virus_summary

From: rickr ^at^ scripps.edu (Rick Ross)
Subject: virus_summary
Date: Wed, 28 Sep 94 07:48:05 PDT
  Folks,
    Greetings here is a summary of responses to:
 	On Tue, 20 Sep 1994, Rick Ross wrote:
 > Folks,
 >   Greetings.  I know this is not a direct computational chemistry question
 but
 > I think it is a concern to all.  I was wondering if folks would be willing
 to
 > share how they protect themselves from viruses that could be imported via
 > anonomous FTP to their:  UNIX workstations; Personal Computers; or
 Macintosh
 > Computers.
 >     I would be very glad to summarize for the net if their is interest.  To
 > avoid swamping the net, perhaps folks could send answers to me directly
 > first.
 >    Thanks a bunch.
 > Rick Ross
 > rickr ^at^ ppg.scripps.edu
 > PPG Industries
 > P.O. Box 9
 > Allison Park, PA 15101
 >
 Thanks a bunch to all folks who replied.  In addition to the very useful
 info on how folks at individual sites take virus precautions is the message
 that  points out a virus maillist, a usenet conference, and a
 FAQ document on this topic.
   THanks again to all who responded!
 regards,
 Rick Ross
 P.S.  Some folks requested copies of this summary which I did not send
 because I have sent the summary to the list and didn't want to clutter
 mail boxes.  Thanks again to respondants!
 ******
 Please post a summary when you get it.  We scan our PC's & Macs every boot.
 *************
 Dear Rick,
 When I download software from any site to my Mac, I run Disinfectant (John
 Norstad, Northwestern University) on it just to be safe.
 We have a policy  ^at^  IAF of not downloading pre-compiled UNIX software from
 anonymous ftp sites.  We usually request the source code and compile it
 ourselves, unless it is from a reliable company or academic resource.
 We also keep regular backups of the whole system to minimize any possible
 loss.
 *********
 Disinfectant is pretty much the standard for Macs.  It is freely available at
 major archives, and is updated as soon as a new virus appears.  I have had
 good success with it.
 Other virus utilities for Mac, commercial or not, basically have different
 bells and whistles (faster checking perhaps, checking of archived material).
  Gatekeeper specifically is more agressive (veto-ing things at the first
 hint of trouble), and requires more configuration to allow legit programs to
 do what they should do.
 **********
 I am good with Macs.  There are two excellent anti-virus software, both free,
 for Macs, thanks to John Nosted of Northwestern U. and Chris Johnson of U.
 Texas.  You can find them from the famous Sumex, UMich, and UT sites and their
 mirror sites.  Nosted's Disinfectant can scan disks and eradicate viruses, and
 install an init to prevent invation of any known virus.  The Johnson's
 GateKeeper monitors application activities and veto any virus-like actions,
 which has been the major weapon against any unknown virus for the Mac world.
 A few new viruses were actually detected by GateKeeper by users of non-expert
 on virus.
 Are there such softwares for PC's and Unix?  I am not sure.
 Please send me a copy of your summary.  Thanks!
 *********
 I can only speak about the Mac: I have used Disinfectant for probably 5
 years now and it has served me well. It is just as effective as
 commercially available programs and less obtrusive than most of those.
 Disinfectant's author looks into every virus report sent to him and there
 is a team of people that immediately react when a new virus appears. Highly
 recommended.
 Of course I don't represent my company's point of view as they want
 everybody to use SAM something or other, which I threw off any machine I
 worked on first thing.
 ********
 My feeling is that viruses are not realy an issue with Unix machines.
 I am not up-to-date on the miriad of viruses and anti-virus software
 on PC clones.
 But, I can tell you that, for Macintoshes, Disinfectant is all you
 will ever need.  It is free, and extremely effective.  It does not
 interrupt your work to scan floppies or any such nonsense.  It
 discovers and protects against *every* known Macintosh virus, and when
 new ones are discovered, an update is usually available within hours
 or days of the discovery.  Since Mac viruses are much harder to write
 than PC viruses, and since Disinfectant has managed to eliminate new
 viruses so quickly and effectively, Mac viruses are nearly extinct.
 Disinfectant's author, John Norstad, is certainly the Jonas Salk of
 Macintosh Viruses.
 Disinfectant can be obtained via anonymous ftp from ftp.acns.nwu.edu
 [129.105.16.53] in pub/disinfectant.
 ********
 We protect our Macs using Gatekeeper and Disinfectant.
