Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!uwvax!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!ubu.cc.lehigh.edu!virus-l From: KDC%ccm.UManitoba.CA@CUNYVM.CUNY.EDU (Ken De Cruyenaere) Newsgroups: comp.virus Subject: Virus threats to mainframes Message-ID: <0001.8906161915.AA20442@spot.CC.Lehigh.EDU> Date: 15 Jun 89 20:48:00 GMT Sender: Virus Discussion List Reply-To: VIRUS-L@IBM1.CC.Lehigh.EDU Lines: 56 Approved: virus-l@ubu.cc.lehigh.edu In tune with our moderator's interest in expanding the discussion on viruses, here is some food for thought, from the June 1989 issue of Canadian Datasystems: VIRUSES POSE INCREASING MENACE TO MAINFRAMES Viruses represent a growing, unrecognized menace to large systems, virus experts told a Canadian Information Processing (CIPS) security seminar in Toronto recently. Security consultant Peter Kingston of Kingston Goulborn & Assoc., Don Mills, Ontario, said DP professionals badly under estimate their exposure to viruses. He said the threat is greater than most people realized on mainframes. Midrange systems were even more vulnerable. Dr. Harold Highland, editor of computer security journals in the US and UK and coordinator of an international study on virus filters, said a lack of publicity did not mean mainframes had not yet been attacked by viruses. He said firms tend to cover up such breaches of security, much as they do cases of embezzlement. They don't want to proscecute violators or make the incidents known. He had not officially heard of any viruses infiltrating mainframes, he said. But he had learned unofficially of viral assaults on mainframes from vendors who sold security packages for large systems. Awareness would remain low until some reporter dug out the facts and revealed what has been happening. He said the extent of the threat was difficult to fathom because of corporate secrecy and the fact many computer foulups mimic viral intrusions. A lot of suspected viruses turn out to be simply human errors, he said. For example, someone may try to run a communications program on an incompatible operating system and blame the resulting disruption on a virus. He indicated large systems could be infected more easily than was commonly believed. In particular, he said a glaring weakness existed in Communications Monitoring System (CMS) version 4 for IBM's MVS operating system where a dangerous virus could be introduced by simply programming 16 lines of code. Networks are also highly vulnerable to infection, said Mr. Kingston. He said LAN security depended a great deal on protecting file servers, and monitoring gateways and passwords. User and message authentication was lacking at LAN front ends. He said a lot more encryption techniques and control of LAN administrators were needed to forestall future trouble. Dr. Highland demonstrated several different types of common PC viruses. One invaded spreadsheets and made incorrect adjustments to a few figures in only one column of a worksheet every time the program was activated. For some software filters to work, users must indicate precisely what files they want protected, he said. Some filters take 4 to 6 hours to install on each PC. This could translate into substantial time and expense for corporations with thousands of micros. Dr. Highland said no foolproof measures existed for safeguarding data. He frequently advised people to go "to your church, synagogue, mosque or whatever your place of worship and pray". - --------------------------------------------------------------------- Ken De Cruyenaere - Computer Security Coordinator Computer Services - University of Manitoba - Winnipeg, Manitoba, Canada Bitnet: KDC@CCM.UManitoba.CA (204)474-8340