Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!pacbell.com!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: mrs@netcom.com (Morgan Schweers)
Newsgroups: comp.virus
Subject: Re: Unix viruses (UNIX)
Message-ID: <0009.9104181344.AA09450@ubu.cert.sei.cmu.edu>
Date: 17 Apr 91 10:23:00 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 46
Approved: krvw@sei.cmu.edu

Some time ago padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett
Peterson) happily mumbled:

>In the VAX world, use of version numbers in file calls (does anyone
>else ?)  would make such script spoofs more difficult.
>
>Key here is that "good" multi-user systems (e.g. unix) already have
>good defense mechanisms built in but rarely used.

Greetings,
    Beg to differ, but...
    [Wherein I deleted, a description of a very successful VMS worm,
based on version numbers]
    <Sigh> There really *ARE* some things a person shouldn't post.
Suffice it to say that a person I knew used the version number
facility of VMS to make 'script spoofs' easy.  (As well as using MBX's
as a 'trapdoor' facility which trapped the System manager even.
Scary.  Took less than a few days.)

    The 'version numbering' of VMS makes it susceptible to worms and
such.  DCL worms, also, have been around a while.

    All these things require that people run things out of other's
accounts.  However, in an educational environment this can be
considered to hold true.  In many other environments as well.

    The problem here is that *WORMS* are easy on almost any system,
but Viruses seem to be only 'easy' on PC's.  (I consider a worm a
program of which there is an entirely *SEPERATE* program, and a
virus a program which incorporates itself into the main program.)

    If you are running a Un*x system, work on the intricacies of
protections.  Proper passwording, proper protection, make sure your
users are 'security aware'.  Run COPS on your system occasionally.
For the most part, you won't need to worry about worms or viruses.
As Padgett says, you've got great protections available.  Now *USE*
them!

    Of course if you *DO* run into one, comp.virus/VIRUS-L would
probably be very interested in it.

                                             --  Morgan Schweers
+----
    I'm out of my company's field here, so they probably don't
care what I'm saying now.                    --  mrs@netcom.com
- ----+