home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
virus
/
virusl2
/
virusl2.209
< prev
next >
Wrap
Text File
|
1995-01-03
|
30KB
|
705 lines
VIRUS-L Digest Monday, 2 Oct 1989 Volume 2 : Issue 209
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's
LEHIIBM1.BITNET for BITNET folks). Information on accessing
anti-virus, document, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
- Ken van Wyk
Today's Topics:
Introduction to the anti-viral archives
Amiga anti-viral archive sites
Apple II anti-viral archive sites
Atari ST anti-viral archive sites
Documentation anti-viral archive sites
IBMPC anti-viral archive sites
Macintosh anti-viral archive sites
UNIX anti-viral archive sites
Why not change OS?
M-1704.EXE (PC)
Follow up on Tiger Team comments.
Configuring FluShot (PC)
Re: Tiger Team comments
Future AV software (PC)
The book you've all been waiting for?
---------------------------------------------------------------------------
Date: 30 Sep 89 09:23:48 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: Introduction to the anti-viral archives
# Introduction to the Anti-viral archives...
# Listing of 30 September 1989
This posting is the introduction to the "official" anti-viral archives
of virus-l/comp.virus. With the generous cooperation of many sites
throughout the world, we are attempting to make available to all
the most recent news and programs for dealing with the virus problem.
Currently we have sites for Amiga, Apple II, Atari ST, IBMPC, Macintosh
and Unix computers, as well as sites carrying research papers and
reports of general interest.
If you have general questions regarding the archives, you can send
them to this list or to me. I'll do my best to help. If you have a
submission for the archives, you can send it to me or to one of the
persons in charge of the relevant sites.
If you have any corrections to the lists, please let me know.
------------------------------
Date: 30 Sep 89 09:25:11 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: Amiga anti-viral archive sites
# Anti-viral archive sites for the Amiga
# Listing last changed 30 September 1989
cs.hw.ac.uk
Dave Ferbrache <davidf@cs.hw.ac.uk>
NIFTP from JANET sites, login as "guest".
Electronic mail to <info-server@cs.hw.ac.uk>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Amiga index for the virus archives can be retrieved as
request: amiga
topic: index
For further details send a message with the text
help
The administrative address is <infoadm@cs.hw.ac.uk>
ms.uky.edu
Sean Casey <sean@ms.uky.edu>
Access is through anonymous ftp.
The Amiga anti-viral archives can be found in /pub/amiga/Antivirus.
The IP address is 128.163.128.6.
uk.ac.lancs.pdsoft
Steve Jenkins <pdsoft@uk.ac.lancs.pdsoft>
Service for UK only; no access from BITNET/Internet/UUCP
Terminals : call lancs.pdsoft, login as "pdsoft", pwd "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", pwd "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.
uxe.cso.uiuc.edu
Mark Zinzow <markz@vmd.cso.uiuc.edu>
Lionel Hummel <hummel@cs.uiuc.edu>
The archives are in /amiga/virus.
There is also a lot of stuff to be found in the Fish collection.
The IP address is 128.174.5.54.
Another possible source is uihub.cs.uiuc.edu at 128.174.252.27.
Check there in /pub/amiga/virus.
------------------------------
Date: 30 Sep 89 09:27:01 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: Apple II anti-viral archive sites
# Anti-viral archive sites for the Apple II
# Listing last changed 30 September 1989
brownvm.bitnet
Chris Chung <chris@brownvm.bitnet>
Access is through LISTSERV, using SEND, TELL and MAIL commands.
Files are stored as
apple2-l xx-xxxxx
where the x's are the file number.
cs.hw.ac.uk
Dave Ferbrache <davidf@cs.hw.ac.uk>
NIFTP from JANET sites, login as "guest".
Electronic mail to <info-server@cs.hw.ac.uk>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Apple II index for the virus archives can be retrieved as
request: apple
topic: index
For further details send a message with the text
help
The administrative address is <infoadm@cs.hw.ac.uk>
uk.ac.lancs.pdsoft
Steve Jenkins <pdsoft@uk.ac.lancs.pdsoft>
Service for UK only; no access from BITNET/Internet/UUCP
Terminals : call lancs.pdsoft, login as "pdsoft", pwd "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", pwd "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.
