COMPUTER SECURITY                            -----------------                      Notes of the presentation to                  The Institution of Production Engineers                            March 21, 1990 by                     E.A.Bedwell, E.D.P. Specialist                     ORTECH International (NRC/IRAP)                 2395 Speakman Dr., Mississauga L5K 1B3                                       (416) 822-4111, Ext. 261The writer wishes to thank the Institution of Production Engineers andit's President for the invitation to make this presentation, and toexpress sincere appreciation to David Stang, Ph.D., Director of Research,National Computer Security Association, for his contribution both to thispaper and to computer security in general.  And I would be very remiss ifI neglected to mention the professional secretarial assistance provided byJane  Templeman, who makes our whole team tick like the NRC official timeclock - the one that gives the CBC time signal.This document is, hopefully, written softly:  after all, it might beeasier to digest if I have to eat my words.  I do not profess to be "theexpert" in the field of computer security; an expert is someone who knowsmore and more about less and less until s/he knows absolutely everythingabout nothing.  I hope never to stop learning, which means (thankfully)I'll never be an expert.               INDEX                                             PAGE               -----                                             ----          1.   Definition/Scope of "COMPUTER SECURITY"            2          2.   Why Should You Be Concerned?                       2          3.   Types of Security Breaches                         3          4.   Reasons for Exposure                               7          5.   General Security Rules (all computer systems)      8          6.   Viruses:                                           9                         6.1  History                             9                         6.2  Effect                             10                         6.3  Why do people do it?               10                         6.4  Symptoms                           10                         6.5  Concerns                           11                         6.6  Known Virus Software (1)           11                         6.7  Quick Guide to Virus Names (1)     12                         6.8  Table of Virus Effects             16                         6.9  Virus Detector/Antidote software   19                         6.10  Trojan Horses                     20          7.   PC Rules of Thumb                                 22          8.   Easy Tricks for PC Security                       23          9.   So You're Infected (Cure)                         24          10.  Summary:  What Can You Do?                        25          11.  Security Policy:  Points for Consideration        26          12.  To run SCAN (included on this diskette)           29(1)  David Stang, Ph.D, "Network Security in the Federal Government,",     January, 1990, p.168-169 (updated by E.A.Bedwell, March, 1990)                                    - 2 -Tonight's topic is "Computer Security," a subject near and dear to myheart after catching fraud a few times, and cracking system security afew times.  The only unfortunate part of this evening is that I haveenough material to cover an intensive 2 or 3 day seminar and I only havesomething over an hour, so in addition to extensive notes from thispresentation, I've put an article on viruses, and a PC virus detectorprogram on diskette for you.1.   SCOPE OF COMPUTER SECURITYComputer security relates to any potential loss of information or yourability to operate, regardless of the source of the problem.  Of course,all the publicity about computer security is going to the virussituation.  I don't want to dissuade anyone from their concerns aboutviruses, because it's definitely a growing problem, and if you get hit,you'll be sorry you ever laid eyes on a computer.  But, current estimatesindicate that viruses represent only 3% of all the computer problems nowoccurring.  Of course, if you're one of the 3%, like CNIB or Barclay'sBank Canada were last fall, you'll feel like you're the only one onearth.  The difference between viruses and other computer security issuesis apparently one of control:  I hope to convince you that you have asmuch control over viruses and as little control over the other 97% ofproblems as to make them equal threats to the safety of your computer.I'm going to get to viruses later, their prevention, detection and cure,but I'd like first like to cover the other major problems that affectcomputer security - the other 97% - and I'd like to start with reasonswhy you should be concerned about security.2.   