** ** ****** ** ** ******** ** ** ***** ** ** ** * ** ** ** *** ** ** ** ** ** * ** ** ** * **** **** ** * ** ** ** ** ** **** ** ** ** ** ** *** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** * ** ** ** ** ** ****** ** ** ** ***** ***** ** ** ** ****** ****** ***** ** **** ******** ****** ****** ** ** ** ** * ** ** * ** ** ** ** ****** **** ** ** ** ** **** ****** ** ** ** ** **** ** ** ** ** ** ** ** ** ** ** ** ** * ** ** ** ** ** ** ** ** ****** ***** ** **** ** ****** ** ** **** KY REGISTER **** KY REGISTER **** KY REGISTER **** KY REGISTER *** JUNE 1992 TABLE OF CONTENTS UKCC Short Courses . . . . . . . . . . . . . . . . . . . . . . . 38 Changes to VM Batch . . . . . . . . . . . . . . . . . . . . . . . 114 VIEW UKCC SECURITY Now Available . . . . . . . . . . . . . . . . 139 DECUS Meeting . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Everything You Wanted to Know About Computer Viruses . . . . . . 171 Services Directory . . . . . . . . . . . . . . . . . . . . . . . 407 ********************************************************************** UKCC SHORT COURSES The following short courses are free to all UK faculty, staff, and students, but preregistration is required. If you register for a course and then find that you can't attend, please cancel your registration by calling 257-UKCC. Failure to do so may jeopardize your right to register for future UKCC short courses. There are two ways you can register, depending on the class: * You can register online -- some classes require online registration. Just enter VIEW UKCC SHORTCOURSE on your CMS account and follow the menus. * You can register by calling 257-UKCC (this is Voice Mail Exchange; your registration will be confirmed by phone within five days). Many of these classes don't require any knowledge or experience with any computer system. If there are prerequisites for a particular class, they'll be listed in the class description. If you have questions about class content or bypassing prerequisites, call the instructor for that class. INTRODUCTION TO VM/CMS AND XEDIT June 18 2:00 to 4:00 p.m. 106 McVey Hall A basic introduction to interactive use of the IBM 3090, this class presumes no previous knowledge of the IBM or any other computer system. You'll learn how to access the computer, how to create and manage files on your account, and how to use online tools such as CALENDAR and VIEW. You'll also learn how to use the CMS text editor, Xedit, to create and modify individual files. This class will provide hands-on practice of the commands that are covered. You'll be given a class computer account which will remain active for the duration of the course. Your instructor will be Chris Corman, 257-2243, chris@ukcc.uky.edu. INTRODUCTION TO ELECTRONIC MAIL ON THE IBM 3090 June 19 2:00 to 4:00 p.m. 106 McVey Hall An introduction to the MAIL command on the IBM 3090, this class is for the beginner. You'll learn how to create mail files and send them to other users on the IBM 3090 as well as to users on the Prime and Wang systems. We'll also cover the use of BITNET to communicate with individuals at other academic centers around the world, and you'll learn how to read incoming mail and some techniques for storing old mail. We'll discuss how to create and maintain a NAMES file of individuals with whom you frequently correspond. You'll learn the log on sequence and some basic CMS background before we begin the discussion of MAIL. This class presumes no previous knowledge of the IBM 3090 or any other computer system. You'll be given a CMS account for the duration of the course and will receive hands-on instruction for all the commands covered. Your instructor will be Chris Corman, 257-2243, chris@ukcc.uky.edu. INTRODUCTION TO SPSS June 23, 24, 25, and 26 3:00 to 5:00 p.m. 106 McVey Hall SPSS is a powerful program for displaying and analyzing data on the IBM 3090. This course is designed for those who have little or no knowledge of SPSS, but do have experience with CMS or have completed the Introduction to VM/CMS & Xedit class, described above. Your instructor will be Emmanuel Okorley (257-3238, okorley@ukcc.uky.edu), and online registration is required for this course. ****************************************************************** CHANGES TO VM BATCH The following changes to VM BATCH