Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

NIST Special Publication

127 views
Skip to first unread message

Chris McDonald ASQNC-TWS-RA

unread,
Oct 3, 1989, 4:16:52 PM10/3/89
to
I would like to add some additional thoughts to those who have already
commented on the NIST "Computer Viruses and Related Threats: A
Management Guide."

1. I believe there is a signifiant error on page 2-6. The report in
discussing the INTERNET Worm states: "It was unclear what the network
worm's objective was, as it did not destroy information, steal
passwords, or plant viruses or Trojan horses." I think there is
substantial evidence to prove that the Worm in causing denial of
service attacks did indeed destroy information. Donn Seeley has made
the point that the author of the Worm program specifically "deleted"
an audit file so as to hide his location. There are also numberous
reports that the program successfully "captured" passwords on other
hosts to which the Worm author was not entitled. The NIST authors
reference Dr. Spafford's report on page A-1 which addresses the
"stealing" of passwords. Both Seeley's and Spafford's analysis of the
incident can be found, along with other related papers, in the Jun 89
edition of the "Communications of the ACM." This ACM edition is
probably the best reference on the entire incident available in the
public domain. I think it should have been included in the NIST
reference list.

2. I differ from several commentators who suggest that the document
is "prejudiced" against the use of public domain and shareware
products. I think on pages 3-3 and 5-3 the document stresses only
that organizations should develop a clear policy on the acquisition
and on the use of such software.

3. I am struck by the lack of any reference to Virus-L, RISKS Forum
and other INTERNET services which have for years provided we users the
best available, open source information on the subject of computer
viruses. There is also little in the way of reference to the work of
professional associations such as ACM, IEEE, the Computer Security
Institute, and the Information Systems Security Association in
addressing the computer virus phenomenon. Surely "technical
managers", who are the audience for this publication, could use such
resources to implement the virus prevention suggestions in the NIST
publication.

Chris Mc Donald
White Sands Missile Range

0 new messages