WHY SHOULD YOU BE CONCERNED?Your data is a valuable asset, just like premises, equipment, rawmaterials and inventory.  Because so much of modern business depends oncomputers - financial systems, engineering design, medical diagnosis,production and safety control - the destructive potential is greaterevery year.  There has been more than one company that's suffered greatlosses, and even gone under because of the loss of things like theiraccounts receivable records:  no one is going to pay you if you don'tsend them a bill, and if they get word of your inability to invoice them,their darned unlikely to volunteer payment - so you're in a financialmess.  The same goes for your design information, production data, theconsequences if safety control systems malfunction, or even the simpleloss of your customer list.Another reason why you should be concerned is, too often, people don'tthink about computer security until it's too late.  There's a saying inmy industry that, "He who laughs last probably made a backup."  Anothersaying is, "Experience is something you don't get until just after youneeded it the most."  Well, if it means the life of your company, or theloss of potentially millions of dollars, or even just the information onyour home computer, it might be wise to get at least some basic knowledgebefore the disaster strikes.                                  - 3 -3.   TYPES OF SECURITY BREACHESNow that the 'why' is out of the way, let's break down the 97% ofproblems.  These are not in a specific order, but just as they came tome.  Nor have I attempted to attach percentages to each type of risk,because very few computer crimes are actually reported, so any figuresthat anyone could estimate would not be realistic:FRAUD/THEFTBy far the biggest problem is fraud or theft.  Some examples of this are:     CHAOS - 1987 - Hamburg  ->  NASA data bank info sold to USSR     Foreign exchange              }    famous because of big $     Electronic Funds Transfer     }    amounts, and because of the     Insider Trading               }    publicity they've received     Most common:  Cookie jar technique - e.g., interest, income tax                   (aka 'Salami' technique - take a little and no one                   will notice)Specific examples I've caught were in Payroll (no crash on < or =),Accounts Payable (dummy companies), Purchasing (failed reasonablenesstest), and Accounts Receivable (failed balance routine).  These were allthefts of money.Another example of theft which is very interesting is the 28-year-oldCanadian who was arrested at UNISYS in Pittsburgh on Dec. 13/89 - what heis alleged to have stolen was NCR's trade secrets - to the tune ofUS$68M, which comes under a different Canadian law from monetary theft.MALICIOUS DAMAGE / VANDALISMThe next major type of computer security breach is the disgruntledemployee syndrome.  Their favourite is the logic bomb or time bomb:  on acertain date or condition after they leave the company, something's goingto happen, such as at the health centre in LA where all prescriptionssuddenly multiplied by 2.  That's really serious, even compared to thelogic bomb that superzaps all your files off the face of the earth,because someone could die.  At least with a superzap, you can recover ifyou've been backing up and have a disaster recovery plan in effect.  Purephysical vandalism occurs more often at educational institutions, but isstill a serious threat.  I wouldn't let me near your machine if I wasangry with you - my vandalism would be difficult to detect (and expensiveto repair).  A simple application of a magnetized screwdriver ......LACK OF SECURITY PLANNING IN SYSTEM DESIGN STAGEOne of the biggest logic bombs that's going to occur is on January 1/2000.Do you know how many computer systems use a 2 digit number for the year? Do you know how much work it's going to be to adapt systems to recognize00 as being greater than 99?  My grandmother was born in 1886, and mostsystems show her birth year as 99.  If she lives to the year 1999, Iwonder if they'll start sending her the baby bonus.  This time bomb is notmalicious damage, it's pure lack of planning at the system design stage.                                   - 4 -(Lack of Security Planning - continued)Things like balance checks and reasonableness tests are not built into thesystem from the beginning, and it's not easy to put them in later.  Usersmust participate at the system design stage, because only they know what'sreasonable and what can be balanced.  Don't expect a computer technicianto know everything there is to know about your job.DISTORTED SENSE OF HUMOURThen there's the practical joker - the one who thinks it's funny to breakinto the system to see what he can change, or create some dumb message toappear on your screen.  That's what happened at IBM when the infamousChristmas tree appeared 2 years ago (1987).  The joke was three-fold  -first it analyzed your electronic mail distribution lists and reproduceditself to send to everyone you normally send messages to - this cloggedthe system up with people reading more messages than normal.  The secondpart was a little more technical - everyone who read the message caused aseparate load of the offending program to take up space in memory, unlikemost systems where two or more people who are doing the same thing aresharing one load of the software.  This clogged memory up so that nothingelse could run.  There was one more part to this:  there were delay timersbuilt into the program so it deliberately ran very slowly.  The result wasthat the largest computer network in the world was shut down for 4 hours. Someone must have had a great need for a power trip.MISTAKENext, there's fumble fingers:  you know, the one who keys the formula inas 600 grams instead of 60 grams, or the estimated production time of 2hours instead of 2 days.  Or the one who almost took me into court whenhe blamed "the computer" for a mistake.  Without going into details aboutthat incident, I can say that going through the grilling by severallawyers in a preliminary investigation was not the high point of mycareer.  What saved the situation (for me and the organization) was audittrailing:  every time a transaction was entered, the system recorded theterminal i.d., the user i.d., the date and the time.  It also saved a copyof the record as it existed prior to the transaction taking place.  A morecommon mistake, though, is to unlatch a diskette door before the lightgoes out.  Few people realize that the FAT (file attributes table) is thelast thing written on a disk, and you can corrupt the FAT by removing thedisk too early."EVERYONE DOES IT" SYNDROMEThen there's everyone's favourite:  copying software.  Believe it or not,in Canada, that falls under the Copyright law, not under theft, but ithas been successfully prosecuted.  Even if you reverse engineer it andmake some minor changes, it will come under the "look and feel" test ofthe Copyright law - if it looks and feels the same as the original, youcan be prosecuted.  Copying software is illegal, and your company as theregistered owner could be held liable if it is detected.                                  - 5 -ILLEGAL ACCESSMany major computer crimes are perpetrated by illegal access:  the 14-year old who broke into NASA from his basement computer room is just oneexample.  There is password software on all larger machines, and it's notdifficult to put it on PCs.  On the larger machines, one of the majorproblems is not changing the standard passwords that are set when themachine is delivered:  the standard user-level password may be USER, thestandard operator password may be OPERATOR, and the standard field repairperson's password may be REPAIR, and so on.  Guess how I've crackedsecurity a couple of times.  In a 1988 article by Dr. Cliff Stoll in"Computers and Security,", he reported that in 10 months of systematictesting on computers attached to the US Defense Data Network (Milnet),access was gained in 13% of the attempts simply by guessing at passwords!There should be some rules applied to passwords:  not less than 7 or 8characters,  must be changed at least every 60 days,  don't use commonthings like names (another way I've broken security), don't share itunder any circumstances and, for heaven's sake, don't post it on thefront of your machine or leave it where someone can find it.  It's yourpersonal PIN - just like the money machine - and the information you'redealing with is worth money.  Some of the most difficult passwords tobreak (take it from me) are "two words reversed" (e.g., boardwall,hornshoe, cuptea), or foreign language words (e.g., coupdegrace,millegrazie, caliente).  