Path: utzoo!attcan!uunet!aplcen!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!sunybcs!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: craig@tolerant.com (Craig Harmer) Newsgroups: comp.virus Subject: Re: mainframe viruses Message-ID: <0007.9005301400.AA10793@ubu.cert.sei.cmu.edu> Date: 26 May 90 01:20:29 GMT Sender: Virus Discussion List Lines: 38 Approved: krvw@sei.cmu.edu REICHETZ@AWIIMC11.BITNET (Christian J. Reichetzeder) writes: [text deleted] >I admit that a clever virus *could* go unnoticed for sufficient time. But it's >rather unlikely that the *developement* of the virus would - unless the whole >systems group is taking part. >Well, 'nuf said for now, I'll wait for comments >Christian while i was working at amdahl (on UTS, amdahl's Unix), i could quite readily have put my time into developing a virus. i spent quite a bit of time on test domains where i effectively had the whole machine to myself (booting, supervisor state, etc.). while i was developing standalone software, i could have just as easily split my time with developing standalone viruses. of course i was doing UTS development, but i could have brought up MVS or VM instead. but anyway, why should that be necessary? there have been several examples of Unix viruses, and a couple VMS viruses. wasn't there even something on Bitnet (i'm not sure)? i suspect that MVS and VM have *more* holes than Unix, for the simple reason that there are less people around looking for holes to exploit. far fewer people have access to the source, or machines that run it. they cost more than $1 million each, after all. it was my understanding that any user could crash VM quite easily by simply filling up all the spooling space--i don't think even unix is that fragile. and, while VM has a number of "security" or privilege levels, once you get a step beyond the joe-user level (class G?) its supposed to be easy to all the way to root (class A?). i don't know how, though; i was never very interested. there's nothing magical about MVS or VM, after all. - -- {apple,pyramid}!tolsoft!craig craig@hoser.tolerant.co m (415) 626-6827 (h) (408) 433-5588 x220 (w) [views expressed above shouldn't be taken as Tolerant's views, or your views or even as my views]