went into effect on Monday, May 18, 1992. The total number of jobs any userid may have in the batch queue or running at any one time will be limited to two. This should not pose too much of a hardship since users can "chain" jobs so that as one job finishes, it submits their next job to the batch queue. An automatic monitoring program will send a message to users who are running a large job interactively and adversely affecting other users. This message will suggest that they should be running in batch mode. If the users persist, their share of the machine will be lowered drastically for the duration of the job. A "large interactive virtual machine" is defined as 128 MB or larger. The parallel batch class will be given a higher share on a trial basis. If this policy adversely affects other users, it will be discontinued. If you have questions about these changes, please contact a Consultant in 107 McVey Hall, 257-2249, suggest@ukcc.uky.edu. -- Anne Leigh ****************************************************************** VIEW UKCC SECURITY VIEW UKCC SECURITY is now available on VIEW. It offers information on all security-related information at the UKCC, including ethics and computer usage policy. To access it, enter VIEW UKCC SECURITY Move the cursor to the desired topic and press PF2. Follow the menus. If you need more information about computer security, contact the UKCC Security Officer, Jack Coffman at 257-2273, uka051@ukcc.uky.edu. If you need help with any of the VIEW services, please contact a UKCC Consultant at 257-2249, 107 McVey Hall, suggest@ukcc.uky.edu ****************************************************************** DECUS JUNE MEETING The June meeting of the DECUS Capital City Local Users Group will meet June 17, 1992, at 10:00 a.m., at the Ky. Department for Libraries and Archives, 300 Coffee Tree Road, Frankfort. For more information about the DECUS group and/or the June meeting, please contact Skip Hunt at 502/875-7000. If you're a UK employee, dial 180 and ask to be connected to the Department for Libraries and Archives; this will save the cost of a long- distance call. ****************************************************************** EVERYTHING YOU WANTED TO KNOW ABOUT COMPUTER VIRUSES, BUT WERE AFRAID TO ASK: PART TWO This is the second part of a series of articles about computer viruses. For more information about viruses, contact Jack Coffman at 257-2273, uka051@ukcc.uky.edu. Can a virus infect data files? Several viruses contain bugs which make them infect non-executable programs. However, in order to spread, the virus must be executed. Therefore, the infected non-executable files cannot be sources of infection. It is not always possible to make a distinct difference between executable and non-executable files. One person's code is another person's data and vice versa. Several files that are not directly executable contain code or data, which is at some time executed or interpreted. Some examples from the IBM PC world are .OBJ files, libraries, device drivers, source files for any compiler or interpreter, macro files for some packages like MS Word and Lotus 1-2-3, and many others. Currently, there are viruses that infect boot sectors, master boot sectors, COM files, EXE files, BAT files, and device drivers, although any of the objects mentioned above can theoretically be used as an infection carrier. PostScript files can also be used to carry a virus, although no currently known virus does that. Are mainframe computers susceptible to computer viruses? Yes. Numerous experiments have shown that computer viruses spread very quickly and effectively on mainframe systems. However, to our knowledge, no non-research computer virus has been seen on mainframe systems. (The internet worm of November 1988 was not a computer virus by most definitions, although it definitely had some virus-like characteristics.) Computer viruses are actually a special case of something else called "malicious logic," and other forms of malicious logic -- notably Trojan horses -- are far quicker, more effective, and harder to detect than computer viruses. Hence, those tend to be used to attack mainframe systems, rather than computer viruses. For further information on malicious programs on multi-user systems, see Matt Bishop's paper, "An Overview of Malicious