Nonsense is good, too:  geebleurql is nice. If you're installing password security on a PC, consider whether youshould have it so tight that there is no recourse to the DOS level or noability to boot from the A: drive.  You'd need really good passwordsoftware (or a good technician on staff) if you have both of thesefacilities - otherwise you can lock yourself out - but it's my preference(especially for the guy who's wiped his root directory twice).PHYSICAL SECURITYFinally, another area that affects computer security or your ability tocarry on computer operations, and one that is often overlooked, is simplephysical security:  keys, thermal shock, vibration, dirt, water, fire,visibility of information, steady power supply, discharge of staticelectricity, magnetic fields, are all relevant to security.  We have oneman in our network who should have (a) cabling bolted to his computer andthe floor, (b) a key to his unit, and (c) dust protectors (as well aspassword access only without recourse to the DOS level).  When it comes to thermal shock, if you work in an area where the heat isreduced on winter weekends, I strongly recommend you leave your unitrunning over the weekend - just lock the keyboard.  If the airconditioning is shut down, turn your unit off, and don't turn it on untilthe temperature is  23C or less.  And please don't leave your machinesitting in the sun, or in front of an open window to attract dust.  Theinternal temperature raises within 20 mins. or so to >30C, and the effectsof thermal shock are such that it can, first, rock memory chips out oftheir sockets, and, worse, misalign the read heads on your disk drive sothat nothing can be read.                                  - 6 -(Physical Security - continued)Vibration, too, is a source of problems, especially for drives.  The readheads actually float over the surface of drives, not on them the way arecord player needle does, and the space tolerance between is measured inAngstroms (metric version of microinches).  Vibration can cause the headto hit the drive, and you can say goodbye to whatever was written there.If you're in a particularly sensitive field, and your information is whatmight be called top secret to your company, you might also want to lookat two protection devices:  one is encryption, and the other is Tempesthardware or shielding.  Encryption involves translating your data usingalgorithms to something unreadable, and de-coding it when you need it.  Ituses a "key" to choose the algorithm - dont' lose the key!  It comes in afew forms:  software controlled encryption, hardware based encryption, ora combination of the two.  Most encryptors work with standard algorithms,but defense departments and other high-security installations preferrandom algorithms.    Tempest hardware, or shielding, protects againstsniffing of signals. ( Signal emanation surveillance is called"sniffing.")  I don't have a computer here to demonstrate this, but ifyou take an old battery-operated transistor radio and set the dial to thebottom of the AM band around 520, try passing it within a foot of yourcomputer.  Your ear might not pick up the individual signals, but I assureyou there's equipment that does.  That's why the US Army was blasting rockmusic around the Vatican Embassy when Noriega was there - to mask signals.More important to the average user, though, is avoidance of electro-magnetic fields (such as ringing phones near a disk or disk drive), andhaving an automatic disk head 'parker' that moves the heads to a safe zoneevery few seconds.  That way, something like a brief power failure is lesslikely to cause a "head crash" on the disk.Simple visibility of information is a risk.  Recently I went to a bankwith a court order in hand to give me access to an account.  The clerksimply turned the terminal toward me and, if I'd wanted to bother, I couldhave had the account numbers of two other people with identical names. There is screen saving software that will blank your screen after aninactivity duration you choose, and personnel should be made consciousthat unauthorized viewing of information is a security risk.  And watchwhat your staff throw out on paper, too.When it comes to fire and water, there are two basic rules that everyonecan follow:  first, don't smoke around the PC, and second, don't feed thePC coffee and donuts.  You might be able to save a keyboard or some partswith a bath in distilled water, possibly followed by drying with a warmhair dryer, but there's no guarantee.  I prefer pure isopropyl alcohol -without the hairdryer so I don't get fried in the process.  