 Together, they provide enough protection that we've never had a problem
 For unix stations, the file protection system is one of your best
 protections.
 As such, the most important thing is to never run anything as
 root where you arent pretty darn sure of its security.
 Read scripts and makefiles; look through source when possible.
 Try to only install packages that are well known
 and get it froma well known source.
 Oh, we also run the security program tripwire, which
 allows you to check for alteration to a wide number
 of files, using secure, non-spoofable message digest
 functions
 to generate a checksum for each file.
 ********
 Rick,
 Hello. Recently there was a cross posting to a list (this one I think)
 about a program called CD-IT.  The authors claim it is a CDROM program by
 a real company - a false claim.  It is a virus in disguise and can be
 downloaded via a file transfer.  When it is used it reportedly causes
 catastrophic damage to hard disks.  Our department has a warning on our
 internet gateway about this program.
 Hope this is of some help even though this doesn't answer your question.
 A single gateway to a department or company is one way I believe that
 helps to protect the attached systems.
 Regards
 ******
 Hi Rick,
 since other people did the job for you, you won't need to summarize (unless
 you want more concise informations). You may be familiar with Usenet
 conferences. There is one called comp.virus, and there is a mailing list
 (similar to DIBUG) called VIRUS-L. These two have a common FAQ document
 (Frequently Asked Questions). This is an extensive survey of viruses, what
 they are, how to protect yourself on different systems, etc. This FAQ
 document is available from simtel20 servers, or directly through ftp
 from cert.org (192.88.209.5) in the file pub/virus-l/FAQ.virus-l (the
 best way to ftp is to use
 'Mosaic ftp://cert.org/pub/virus-l/FAQ.virus-l', if you have Mosaic
 installed. If someone is unable to ftp, please tell me; I'll be happy
 to send you a copy. The file is some 84 kilobytes, so I'll refrain from
 posting it to DIBUG :-) It was last updated on 18 November 1992, so
 the virus list is not up-to-date, but infos about how to protect
 your system still apply. A full list of current viruses can be
 downloaded with packages such as ScanV (currently version 117, for
 MS-DOS, look for scanv117.zip on simtel20, e.g.
 'Mosaic ftp://ftp.switch.ch/software/msdos/simtel20/virus/scanv117.zip'
 (in Switzerland)).
 Most important is to worry about viruses before you have them. Some are
 hard to detect or fix once they infected your system. Checking files
 you downloaded with a _current_ version of scanv or another virus
 checker _before_ you ever start them up is a good idea.
 I hope this helps. Best regards,
 ******
 Rick,
 >From a Unix perspective the first rule is to never run programs off the net
 as
 super user.  This in effect quarantines the program.  Also if possible get the
 program from the writers own system which may me more secure than some public
 systems.
 *******
 Hi Rick, on the Macintosh the definitive programs are:
 Disinfectant - contains code to detect all known Mac viruses and to
 eliminate them.  Updated by John Norstad within days (hours) of when
 new viruses are discovered.
 ftp://ftp.acns.nwu.edu//pub/disinfectant/disinfectant35.sea.hqx
 Gatekeeper - looks for suspicious activity (e.g., modification of
 system files) and reports and/or blocks it.
 ftp://microlib.cc.utexas.edu//microlib/mac/virus/gatekeeper-13.hqx
 Both have execellent documentation included and are free.
 ******************
 Hi,
 For the Mac the basic virus-protection you need is Disinfectant, freeware
 from John Norstad, Northwestern University and Gatekeeper, freeware from
 Chris Johnson. Both available from sumex-aim.stanford.edu on the
 info-mac/vir directory.
 This software is updated for each new virus, almost immediately after
 discovery.
 More protection (scanning of archives, and much, much more) is obtained
 by applying SAM (Symantec).
 Hope to be of help (I'm sure I am the zillionth to give you this info)
 ***************
 Hi!
 Simple. My access is through a Mac that runs Virex. The Mac is connected
 to an INDIGO R4000 SGI. Hence, everything goes through the Mac first.
 Cumbersome, but I have yet to experience a virus problem!
 ************
 I would not recommend anyone import binary executables from the
 Internet.  I use lots of public domain stuff under UNIX.  I always
 have the source, and build from source.  This will not prevent
 introduction of a virus, but if it happens, I should then be able to
 work back to the origin of the problem.  For new things, I sometimes
 test under a special account, but that won't catch things that are set
 to go on certain dates, etc...
 So far, I have had no problems.
 Ian