Using a virus as security.
Michelle Foien
this been done) to have a virus perform some tasks to help insure
security. For example, when first ran it would infect the boot sector
(?), or whatever it needs to infect to become active when the hard
drive boots. It would then infect a couple of programs, just in case
the original booting virus ever got cleaned out there would be a
chance to re-infect whatever it got cleaned from. On subsequent boot
ups, it would loadup, check and make sure the few files it infected
still were, and then it would check a configuration file (or a
time-date stamp on a certain file) and if the date in the
configuration file was older than the current date, then the virus
would proceed to destroy certain files or even perform more malicious
acts. If the date wasn't older it would just unload or if no
configuration file was found it could commit suicide.
You'd have to manually change the date and sitting on a time bomb may
not make everyone feel secure, but if someone happend to steal your
PC, it would be reassuring that possibly they wouldn't be able to use
the HD.
Micki
Iolo Davidson
Michell...@internetMCI.COM "Michelle Foien" writes:
> I don't know much on computer virri,
You might ask your doctor what the plural form is.
> but would it be possible (or has
> this been done) to have a virus perform some tasks to help insure
> security.
Possible, yes, but entirely unnecessary. There is no advantage
to using a self replicating and hence uncontrollable program to
do any useful task, and a number of disadvantages.
--
STORES ARE FULL IS THIS
OF SHAVING AIDS AND BLADES
BUT ALL YOU NEED Burma-Shave
Mark
: In article <440gao$k...@news.internetmci.com>
: > but would it be possible (or has
: > this been done) to have a virus perform some tasks to help insure
: > security.
: Possible, yes, but entirely unnecessary. There is no advantage
: to using a self replicating and hence uncontrollable program to
: do any useful task, and a number of disadvantages.
I disagree. A virus could prove VERY useful in protecting a computer from
unauthorised use:
Someone nicks your computer and fires it up. Before the computer is used,
a program waits for a secret key sequence. Not receiving the secret key
sequence causes all AT commands to a modem to be intercepted; all
ATDT <any number> commands are now replaced with a ATDT <home number>
command. You get an ear full of modem noise which the police can later
trace.
So, the thief (or the person they sell the computer to), formats your
drive and/or some floppies...but the virus has already infected the
format command so all ATDT commands still get intercepted. Of course, a
virus checker MAY report a virus but what about that floppy you just
formatted? Or that game you just played?
Also, the virus is now recording keystrokes because later, when the
computer is recovered, there may be some useful info, like contacts,
dealers and wheelers. Smart software just recording snippets of info,
like numbers and email addresses.
And if you REALLY want to go town on this, how about behaviour analysis
and recognition?
Viruses are VERY important. Pioneers like John Von Neuman wanted to
build thinking machines and replication was a basic function. No
compouter would function without the copy instruction. Today's
computers are an offshoot of their endeavours and we must not forget
this.
--
A new generation is up and coming and they belong to the information age.
Information tools, information weapons. The power to be, and not be.
- sliver, 950918
Kevin Marcus
Mark <ma...@sliver.demon.co.uk> wrote:
>Iolo Davidson (io...@mist.demon.co.uk) wrote:
>: In article <440gao$k...@news.internetmci.com>
>: > but would it be possible (or has
>: > this been done) to have a virus perform some tasks to help insure
>: > security.
>
>: Possible, yes, but entirely unnecessary. There is no advantage
>: to using a self replicating and hence uncontrollable program to
>: do any useful task, and a number of disadvantages.
>
>I disagree. A virus could prove VERY useful in protecting a computer from
>unauthorised use:
I disagree with your disagree and agree with Iolo.
Read Vesselin's paper, "Are Good Viruses Still a Bad Ideas", available from
ftp.informatik.uni-hamburg.de in /pub/virus/texts/goodvir.zip
--
Kevin Marcus: http://cs.ucr.edu/~datadec
CS Dept, U/CA, Riverside: dat...@cs.ucr.edu
Virus-L archives: ftp://cs.ucr.edu/pub/virus-l
OKRA net.citizen Directory Services: http://okra.ucr.edu/okra
Jeff
On Mon, 25 Sep 1995, Mark wrote:
> Iolo Davidson (io...@mist.demon.co.uk) wrote:
> : In article <440gao$k...@news.internetmci.com>
> : > but would it be possible (or has
> : > this been done) to have a virus perform some tasks to help insure
> : > security.
>
> : Possible, yes, but entirely unnecessary. There is no advantage
> : to using a self replicating and hence uncontrollable program to
> : do any useful task, and a number of disadvantages.