Don't blast acomputer with a fire extinguisher if you can avoid it.  If you do have afire or a flood, though, you'd better have a tested disaster recoveryplan, and your backups stored off-site.All of these issues are reasonably within your control:  fraud, theft,disgruntled employees, practical jokers, fumble fingers, software copyingand physical security, at least as much as the infamous viruses that arearound, but let's take a look at why you're at risk.                                  - 7 -4.   REASONS FOR EXPOSUREConcentration of data in one placeInstantaneous adjustmentAlteration without a traceLack of visible recordsComplexity of the systemNetworkingTechnical persons can befuddleGeneral ignorance by non-techie and managementDetection problemsLack of trainingSecurity checks in programs not specifiedSystems not documentedLimited staff resource for programming/managementNo separation of dutiesPossibility of enormous losses remaining undetectedReluctance to report -   Embarrassment                         Lack of sufficient evidence to prosecute                         Cost to prosecute outweighs recovery                         Company policy ("Press would have a field day")                                  - 8 -5.   GENERAL SECURITY RULES (All Systems, big and small)Disaster Recovery }      Backup    Backup    Backup     Plan         }      Restore (test it to make sure it works)Store your backup off-site (not in your car!)Physical security Password for access control (don't stick your password on      the front of your machine!)Access to menu only - not to system control levelReasonableness testsBalance checks (rounding: up, down, (out?); cross-calculationsAudit trails - all records (terminal i.d., user i.d., date and      time stamping, history record retention)Fall-through coding (if it doesn't meet a condition, does it go to limbo)Payroll/Accounts payable:  don't pay the same # twiceFault tolerance level supported   (user friendly/hostile -     balance between fault tolerance & productivity)Call back or no answer on dial-up systemsUPS (Uninterrupted Power Supply, or allowance for graceful     degradation) - or at least an automatic head parkerLogical view rights  (your user 'privileges' allows access only to the     data you need to see, e.g., accounting clerks don't need to see     production formulae)Multi-user environment:  protection against deadly embraceAutomatic logoff on inactivity timer / Screen saverPolicy statement re purchasing/use/theft/illegal      software, etc.Encryption (?) - don't lose the key!Shielding ("Tempest" hardware for secure systems)Educate users                                  - 9 -6.   VIRUSESAs in medicine, a virus needs an 'organism' to which it may attach itself,and a virus is 'contagious'.  In the case of computers, a virus is usually a destructive piece of codewhich attaches to a working program, such as your word processor,spreadsheet or CAD/CAM software.  Viruses are usually written to detectany load of a computer file that has an extension of .EXE, .COM, .OVL,.BIN - such extensions representing executable programs.  Often, thevirus loads itself into memory, then loads the program you just called, sothe virus is sitting at the front.  Then when you exit the program, thevirus code calls for the re-writing of the program back onto the disk -with the virus still sitting at the front.  Other viruses simply gostraight into your boot sector, so they get loaded every time you turn onyour machine.  Some do both.  However they 'hide', and whatever they attach to, they got to your machineon an infected diskette.  If you are infected and then copy your softwareto use on another machine, guess what happens?  Right!  That's where the'contagious' element comes in.In 1989, more viruses were discovered than in all previous years.  Therewere over 110 at the end of the year, and 7 were discovered in Decemberalone.  Sources have been from as far away as Pakistan and Bulgaria.Only .004% have reported infections, but most are not reported.  Considerthis:  if only 1% were infected, that would be 1/2 million units in theU.S. alone.  At a cost ranging from $300 to $3,000 per unit to recover,the problem starts to impact the economy as well as the productivity ofstaff at your organization.  It cost one Texas company US$10M to shutdown their 3,000-unit network for 4 days to find 35 infected units.One of the major problems with viruses is that 90% of the users whorecover are re-infected within 30 days.  One person at my organizationwas re-infected 7 times in 2 months!   