Logic in a Research Environment." The paper is available via anonymous FTP on Dartmouth.edu (129.170.16.4) as "pub/security/mallogic.ps." Can viruses spread from one type of computer to another (e.g., Amiga to PC), even if they can both read the same format disks, like the Atari ST reading MS-DOS format disks? The simple answer is that no currently known viruses can do that. Although the disk formats may be the same, the different machines interpret the code differently. For example, the Stoned virus cannot infect an ST as the ST cannot execute the virus code in the boot sector. The Stoned virus contains instructions for the 80x86 family of CPUs that the 680x0-family CPU (Atari ST) can't understand or execute. The more general answer is that such viruses are possible, but unlikely. Such a virus would be quite a bit larger than current viruses and might be easier to find. Additionally, the low incidence of cross-machine sharing of software means that any such virus would be unlikely to spread; it would be a poor environment for virus growth. Can MS-DOS viruses run on non-DOS machines, such as Mac or Amiga? In general, no. However, on machines running DOS emulators (either hardware- or software-based), DOS viruses -- just like any DOS program -- may function. These viruses would be subject to the file access controls of the host operating system. An example is when running a DOS emulator such as VP/ix under a 386 Unix environment, DOS programs are not permitted access to files which the host Unix system does not allow them to. Thus, it is important to administer these systems carefully. Can boot sector viruses, like Stoned, infect non-bootable floppy disks? Any diskette that has been properly formatted contains an executable program in the boot sector. If the diskette is not bootable, all that boot sector does is print a message like "Non-system disk or disk error; replace and strike any key when ready," but it's still executable and still vulnerable to infection. If you accidentally turn your machine on with a non-bootable diskette in the drive and see that message, it means that any boot virus that may have been on that diskette *has* run, and has had the chance to infect your hard drive or whatever. So when thinking about viruses, the word "bootable" (or "non-bootable") is really misleading; all formatted diskettes are capable of carrying a virus. Can I avoid viruses by avoiding shareware/free software/games? No. There are many documented instances in which commercial shrink-wrap software containing viruses was inadvertently distributed. Avoiding shareware, freeware, games, etc., only isolates you from a vast collection of software (some of it very good, some of it very bad, most of it somewhere in between). The important thing is not to avoid a certain type of software, but to be cautious of any and all newly acquired software. Simply scanning all new software media for known viruses could be effective at preventing virus infections, especially when combined with some other prevention/detection strategy such as integrity management of programs. Is it possible to protect a computer system with only software? Not perfectly; however, software defenses can significantly reduce your risk of being affected by viruses when applied appropriately. All virus defense systems are tools; each with their own capabilities and limitations. Learn how your system works and work within its limitations. From a software standpoint, a very high level of protection/detection can be achieved with only software, using a layered approach. 1) ROM BIOS: password (access control) and selection of boot disk (some may consider this hardware). 2) Boot sectors: integrity management and change detection. 3) OS programs: integrity management of existing programs, scanning of unknown programs. Requirement of authentication values for any new or transmitted software. 