Virii

N1YRK n1yrk at SINISTER.COM
Mon Dec 20 19:34:02 EST 1999


First, I am a Computer Security Consultant by trade, so I have a wee bit
of credibility on the subject.

With BubbleBoy Virus (really a worm), it is useless to get the address of
who is foging mail, etc. as these systems are almost certainly victims of
the Worm. If they are not, they can always claim that they are and you
have no evidence to the contrary. The BubbleBoy is so widespread that ISPs
are simply ignoring complaints about infected users, as otherwise they
would have to hire more staff to deal with the volume of complaints.

To defeat this worm and the expected large number of copycats that will
follow it, there are several things that users can do:

1) Switch to using an operating system that has a better security model.
Users can be 'compartmentalized' in these operating systems to some
degree. Windows NT has this concept, but its execution is poor enough to
leave one with a false sense of security. Unix-type systems are a better
bet. I use Linux personally. If you need to run windows programs, you can
use the vmware program to run them on Linux (or other operating systems).
The compartmentalization is not a cure-all, but it will limit the damage a
virus/worm/unauthorized user can do.

Most of you probably won't switch from MicroSoft. But you can still:

2) Change user beavior: don't run random programs that someone appears to
send you. If someone sends you a program via email, write back and ask
WHAT it is and WHY they sent it to you. Unless your message is intercepted
by an Artifical Intelligence program in the infected system (no joke,
this has been predicted), and the worm is able to fake being a real person
who sent it to you and tell you its okay, this should detect bubble boy &
co.'s tricks. Of course, a person who is consciously trying to infect your
system can lie to you.

3) Yes, of course, keep your anti-virus software up to date. However,
realize that antivirus software can give both false negatives and false
positives. The Anti-Virus vendors will not be forthcoming about the
weaknesses in their products.

President Clinton asked the computer hackers of the world to give us a
respite to deal with Y2K problems. The fact that he thought that it was
neccessary to ask this is frightening. Who knows how many of these
misdirected deviants will listen to him, and how many will just want to
show us exactly how clever they are on new years.

73,
N1YRK

Sponsored by the City of Tempe 

Listserver Submissions:  heath at listserv.tempe.gov
Listserver Subscription: listserv at listserv.tempe.gov - "subscribe heath 'name' 'call'"
Listserver Unsubscribe: listserv at listserv.tempe.gov - -"signoff heath"




More information about the Heath mailing list