------------------------------
Date: 30 Sep 89 09:28:26 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: Atari ST anti-viral archive sites
# Anti-viral archive sites for the Atari ST
# Listing last changed 30 September 1989
cs.hw.ac.uk
Dave Ferbrache <davidf@cs.hw.ac.uk>
NIFTP from JANET sites, login as "guest".
Electronic mail to <info-server@cs.hw.ac.uk>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Atari ST index for the virus archives can be retrieved as
request: atari
topic: index
For further details send a message with the text
help
The administrative address is <infoadm@cs.hw.ac.uk>.
panarthea.ebay
Steve Grimm <koreth%panarthea.ebay@sun.com>
Access to the archives is through mail server.
For instructions on the archiver server, send
help
to <archive-server%panarthea.ebay@sun.com>.
uk.ac.lancs.pdsoft
Steve Jenkins <pdsoft@uk.ac.lancs.pdsoft>
Service for UK only; no access from BITNET/Internet/UUCP
Terminals : call lancs.pdsoft, login as "pdsoft", pwd "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", pwd "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.
------------------------------
Date: 30 Sep 89 09:28:58 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: Documentation anti-viral archive sites
# Anti-viral archive sites for documentation
# Listing last changed 30 September 1989
cs.hw.ac.uk
Dave Ferbrache <davidf@cs.hw.ac.uk>
NIFTP from JANET sites, login as "guest".
Electronic mail to <info-server@cs.hw.ac.uk>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The index for the **GENERAL** virus archives can be retrieved as
request: general
topic: index
The index for the **MISC.** virus archives can be retrieved as
request: misc
topic: index
**VIRUS-L** entries are stored in monthly and weekly digest form from
May 1988 to December 1988. These are accessed as log.8804 where
the topic substring is comprised of the year, month and a week
letter. The topics are:
8804, 8805, 8806 - monthly digests up to June 1988
8806a, 8806b, 8806c, 8806d, 8807a .. 8812d - weekly digests
The following daily digest format started on Wed 9 Nov 1988. Digests
are stored by volume number, e.g.
request: virus
topic: v1.2
would retrieve issue 2 of volume 1, in addition v1.index, v2.index and
v1.contents, v2.contents will retrieve an index of available digests
and a extracted list of the the contents of each volume respectively.
**COMP.RISKS** archives from v7.96 are available on line as:
request: comp.risks
topic: v7.96
where topic is the issue number, as above v7.index, v8.index and
v7.contents and v8.contents will retrieve indexes and contents lists.
For further details send a message with the text
help
The administrative address is <infoadm@cs.hw.ac.uk>
lehiibm1.bitnet
Ken van Wyk <LUKEN@LEHIIBM1.BITNET> new: <krvw@sei.cmu.edu>
This site has archives of VIRUS-L, and many papers of
general interest.
Access is through ftp, IP address 128.180.2.1.
The directories of interest are VIRUS-L and VIRUS-P.
uk.ac.lancs.pdsoft
Steve Jenkins <pdsoft@uk.ac.lancs.pdsoft>
Service for UK only; no access from BITNET/Internet/UUCP
Terminals : call lancs.pdsoft, login as "pdsoft", pwd "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", pwd "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.
unma.unm.edu
Dave Grisham <dave@unma.unm.edu>
This site has a collection of ethics documents.
Included are legislation from several states and policies
from many institutions.
Access is through ftp, IP address 129.24.8.1.
Look in the directory /ethics.
------------------------------
Date: 30 Sep 89 09:29:52 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: IBMPC anti-viral archive sites
# Anti-viral archive for the IBMPC
# Listing last changed 30 September 1989
cs.hw.ac.uk
Dave Ferbrache <davidf@cs.hw.ac.uk>
NIFTP from JANET sites, login as "guest".
Electronic mail to <info-server@cs.hw.ac.uk>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The IBMPC index for the virus archives can be retrieved as
request: ibmpc
topic: index
For further details send a message with the text
help
The administrative address is <infoadm@cs.hw.ac.uk>
ms.uky.edu
Daniel Chaney <chaney@ms.uky.edu>
This site can be reached through anonymous ftp.