Most reinfections occur for one oftwo reasons (not necessarily in this order):  your back-up was infected,or it was a virus that hid in the boot sector on track 0, and track 0 isnot re-written by the standard "FORMAT" command (only a low-level formatwill get rid of a track 0 virus).  Be careful of some new software aswell:  there has been more than one instance of shrink-wrapped softwarebeing infected (software companies have disgruntled employees, too, itseems).6.1  HISTORY1959 - Scientific American article about 'worms'1963 - caught my first two frauds (Payroll & Accounts Payable)1970 - Palo Alto lab - worm which directed activities1982 - Anonymous Apple II worm1984 - Scientific American CoreWare Series:  held contest to       find the most clever/difficult to detect 'bug'1987 - Apparent change from intellectual exercise to        dangerous activity.                                 - 10 -6.2  EFFECTMassive destruction:     Reformatting                         Programs erased                         Data file(s) modified/erasedPartial/Selective destruction:  Modification of data/disk space                         File allocation tables altered                         Bad sectors created                         If match with event, alter or deleteRandom havoc:            Altering keystroke values                         Directories wiped out                         Disk assignments modified                         Data written to wrong diskAnnoyance:               Message                         Execution of RAM resident programs                              suppressed                         System suspension6.3  WHY DO PEOPLE DO IT?Financial gainPublicityIntellectual exerciseTerrorism/Fanaticism/VandalismRevengeJust plain wierd6.4  SYMPTOMSChange in file size (Usually on .COM, .EXE     .OVL, .BIN, .SYS or .BAT files)Change in update time or dateCommon update time or dateDecrease in available disk or memory spaceUnexpected disk accessPrinting and access problemsUnexpected system crashes                                 - 11 -6.5  CONCERNSVariety:  Virus vs Bug vs Worm vs Trojan Horse vs Superzapper          vs Trap Doors vs Piggybacking vs Impersonation          vs Wiretapping vs EmulationStrains / Complexity / Growing SophisticationBulletin board use and free softwareLargest threats from taking computer work homeKids using same machine at homeNetworked mainframe systemsTravel/airline computers (AA wiped out early 1989)Work message systems (E-Mail)POS terminalsBanking / Credit Cards / Money MachinesIncome Tax recordsHealth records     **************************************************************     *    Global disaster may be on the way                       *     *    No specific laws to deal with malicious programming     *     *    No single national centre to gather data on infections  *     **************************************************************6.6  KNOWN VIRUS SOFTWARE12 viruses (and their strains) account for 90% of all PC infections:           _          |_|  Pakistani Brain          |_|  Jerusalem          |_|  Alameda          |_|  Cascade (1701/1704)          |_|  Ping Pong          |_|  Stoned          |_|  Lehigh          |_|  Den Zuk          |_|  Datacrime (1280/1168)          |_|  Fu Manchu          |_|  Vienna (DOS 62)          |_|  April First                                    - 12 -6.7  QUICK GUIDE TO VIRUS NAMES (Cross referenced)Name           Synonym-1      Synonym-2      Synonym-3      Synonym-41168           Datacrime-B1184           Datacrime II1280           Datacrime      Columbus Day   October 12th   Friday 13th1536           Zero Bug1701/1704      Cascade      Falling Letters  Falling Tears Autumn Leaves1704           Cascade1704           Cascade-B1704           Cascade-C1704           Cascade-D1704 Format    1704           Blackjack      Falling Letters1704           Blackjack      1704 Format    Falling Letters1808           Jerusalem      Black Box/Hole Israeli   PLO  1808/18131813           Jerusalem      Black Box/Hole Israeli   PLO  1808/18132086           Fu Manchu29303066           Traceback3551           Syslock3555123nhalf405500 Virus      Golden Gate512 Virus      Friday 13th    COM virus648            Vienna         DOS 62         DOS 68         AustrianAIDS           VGA2CGA        TauntAIDS Info DiskAlabamaAlameda Virus  Yale           Merritt        Peking         SeoulAlameda-B      Sacramento     Yale CAlameda-CAmstradAntiApple II GS    LodeRunnerApril 1st      SURIV01        