4) Locks that prevent writing to a fixed or floppy disk. As each layer is added, invasion without detection becomes more difficult. However, complete protection against any possible attack cannot be provided without dedicating the computer to pre-existing or unique tasks. The international standardization of the IBM PC architecture is both its greatest asset and its greatest vulnerability. What can be done with hardware protection? Hardware protection can accomplish various things, including write protection for hard disk drives, memory protection, monitoring and trapping unauthorized system calls, etc. Again, no tool is foolproof. The popular idea of write-protection may stop viruses spreading to the disk that is protected, but doesn't, in itself, prevent a virus from running. Will a write-protect tab on a floppy disk stop viruses? In general, yes. The write-protection on IBM PC (and compatibles) and Macintosh floppy disk drives is implemented in hardware, not software, so viruses cannot infect a diskette with a write-protection mechanism that is functioning properly. But remember: A computer may have a faulty write-protect system (this happens!). Someone may have removed the table for a while, allowing a virus on; the files may have been infected before the disk was protected; and even some diskettes straight from the factory have been known to be infected in the production process. You can test it by trying to copy a file to the diskette. So, it is worthwhile to scan even write-protected disks for viruses. Will password/access control systems protect my files from viruses? Some will, some won't. Many file access control systems for PCs do a great deal to guard against existing PC viruses. A good operating system combined with use of memory management hardware is best but not foolproof. The important thing is that they be properly installed and administered. Will setting DOS file attributes to Read Only protect them from viruses? No. While the Read Only attribute will protect your files from a few viruses, most simply override it, and infect normally. So, while setting executable files to Read Only is not a bad idea, it is certainly not a thorough protection against viruses. Will the protection systems in DR-DOS 5 or 6 work against viruses? Partially. Neither the password file/directory protection available from DR-DOS version 5 onwards, nor the secure disk partitions introduced in DR-DOS 6, are intended to combat viruses, but they do to some extent. If you have DR-DOS, it is wise to password-protect your files, but don't depend on it as the only means of defense. The use of the password command will stop more viruses than the plain DOS attribute facility, but that isn't saying much. The combination of the password system plus a disk compression system may be more secure (to bypass the password system they must access the disk directly, but under SuperStore or Stacker the physical disk is meaningless to the virus). There may be some viruses which, rather than invisibly infecting files on compressed disks, actually visibly corrupt the disk. The "secure disk partitions" system introduced with DR-DOS 6 may be of some help against a few viruses that look for DOS partitions on a disk. The main use is in stopping people fiddling with (and infecting) your hard disk while you are away. Could an anti-viral program itself be infected? Yes, so it is important to obtain this software from a good source and to only trust results after running scanners from a clean system. But there are situations where one scanner appears to be infected when it isn't. Most anti-viral programs try to identify only viral infections, but sometimes they give false alarms. If two different anti-viral programs are both of the scanner type, they will contain signature strings to identify viral infections. If the strings are not encrypted, they will be identified as a virus by another scanner type program. Also, if the scanner does not remove the strings from memory after they are run, another scanner may detect the virus string in memory. Some change detection type anti-viral programs add a bit of code or data to a program when protecting it. This might be detected by another change detector as a change to a program, and therefore suspicious. It is good practice to use more than one anti-viral program. Do be aware, however, that anti-viral programs, by their nature, may confuse each other. Getting More Information VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform; diversity is welcomed. Contributions should be relevant, concise, polite, etc. The complete set of posting guidelines is available by FTP on cert.sei.cmu.edu or upon request. Please sign submissions with your real name. Send contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to VIRUS-L at LEHIIBM1 for BITNET folks). Information on accessing anti-virus, documentation, and back issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to krvw@cert.sei.cmu.edu. Editor's Note: This article was adapted from the VIRUS-L digest, volume 5, issue 70. ******************************************************************* UKCC SERVICE DIRECTORY McVey Service E-Mail Address Phone Hall Vice President, Information Services Eugene R. Williams DPS128@UKCC 257-3609 Assoc. VP, University Computing Services Dr. Douglas Hurley HURLEY@UKCC 257-2900 128 Director, Communications Services Doyle Friskney DOYLE@UKCC 257-6225 Director, Center for Computational Sciences Dr. John Connolly CONNOLLY@UKCC 257-8737 324 Director, Academic User Services Dr. Robert S. Tannenbaum RST@UKCC 257-2900 128 Director, Distributed Services Janet Baynham DPS108@UKCC 257-1535 120 Director, Information Resources Dr. Jon Hesseldenz UKA045@UKCC 257-3904 230D Academic Consulting Services Wayne Beech WAYNE@UKCC 257-2238 117 CMS Consulting Bob Crovo CROVO@UKCC 257-2258 109 Complaints Sue Myers SMYERS@UKCC 257-2257 121 Consultant for Remote Sites Wanda Dixon WANDA@UKCC 257-2206 115 Consulting Consultant on Duty SUGGEST@UKCC 257-2249 107 Database - IDMS Rick Chlopan DBA003@UKCC 257-2218 211D Data Center 257-2222 61 Data Entry Frank McCormick OPFRANK@UKCC 257-2216 72 Desktop Publishing Consulting Marguerite Floyd EDITOR@UKCC 257-2219 205 Disk Rental Janet Hyatt HYATT@UKCC 257-2212 130 Larry Johnson JOHNSON@UKCC 257-2217 130 Facilities Operations Joe Williams UKA048@UKCC 257-2231 122 FACTS Center FACTS@UKCC 257-2275 100 Graphics Consultation Bob Williamson ROBERTT@UKCC 257-2227 207 Information Center Judy Kisil UKA041@UKCC 257-2241 222 Instructional Software Wayne Beech WAYNE@UKCC 257-2238 117 Local Area Networks Gary Porter PORTER@UKLANS 257-5267 Machine Room OPONDUTY@UKCC 257-2222 59 Management Information Systems Forrest Hahn UKA006@UKCC 257-2260 219 Memos and Manuals Consulting Room 257-2249 107 Micro Lab 257-6100 Network/Telecommunications UKT101@UKCC 257-2229 New Accounts Janet Hyatt HYATT@UKCC 257-2212 130 Larry Johnson JOHNSON@UKCC 257-2217 130 Numerical Analysis Consulting Anne Leigh ANNE@UKCC 257-2205 109B Optical Scanner - NCS Chris Corman CHRIS@UKCC 257-2243 109 Bob Crovo CROVO@UKCC 257-2258 109 Passwords Janet Hyatt HYATT@UKCC 257-2212 130 Larry Johnson JOHNSON@UKCC 257-2217 130 Prime Information Steve Stanley STEVE@UKPR 257-2237 207 Program Documentation/Libraries Consulting Room 257-2249 107 Publications Office Marguerite Floyd EDITOR@UKCC 257-2219 205 Refunds Consulting Room 257-2249 107 SAS and SPSS Consulting Lorinda Wang UKC333@UKCC 257-2204 109B Emmanuel Okorley OKORLEY@UKCC 257-3238 109 Security & Disaster Recovery Jack L. Coffman UKA051@UKCC 257-2273 218 Tapes to Borrow, Tape Storage Data Center 257-2222 61 Tours of UKCC 257-2900 User Account Services Janet Hyatt HYATT@UKCC 257-2212 130 Larry Johnson JOHNSON@UKCC 257-2217 130 Vectorization Consulting Anne Leigh ANNE@UKCC 257-2205 109B ************************************************************************* UNIVERSITY COMPUTING ADVISORY COMMITTEE RESEARCH COMPUTING SUBCOMMITTEE Kumble R. Subbaswamy, Chair, 1994 Gregory W. Brock, 1992 Graeme Fairweather, 1993 Robert A. Lodder, 1993 Judith G. Shelling, 1993 Carolyn Brock, 1994 James M. McDonough, 1994 ex officio Delwood Collins John W. Connolly Doyle Friskney Douglas E. Hurley Robert S. Tannenbaum David S. Watt Student (1) INSTRUCTIONAL COMPUTING SUBCOMMITTEE Merrill W. Packer, Chair, 1994 Joel M. Lee, 1992 David J. Shippy, 1992 Anthony Q. Baxter, 1993 Robert L. Fehr, 1993 John E. Christopher, 1994 Kevin S. Kiernan, 1994 ex officio Doyle Friskney Douglas E. Hurley Louis J. Swift Robert S. Tannenbaum VC Academic Affairs, MC VC Academic Affairs CCS Undergraduate Student (1) ADMINISTRATIVE COMPUTING SUBCOMMITTEE Jack B. Jordan, Chair, 1994 David Carter, 1992 Sue Fosson, 1992 Ken Clevidence, 1993 Karen T. Combs, 1993 Randall W. Dahl, 1993 Joan McCauley, 1993 Dale R. Austin, 1994 Daniel L. Fulks, 1994 Nancy Ray, 1994 Walter F. Skiba, 1994 ex officio Doyle Friskney Jon Hesseldenz Roseann Hogan Douglas E. Hurley MC - vacant CCS - vacant *********************************************************************