>
> I disagree. A virus could prove VERY useful in protecting a computer from
> unauthorised use:
>
> Someone nicks your computer and fires it up. Before the computer is used,
> a program waits for a secret key sequence. Not receiving the secret key
> sequence causes all AT commands to a modem to be intercepted; all
> ATDT <any number> commands are now replaced with a ATDT <home number>
> command. You get an ear full of modem noise which the police can later
> trace.
Quite useful for catching disk theives too, if you find they are stealing
diskettes you can simple have a virus as an important looking .EXE file and
if they steal & run it you know that person must have got it from
somewheres. (It wouldn't have to be a destructive one either, just one
that you can tell has infected someones computer/disks).
Sandor Barany
>Iolo Davidson (io...@mist.demon.co.uk) wrote:
> Not receiving the secret key sequence causes all AT commands to a modem
> to be intercepted; all >ATDT <any number> commands are now replaced
> with a ATDT <home number> command.
>A new generation is up and coming and they belong to the information age.
>Information tools, information weapons. The power to be, and not be.
> - sliver, 950918
Exactly this is implemented in the superb-selling new version of
Hamilton. Please RTFM ...
EMail: S.Ba...@infosys.tuwien.ac.at (Sandor Barany, PhD Candidate)
Keyprint: 65 3F 5F 26 68 2E A3 41 BA 25 D5 54 A8 A3 3B 92 - ID 9D38BC25
FIDO: Sandor Barany (2:310/41.30) Tel: V+43-1-71191-1782
### If a train station is where a train stops, then what's my workstation? ###
Iolo Davidson
ma...@sliver.demon.co.uk "Mark" writes:
> Iolo Davidson (io...@mist.demon.co.uk) wrote:
> : In article <440gao$k...@news.internetmci.com>
> : > but would it be possible (or has
> : > this been done) to have a virus perform some tasks to help insure
> : > security.
>
> : Possible, yes, but entirely unnecessary. There is no advantage
> : to using a self replicating and hence uncontrollable program to
> : do any useful task, and a number of disadvantages.
>
> I disagree. A virus could prove VERY useful in protecting a computer from
> unauthorised use:
>
> Someone nicks your computer and fires it up. Before the computer is used,
> a program waits for a secret key sequence. Not receiving the secret key
> sequence causes all AT commands to a modem to be intercepted; all
> ATDT <any number> commands are now replaced with a ATDT <home number>
> command. You get an ear full of modem noise which the police can later
> trace.
This does not describe a virus but a trojan. What makes a virus
a virus is replication.
> So, the thief (or the person they sell the computer to), formats your
> drive and/or some floppies...but the virus has already infected the
> format command so all ATDT commands still get intercepted.
Now you have added the replication element, but guess what, you
have lost the usefulness, because the program will replicate
endlessly. It won't just be the putative thief calling you up.
You will have thousands of people haplessly autodialling you, and
visits from the police who suspect you of being the virus
distributor (and aren't you?). Your phone company won't be
pleased, because when you want your number changed, they will
never be able to use the old one again. Multiply by as many
users install such software.
> Viruses are VERY important.
They are a pain in the ass, and nothing more.
Sherwood Pekelo
: Viruses are interesting because they are interesting - not because they
: create a useful niche for themselves in society or assist computer
: users. Let's face it - viruses are fascinating for a small minority of
: programmers, and simply don't have many useful applications: this ain't
: so bad to say.
: --Antigen/VLAD
Maybe this discussion, being in this forum, is too narrowly focused on
viruses as we know them. The English language with all its ambiguity
doesn't at this time really differentiate between types of programs
that replicate themselves. There are destructive types and there are
non-destructive types. There are those that could steal information
and then there are programs that acquire information for
legitimate registration purposes, hmm sounds like a MS plan to
me...Anyhow, the end development of these programs should depend on
what the goal is. If it's to prevent an unauthorized person from
stealing the program, then maybe it's actually a trojan which will
eliminate itself if the system settings have changed.
My opinion: Some form of viruses have a purpose, it's just that at the
moment there don't appear to be any. One that would help network
managers would be one that would kill any unauthorized programs from
being entered either into a workstation or the server. You know a
program that kills Doom I/II, Descent, or Spectre VR. Who knows
technology changes and hopefully the language will catch up to properly
describe these derivatives.