The IBMPC anti-viral archives can be found in /pub/msdos/AntiVirus.
The IP address is 128.163.128.6.
uk.ac.lancs.pdsoft
Steve Jenkins <pdsoft@uk.ac.lancs.pdsoft>
Service for UK only; no access from BITNET/Internet/UUCP
Terminals : call lancs.pdsoft, login as "pdsoft", pwd "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", pwd "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.
uxe.cso.uiuc.edu
Mark Zinzow <markz@vmd.cso.uiuc.edu>
This site can be reached through anonymous ftp.
The IBMPC anti-viral archives are in /pc/virus.
The IP address is 128.174.5.54.
vega.hut.fi
Timo Kiravuo <kiravuo@hut.fi>
This site (in Finland) can be reached through anonymous ftp.
The IBMPC anti-viral archives are in /pub/pc/virus.
The IP address is 128.214.3.82.
wsmr-simtel20.army.mil
Keith Peterson <w8sdz@wsmr-simtel20.army.mil>
Direct access is through anonymous ftp, IP 26.2.0.74.
The anti-viral archives are in PD1:<MSDOS.TROJAN-PRO>.
Simtel is a TOPS-20 machine, and as such you should use
"tenex" mode and not "binary" mode to retreive archives.
Please get the file 00-INDEX.TXT using "ascii" mode and
review it offline.
NOTE:
There are also a number of servers which provide access
to the archives at simtel.
WSMR-SIMTEL20.Army.Mil can be accessed using LISTSERV commands
from BITNET via LISTSERV@NDSUVM1, LISTSERV@RPIECS and in Europe
from EARN TRICKLE servers. Send commands to TRICKLE@<host-name>
(for example: TRICKLE@AWIWUW11). The following TRICKLE servers
are presently available: AWIWUW11 (Austria), BANUFS11 (Belgium),
DKTC11 (Denmark), DB0FUB11 (Germany), IMIPOLI (Italy),
EB0UB011 (Spain) and TREARN (Turkey).
------------------------------
Date: 30 Sep 89 09:30:43 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: Macintosh anti-viral archive sites
# Anti-viral archive sites for the Macintosh
# Listing last changed 30 September 1989
cs.hw.ac.uk
Dave Ferbrache <davidf@cs.hw.ac.uk>
NIFTP from JANET sites, login as "guest".
Electronic mail to <info-server@cs.hw.ac.uk>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
The Mac index for the virus archives can be retrieved as
request: mac
topic: index
For further details send a message with the text
help
The administrative address is <infoadm@cs.hw.ac.uk>
ifi.ethz.ch
Danny Schwendener <macman@ethz.uucp>
Interactive access through SPAN/HEPnet:
$SET HOST 20766 or $SET HOST AEOLUS
Username: MAC
Interactive access through X.25 (022847911065) or Modem 2400 bps
(+41-1-251-6271):
# CALL B050 <cr><cr>
Username: MAC
Files may also be copied via SPAN/HEPnet from
20766::DISK8:[MAC.TOP.LIBRARY.VIRUS]
rascal.ics.utexas.edu
Werner Uhrig <werner@rascal.ics.utexas.edu>
Access is through anonymous ftp, IP number is 128.83.144.1.
Archives can be found in the directory mac/virus-tools.
Please retrieve the file 00.INDEX and review it offline.
Due to the size of the archive, online browsing is discouraged.
scfvm.bitnet
Joe McMahon <xrjdm@scfvm.bitnet>
Access is via LISTSERV.
SCFVM offers an "automatic update" service. Send the message
AFD ADD VIRUSREM PACKAGE
and you will receive updates as the archive is updated.
You can also subscribe to automatic file update information with
FUI ADD VIRUSREM PACKAGE
sumex-aim.stanford.edu
Bill Lipa <info-mac-request@sumex-aim.stanford.edu>
Access is through anonymous ftp, IP number is 36.44.0.6.
Archives can be found in /info-mac/virus.
Administrative queries to <info-mac-request@sumex-aim.stanford.edu>.
Submissions to <info-mac@sumex-aim.stanford.edu>.
