prepare for
attack. [Gimme a break. An 'attack'.] And when all said and done,
PCs in the United States fared pretty well. Still everyone's memory of
the Michelangleo virus has begun to fade, and the press - which
thoroughly covered the looming threat - is now focused on how little
damage was done or how much money virus-protection vendors made.
That frustrates me. It misses a subtle yet more important aspect of
viruses: With all the publicity that Michelangelo generated, it was
the forerunner of more powerful and more destructive viruses.
The publicity from Michelangelo threw down the gauntlet to virus
writers to create newer and more destructive viruses. Gone are the days
when letters simply fall to the bottom of your screen or you get
prompted by messages asking for cookies or birthday greetings. The
industry is just beginning to see the emergence of polymorphic viruses
that change their signatures with each infection.(Already a working
version of the self-mutating engine that creates polymorphic viruses is
available on some bulletin boards, along with manuals.) And we are
beginning to see viruses that are specifically designed to foil various
detection applications. Finally there are shrink-wrapped applications
infected with viruses; now there is no "safe" way to purchase software.
The virus software authors also have an advantage over all antivirus
authors in that they can see exactly what they are going against, while
the antivirus developers still have to react to new, unknown viruses.
What types of viruses are next? I don't know, and probably most of
the experts don't know either. But you can certainly speculate on the
various directions that could be taken in the very near future. We have
already seen the evolution from file infecting viruses, boot sector
viruses, and stealth viruses to polymorphic viruses.
The increase in the number and occurences of viruses is real.
Products less then a year old that search for "over 300 viruses" are
almost laughed at today, as security specialists cite documentation of
more than 1,000 different strains of viruses. The National Computer
Security Association estimates that by the end of 1994, there will be
almost 40,000 different virus strains. [A shame they will mostly be
Tiny variants and Jerusalem Hacks]
With that kind of explosion, new protection methods will be needed.
Most of today's scanners would spent more time scanning each file for
viruses than there are working hours in a day. We will see better and
more efficient methods of detecting and preventing viruses that still
allow full use of the computer.
As a security analyst for a large utility company, I try to keep
everyone educated on the dangers of viruses and how best to avoid them.
I also try to keep myself and the company as up to date as possible on
what is happening with viruses. But unless everyone realizes that
viruses are real and takes reasonable action against them, there will
come a time when a new "super virus" that cannot be detected by any of
the existing packages is developed. [Wonder who is gonna write that one?]
It will literally cripple some major corporations, while destroying other
businesses completely.
I don't advise going back to paper and pencil, but I do think that
all PC users have to be vigilant about the threat of viruses, to educate
themselves on the prevention of viruses, and to institute "safe"
practices, including backing up data and using virus-protection
software.
The official patented 40-Hex rebuttal:
Paul Melka seems to be fairly accurate. However, there are some
things I feel are wrong. For example the estimation that there will
be 40,000 virus strains by the end of 1994. Let's just say for example
that it is about 2 years away. That would mean that there would be 53
viruses written a day, or 2.2 viruses written an hour! Jeez, we all
have a shitload of work to do. Do you find this hard to believe? I do.
Of course, the way the virus scene is heading, we are becoming like the
warez scene. All the half-assed fools spreading stuff to other BBSs, not
even seeing what they are, or if they are real. Ahh well, enough of my
complaints.
When Mr. Melka mentioned that there was no "safe" way of purchasing
software, it got me thinking. He is definately correct. Of course, I feel
that it is the responsibility of all software publishers to check their
disks before packaging them.
At first, he seemed to be very neutral, but as the article
progressed, I noticed that even Mr. Melka seemed to fall down the
endless pit of ignorance, and resorted to a scare tactic: a virus that
nothing can detect or kill. He started off saying that he was
speculating, but when he said "...there WILL come a time when a new 'super
virus' that cannot be detected by any of the existing packages is
developed. It will literally cripple some major corporations, while
destroying other businesses completely." he said WILL. It bothers me
that a member of the computer security community would be so close-
minded.
We are not trying to justify the writing of virii, mainly because we
don't have to. It isn't illegal. Making it illegal can't be done; it
takes away our rights. Of course, we want to distinguish that we don't
spread our virii to anyone who doesn't know that they are virii. It is
what they do from there that may be against the law.
If you think it stopped here, here is a letter to the editor of
Infoworld about the above article:
Both Steve Gibson and Peer-to-Peer columnist Paul Melka have hit on
the reason for the current explosion of viruses. The key is in the title
to Mr. Melka's column: "Publicity-Seeking."
Virus writers have the same mentality as chain mail writers: They
like to see how far their viruses spread and they track the spread of
their virus by its nickname. The glory from this spread would be
greatly diminished if viruses were referred to by mundane serial numbers
like 7B386621C rather than captivating nicknames like Michelangelo.
I would like to lead a campaign [The Anti Virus Crusades! Ha! I
love it!] on two fronts:
First: Establish a no-nickname rule. The National Computer
Security Association and other groups should start referring to viruses
with nondescriptive serial numbers rather than glamorous nicknames.
Second: Ask other readers to write representatives and demand
legislation that would impose suitable penalties for malicious computer
crimes. These penalties would include jail terms. [GULP!]
In closing, I believe that this is a perfect opportunity for BIOS
manufacturers to sell BIOS upgrades. Mr. Gibson's observation that the
best defense mechanism for existing viruses lies in the ROM BIOS is
absolutely correct. Seventy-four percent of virus infections could be
eliminated by a simple BIOS change. I am part of a support center for
more than 5,000 PCs; I have yet to detect a virus on those few PCs that
boot only from the hard drive.
Marvin Bullock [Buttock?]
Nashville, TN
Rebuttal part ][
----------------
Ok, this guy I don't really respect. The no-nickname rule. W0W!
What a concept. Because you take the name away from my program, I won't
recognize when some one posts "Oh yeah, The virus 7XZ23576B upon
activation a siren is heard as a ambulance is displayed across the
screen." We'd never pick up on that. I also want to know where he got
the 74% figure. It may be true, but it wasn't documented. I am not
going to argue the anti-virus issue, as I can only speculate.
Basically, it takes a twit to catch a virus. Watch what is put on your
system. If you are a system administrator, don't allow standard write
access to the network drives. If you do, expect a message like "Your
computer is stoned". In reality, YOU should be.
PS:Gibson's article refered to the Dark Avenger's MtE, worthwhile if
you don't know about it, otherwise, it is pointless.
->GHeap
+++++