Aloha from Paradise,
--
Sherwood Pekelo spe...@iav.com
Systems Manager (808) 595-3402 (work)
http://iav.com (808) 526-5702 (pager)
Mark
: ma...@sliver.demon.co.uk "Mark" writes:
: > ...all AT commands to a modem to be intercepted; all ATDT <any number>
: > commands are now replaced with a ATDT <home number> command. You get
: > an ear full of modem noise...
: Now you have added the replication element, but guess what, you
: have lost the usefulness, because the program will replicate
: endlessly. It won't just be the putative thief calling you up.
Early calls will be from the thief or those who have made contact with him,
this is fairly obvious. Cross reference to create the short list.
: You will have thousands of people haplessly autodialling you, and
: visits from the police who suspect you of being the virus
: distributor (and aren't you?).
he he he!
: Your phone company won't be pleased, because when you want your number
: changed, they will never be able to use the old one again. Multiply by
: as many users install such software.
That would be a scream!! Anyone want to take up this challenge?
(A change of phone number is a small price for the return of my equipment).
: > Viruses are VERY important.
: They are a pain in the ass, and nothing more.
Slightly narrow minded don't you think?
Mark
: purpose, but how would a file infector or bs/mbr infector, etc. tell us
: anything about ALife and thinking machines? Vi(rii/ruses) don't think -
: they are simply fascinating programs.
: Viruses are interesting because they are interesting - not because they
: create a useful niche for themselves in society or assist computer
: users. Let's face it - viruses are fascinating for a small minority of
: programmers, and simply don't have many useful applications: this ain't
: so bad to say.
Xerox studied people and the way they interact with objects around them.
Xerox spawned the idea of a GUI, now it's hard to find a platform without
it's own version. The idea was copied, this is a virus. Now check out
the definition of Xerox!
Like I said, computers are the result of scientists playing God, they
wanted to be Frankenstein and create life through electric.
Every computer has a copy instruction.
Every computer has a monster within.
Kevin Marcus
Mark <ma...@sliver.demon.co.uk> wrote:
>Kevin Marcus (dat...@corsa.ucr.edu) wrote:
>
>: Read Vesselin's paper, "Are Good Viruses Still a Bad Ideas", available from
>: ftp.informatik.uni-hamburg.de in /pub/virus/texts/goodvir.zip
>
>I will sometime, but in the mean time would you care to substantiate this
>claim, here, for the benefit of me and others who may be interested?
Well, Vesselin brings up several technical problems that Vesselin describes:
1) The Control Problem. How do you control the distribution of a virus? It
is certainly easy to control the distribution of non viral programs.
2) The Recognition Problem. This primarily deals with the interactions
between integrity checking packages, programs which perform self checks,
and other similar activity. When they are infected by a virus, they may
no longer execute. How will the virus know which things it can and can
not infect - and how will AV vendors know what and what not to detect.
3) The Resource Waste Problem. Basically, the virus can't use many
resources in comparison with what it gives the user.
4) The Bug Containment Problem. With the high quality of viruses out
there today, you might think there are no bugs in any virus. (COUGH!!!)
How do you update your virus securely?
5) Compatibility Problems. You have to be careful modifying other
programs; they may break.
6) Effectiveness Problems. How many problems are effectively solved
by viral programs, vs. how many are solved by non-viral programs?
He continues along to describe the Ethical and Legal Problems, as well as
Psycological problems.
This post is comprised primarily of Vesslin Bontchev's research,
which are available for ftp from the address above.
Iolo Davidson
spe...@aloha.com "Sherwood Pekelo" writes:
> The English language with all its ambiguity doesn't at this time
> really differentiate between types of programs that replicate
> themselves. There are destructive types and there are
> non-destructive types.
This is not the issue. All viruses are undesirable and
potentially dangerous. The Flip virus did not originally cause
any damage, but when version 5 of DOS changed the way the boot
sector parameter block was laid out, Flip suddenly started
truncating disk volumes to just under 32Mb. How does the author
of Flip withdraw his old version and issue all users with an
update? He can't. The virus is in control of its own
distribution. Multiply that by 6000 or so current viruses.
A pointer has been given to Bontchev's paper on theis subject,
which is comprehensive. Rather than rehash this argument again
(and I have seen it about every six months on comp.virus), why
don't those who are interested just get the document.
> Who knows
> technology changes and hopefully the language will catch up
> to properly describe these derivatives.
If it replicates, then it is a virus. If it doesn't, it isn't.
There is no need to put replication into any useful program. It
doesn't help in any way, and causes a number of known problems.
Get Bontchev's paper.