There are a number of sites which maintain shadow archives of
the info-mac archives at sumex:
* MACSERV@PUCC services the Bitnet community
* LISTSERV@RICE for e-mail users
* FILESERV@IRLEARN for folks in Europe
uk.ac.lancs.pdsoft
Steve Jenkins <pdsoft@uk.ac.lancs.pdsoft>
Service for UK only; no access from BITNET/Internet/UUCP
Terminals : call lancs.pdsoft, login as "pdsoft", pwd "pdsoft"
FTP : call lancs.pdsoft, user "pdsoft", pwd "pdsoft".
Pull the file "help/basics" for starter info, "micros/index" for index.
Anti-Viral stuff is held as part of larger micro software collection
and is not collected into a distinct area.
wsmr-simtel20.army.mil
Robert Thum <rthum@wsmr-simtel20.army.mil>
Access is through anonymous ftp, IP number 26.2.0.74.
Archives can be found in PD3:<MACINTOSH.VIRUS>.
Please get the file 00README.TXT and review it offline.
------------------------------
Date: 30 Sep 89 09:31:34 +0000
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: UNIX anti-viral archive sites
# Anti-viral and security archive sites for Unix
# Listing last changed 30 September 1989
# Note that this listing is preliminary, and will likely change.
# I know the information is far from complete, but I thought it would
# be a good idea to get this out now instead of wait.
attctc
Charles Boykin <sysop@attctc.Dallas.TX.US>
Accessible through UUCP.
cs.hw.ac.uk
Dave Ferbrache <davidf@cs.hw.ac.uk>
NIFTP from JANET sites, login as "guest".
Electronic mail to <info-server@cs.hw.ac.uk>.
Main access is through mail server.
The master index for the virus archives can be retrieved as
request: virus
topic: index
For further details send a message with the text
help
The administrative address is <infoadm@cs.hw.ac.uk>
netCS
Hans Huebner <huebner@db0tui6.bitnet>
netCS is a public access Unix site in Berlin which is
also accessible through UUCP.
sauna.hut.fi
Jyrki Kuoppala <jkp@cs.hut.fi>
Accessible through anonymous ftp, IP number 128.214.3.119.
(Note that this IP number is likely to change.)
ucf1vm
Lois Buwalda <lois@ucf1vm.bitnet>
Accessible through...
wuarchive.wustl.edu
Chris Myers <chris@wugate.wustl.edu>
Accessible through anonymous ftp, IP number 128.252.135.4.
A number of directories can be found in ~ftp/usenet/comp.virus/*.
------------------------------
Date: Sat, 30 Sep 00 19:89:04 +0000
From: ficc!peter@uunet.uu.net
Subject: Why not change OS?
Rather than go through all this trouble to keep viruses out of Macs
and IBM-PCs, why not abandon the unprotected operating systems
wherever possible and switch to UNIX? If you need to run DOS or MacOS
software, there are ways of running it under UNIX in both cases: A/UX
supports Macintosh software, and the various 80386 versions of UNIX
have two DOS emulators that run in the virtual 8086 emulation mode.
With no direct access to the hardware possible, and with multiuser
security preventing writes to files (at least in the 80386 case), the
worst the virus could do would be to infect user-written programs.
When they attempted to format the hard disk, or infect installed
software, they would simply trap and abort the virtual DOS image.
UNIX-based software is extremely unlikely to be infected, since a UNIX
virus would have to infect source code to transfer out of a machine.
To defuse arguments about the Internet Worm, let us note that this
program was restricted to two brands of computer: VAXes and
68000-based Suns. And it infected a network that was deliberately
designed to be insecure. No, UNIX is not immune to trojan horses and
viruses, but by and large this sort of program is kept uninfectious
and benign by the nature of the system.
[Ed. I hope that you're wearing asbestos skivvies... :-) ]
------------------------------
Date: Sat, 30 Sep 89 16:38:52 -0500
From: James Ford <JFORD1@UA1VM.BITNET>
Subject: M-1704.EXE (PC)
I recently downloaded M-1704.ZIP from the Wellspring BBS. After
downloading it, I ran SCAN V35 (old, I know) and to my amazement, it
said that the file M-1704.EXE was infected with the "1701/1704 Version
B virus"!
Does this program include a string in it that might cause SCAN to
indicate a virus (a false alert) or can I assume that this file is
infected??
Please reply direct to me, *not* to VALERT-L....or then again, maybe
the response should be posted here. I am under the impression that
the Wellspring BBS (1-714-8567996) is an anti-viral storage site.
James Ford
(205) 348-1713
JFORD1@UA1VM.BITNET
------------------------------
Date: Sun, 01 Oct 89 01:09:25 -0400
From: dmg@lid.mitre.org (David Gursky)
Subject: Follow up on Tiger Team comments.
There have been a couple messages regarding my Tiger Team suggestion,
some of which have some good criticisms, others of which seem to have
misread or read something into my message that wasn't there.
First and foremost, I must emphasize that this would be one part of an
overall anti-virus strategy, and you must take the use of Tiger Teams
in a "positive manner", i.e. not to *punish* users who do not follow
anti-virus procedures, but to *find* such users, and having found such
users, ensure that they do follow the established anti-virus
procedures in the future. Punishing users that fail to do so only
gets the users mad, and mad users help no one.
Second, a couple people have suggested this proposal leaves live
viruses floating around desktop computers in the office, after the
Tiger Team had successfully penetrated one. I believe I stated in my
original proposal that the first step the Tiger Team would take is to
create an *image* backup of the system they will try to infect.
Regardless of the success or failure in infecting the computer, the
disk would be restored from the image backup taken originally. Now
should the TT successfully infect the system, the computer would be
"disabled"; applying a large label over the CRT would effectively tell
a user they are not to use their computer until they have gone over
the anti-virus procedures with someone from the "computer services"
department went over these procedures with the user.
Backing away from the specific subject of Tiger Teams, I wish to
emphasize the problem TTs are addressing; enactment of anti-viral
procedures. As an example, it is illegal in most states to sell
alcohol to adults under 21. In parts of the country which have these
laws and *enforce* these laws, the ease of which an adult under 21 can
purchase liquor is reduced (that is to say it is harder) over parts of
the country which have the laws and do not enforce them well, or do
not have the laws. It is a great first step if Acme Industries issues
a set of anti-viral guidelines, but unless Acme does something to see
to it the employees are following these procedures, then those
policies are nothing more than pieces of paper in the users
wastebaskets!
------------------------------
Date: Sat, 30 Sep 89 19:56:54 -0700
From: RSRANCH@UCLASSCF.BITNET (Ran Chermesh)
Subject: Configuring FluShot (PC)
I've d/l FluShot ver. 1.7 from Simtel. When I tried to install it, it
looked for the FLUSHOT.DAT file in drive A. If I'm not mistaken, this
kind of search was not part of FluShot in the past. I looked for
instruction how to configure it to drive C, but couldn't find. Did I
miss anything? Can anyone suggest a way to override this default?
Temporarily I did override it by preceding the FSP instruction with an
ASSIGN a=c instruction. Still, this couldn't be the appropriate
solution.
Ran Chermesh
RSRANCH@UCLASSCF.BITNET
p.s. Since I'm not a member of the VIRUS-L, I'll appreciate receiving
your solution directly to me. If it is the norm on this list to
summarize responses and to resubmit them to the list, please let me
know and I'll be glad to comply.
------------------------------
Date: 01 Oct 89 08:23:20 +0000
From: chinet!ignatz@att.att.com
Subject: Re: Tiger Team comments
The author of the original "Tiger Team" concept responded to a couple
of critical postings with some rebuttals. As I read them, he defended
the TT concept by emphasizing, several times, that the TT would be
checking compliance with anti-viral policies.
I ask, if this *is* the goal, couldn't the corporation provide a
configuration test program that checked for the existence of
corporation-approved software and methods without introducing a virus,
and requiring all the intermediate overhead of special backups, etc.?