Kevin Martin
spe...@aloha.com (Sherwood Pekelo) seemed to say:
>
> Maybe this discussion, being in this forum, is too narrowly focused on
> viruses as we know them.
And maybe you're so hung up on finding a way to justify playing with
them that you'll use the word "virus" for things that don't reproduce
at all? If it doesn't reproduce, why call it a virus?
> The English language with all its ambiguity
> doesn't at this time really differentiate between types of programs
> that replicate themselves. There are destructive types and there are
> non-destructive types. There are those that could steal information
> and then there are programs that acquire information for
> legitimate registration purposes, hmm sounds like a MS plan to
> me...
There is nothing remotely "virus-like" about the Registration Wizard,
dammit. Viruses reproduce. I can stick floppies in and out of a Win95
box all day, and I won't transfer a Registration Wizard to any other
machine.
> My opinion: Some form of viruses have a purpose, it's just that at the
> moment there don't appear to be any. One that would help network
> managers would be one that would kill any unauthorized programs from
> being entered either into a workstation or the server. You know a
> program that kills Doom I/II, Descent, or Spectre VR.
Oh, please. A) That doesn't require a virus, just a non-replicating
policy program. B) Don't go around telling the computer not to run
program X; tell your employees you'll can them for it, if it matters
to you so much. (If it's a real issue, you've got more pressing
problems than throwing away a non-trivial part of your computer
resources on nanny programs that scan your workstations, IMHO.)
Nontechnical solutions for nontechnical problems!
--
<can...@nic.com> <can...@panix.com> <7122...@compuserve.com>
http://www.nic.com/~cannon/ Brass Cannon Consulting
Mark
compensation/ransom was paid. If that program was a virus it could infect
the back-ups. Most people, given the right circumstances, would be tempted
by such a plot. I would be, and you would be, if only you were brave
enough to admit it.
Dr Alan Solomon
The last person to try that was, allegedly, Dr Popp, with the Aids
Information Disk. He sent out 20,000 of them, but was traced,
arrested, extradited to the UK, and charged in Marylebone
Magistrates Court. He pleaded diminished competence, appeared with
his beard in curlers and a paper bag over his head, but it was the
psychiatrist's report that convinced the court that he was not
responsible for his actions. However, an Italian court wasn't so
kind, and gave hime six months.
So, although obviously you *could* try such a thing, it really isn't
advisable. To do it, you have to be not only brave, I think you
also have to be blind enough not to realise that you're likely to
be caught when you try to collect the ransom.
Dr Alan Solomon, S&S International
Chief Designer of Dr Solomon's Anti Virus Toolkit
US tel (617) 273 7400 UK tel +44 1296 318700
US email sup...@sands.com UK drs...@ibmpcug.co.uk
Web http://www.sands.com/ or http://www.drsolomon.com/
Fridrik Skulason
Hm...I'm afraid I don't see what a virus could do, which a non-replicating
program couldn't do just as well...
-frisk
Fridrik Skulason Frisk Software International phone: +354-5-617273
Author of F-PROT E-mail: fr...@complex.is fax: +354-5-617274
Mark
: Mark (ma...@sliver.demon.co.uk) writes:
: >A program could encrypt important files and only recover them once
: >compensation/ransom was paid. If that program was a virus it could
: >infect the back-ups. Most people, given the right circumstances, would
: >be tempted by such a plot. I would be, and you would be, if only you
: >were brave enough to admit it.
: The last person to try that was, allegedly, Dr Popp, with the Aids
: Information Disk.
It seems to me Dr Popp did not have enough hold over his victim, hence
police involvement.
George Smith
message (or something like that) . . . "
GOOD PLAN! Except it's been done. Joe Popp mailed thousands of
copies of his AIDS Information Trojan - which did just that -
to subscribers obtained from the mailing list of a European computer
magazine.
The scheme immdiately unraveled. New Scotland Yard got involved and
worked to have him extradited from Cleveland in the US, where he lived,
to England to stand trial on charges of blackmail. The process took
almost two years but eventually American authorities released him
to England. During the UK trial he acted crazy and the proceedings
ground to a halt with the only result that he was declared a "public
disgrace," ejected from the country and the case left open.
More recently he was tried and convicted in absentia in Italy on
similar charges.
cr...@sun.soci.niu.edu
URL: http://www.soci.niu.edu/~crypt
--
"The Virus Creation Labs"
cr...@sun.soci.niu.edu
URL: http://www.soci.niu.edu:80/~crypt