Dave Ihnat
Analysts International Corporation, Chicago
ignatz@homebru.chi.il.us (preferred return address)
ignatz@chinet.chi.il.us
------------------------------
Date: 01 Oct 89 17:58:41 +0000
From: carroll1!tkopp@uunet.UU.NET (Tom Kopp)
Subject: Future AV software (PC)
I had a thought earlier about a possible future Anti-viral system. It
would be software based, therefore subject to its own corruption,
however it seems to me to be a mix of the work of Anti-Viral gurus
McAfee and Greenberg. It works something like this:
A version/variant of ViruScan would run, searching not for
viral-identifying code, but rather for the interrupt calls that write
to a disk (a la Flu_Shot techniques). When it finds one, it looks in
a table to see if that code is allowed. This table could consist of
the following format:
filename;offset of interrupt;filesize CRC;
with the possible inclusion of just WHICH interrupt was attempting to
be invoked. The user of the software could either add to the table
for software that he/she has written, or wait for updated database
listings from whoever wrote/maintained such a program. Also in the
vein of Flu_Shot, a list could be maintained of files to 'ignore'. I
do see a problem in that setting up the original database to cover the
countless programs existing is a truly arduous task, however for a
purpose such as this, I would think reputable software companies would
provide as much assistance as possible, which could be a lot if the
code was written in assembler.
Is there some other fundamental element I'm missing, or is this a
plausible idea?
tkopp@carroll1.cc.edu or uunet!marque!carroll1!tkopp
Thomas J. Kopp @ Carroll College 3B2 - Waukesha, WI
------------------------------
Date: Sun, 01 Oct 89 17:58:04 -0400
From: dmg@lid.mitre.org (David Gursky)
Subject: The book you've all been waiting for?
John McAfee of Interpath, National Bulletin Board Society, and
Computer Virs (Virus, not Virs) Industry fame has written a book.
Entitled _Computer Viruses, Worms, Data Diddles, Killer Programs, and
Other Threats to Your System: What They Are, How They Work, and How to
Defend Your PC, Mac, or Mainframe_, it is co-authored with Colin
Haynes, and published by St. Martin's Press.
I finished reading it today, and this is some preliminary thoughts I
have on the book (this message would be more detailed, but I have to
catch a plane to New Orleans tonight and I leave in thirty minutes).
I do not like this book. I found it to be (at various points)
contradictory, incomplete, and alarmist. Before the flame wars begin,
let me emphasize that the whole book is not constantly contradictory,
incomplete, and or alarmist, nor is any one section all three of those
things. Some sections (most notably the first third of the book and
the last chapter) are very alarmist. In the final chapter for
instance, McAfee quotes some NBBS users about what type of viruses do
they see "looming in the distance". One example cited is a
modification to the electronic switches used by the phone company to
reroute a call placed by caller n to the number dialed by called n-1.
A second example would have the computers controlling the nation's
traffic lights (the computers are made by one of three companies) all
turn green in all directions on a given Friday. I leave it as an
exercise to Virus-L readers to find where these are flawed, other than
the obvious one that neither of these are viruses per se, but are
examples of destructive measure viruses could be put to.
In between the beginning and the end of the book, McAfee focuses on a
technical discussion of viruses, and he does, alright. There are much
better books (IMO) on the market about PC viruses (such as the Compute
book) or viruses in general (Ralf Burger's _Computer Viruses, A High
Tech Disease_), but if you are comfortable with McAfee's paradigm's,
then his work is acceptable. If you are not comfortable with McAfee's
paradigm, or if you are concerned with viruses in the Macintosh
environment (or to a lesser degree, the mainframe environment), you
will get awfully confused. The book has a very heavy PC bias, and
(for example) trying to fit McAfee's generic description of viruses
into the Macintosh paradigm does not work easily.
I will be out of town for two weeks, and Virus-L will be on vacation
by the time I get back. When I do get back into town, I will write a
more comprehensive review for Virus-L. What it all comes down to is
this. McAfee & Haynes' book is no great shakes; it simply is not well
written. This is not to call John McAfee names or anything, but "he
should not give up his day job". My advice is to buy a copy of the
NIST paper (which is shorter, more concise, and has a greater
proportion of useful information) and a good set of anti-virus tools
for your computer. Viruscan is one of the best for the PC from what I
understand, and a bargain at $15.
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253