SURIV02April 1st-BAsharAustrian       648            Vienna         DOS 62         DOS 68Australian     Stoned         New Zealand    MarijuanaAutumn Leaves  Cascade        1701/1704     Falling Letters Falling TearsBasit virus    Brain          Pakistani Brain  LehoreBlack Box      Jerusalem      Israeli        Black Hole     1808/1803 PLOBlack Hole     Jerusalem      Black Box      Israeli        1808/1813 PLOBlack Hole     RussianBlackjack      1704           1704 Format    Falling LettersBouncing Ball  Vera Cruz      Ping Pong      Bouncing Dot   Italian virusBouncing Dot   Italian virus  Bouncing Ball  Vera Cruz      Ping PongBrain-B        Brain-HD       Harddisk Brain Houston virusBrain-CBrain-HD       Harddisk Brain Houston virus  Brain-B                                 - 13 -Brain          Pakistani Brain  Basit virus  LehoreCascade        1701/1704    Falling Letters  Falling Tears  Autumn LeavesCascade(-B-C-D)     1704Century        Oregon         Jan.1, 2000Century-BChromaCloneClone-BColumbus Day   1280/Datacrime October 12th   Friday 13thCOM virus      512 virus      Friday 13thCOM-B          Friday 13th-BCOM-C          Friday 13th-CCookie virus   Sesame StreetDark AvengerDatacrime      1280Datacrime-B    1168Datacrime-II   1184dBASE virusDen Zuk        Search         VenezuelanDisk Killer    OgreDo-Nothing (don't believe it!)DOS-62         Vienna         DOS-68         648       AustrianDOS-68         Vienna         DOS-62         648       AustrianDOS-62         UNESCODOS-62-BFalling Tears  Cascade        1701/1704     Falling Letters Autumn LeavesFalling Letters 1704          Blackjack      1704 FormatFalling Letters Cascade       1701/1704      Falling Tears  Autumn LeavesFalling Letters-Boot     Ping Pong BFat 12         Swap           Israeli BootFluShot4  (a corrupted version of a virus detector - use FluShot4+)Friday 13th    1280/Datacrime Columbus Day   October 12th   COMFriday 13th-B       COM-B          512 Friday 13th-C       COM-CFumble         TypeFu Manchu      2086 Ghost-BootGhost-COMGolden Gate    500 VirusGolden Gate -BGolden Gate-C  MazatlanGolden Gate-DHarddisk Brain Brain-B        Brain-HD       Houston virusHolland Girl   SylviaHouston virus  Brain-B        Brain-HD       Harddisk BrainIcelandic Disk-Crunching-virus               Saratoga 2Icelandic 1    Saratoga 1Icelandic 2    System virusINIT29IRQ v. 41Israeli        Friday13       Jerusalem      Black Box/Hole 1808/1813 PLOIsraeli Boot   Swap           Fat 12                                 - 14 -Italian virus  Bouncing Ball  Vera Cruz      Ping Pong      Bouncing DotJan.1, 2000    Century        OregonJerusalem      Israeli        Black Box/Hole 1808/1813  PLO  Friday 13thJerusalem-B    New JerusalemJerusalem-CJerusalem-DJerusalem-EJorkKeyLehighLehigh-2Lehore         Brain          Pakistani Brain BasitLisbonLodeRunner     Apple II GSMacMag         Peace virusMadonna  (while the nice music plays, your hard disk is being destroyed)MailsonMarijuana      New Zealand    StonedMazatlan       Golden Gate-CMerritt        Alameda virus  Yale           Peking         SeoulMix1Music virus    Oropax virusNew Jerusalem  Jerusalem-CNew Zealand    Stoned         Marijuana      AustralianNew Zealand-B  Stoned-BNew Zealand-C  Stoned-CnVIROctober 12th   1280/Datacrime Columbus Day   Friday 13thOhioOgre           Disk KillerOregon         CenturyOropax virus   Music virusPakistani Brain  Lehore       Basit          BrainPalette        Zero BugPaydayPeace Virus    MacMagPearsonPeking         Alameda virus  Yale           Merritt        SeoulPentagonPing Pong      Bouncing Dot   Italian virus  Bouncing Ball  Vera CruzPing Pong-B   Falling Letters-BootPLO            Jerusalem      Friday 13th    1808/1813      IsraeliRussian        Black HoleSacramento     Alameda-B      Yale CSaratoga 1     Icelandic 1Saratoga 2     Icelandic Disk-Crunching-virusScoresSearch         Den Zuk        VenezuelanSeoul          Alameda virus  Yale           Merritt        PekingSesame Street  Cookie virusSF virusShoe virus     UIUC virus     (see also Terse Shoe)                                 - 15 -Shoe virus-BStoned         New Zealand    Marijuana      AustralianStoned-B       New Zealand-BStoned-C       New Zealand-CSUMDOSSundaySRI   (destroys anti-viral programs before it damages your system)SURIV01        April 1stSURIV02        April 1stSURIV03Swap           Israeli Boot   Fat 12Sylvia         Holland GirlSYSSyslock        3551System virus   Icelandic 2Taunt          AIDS           VGA2CGATerse Shoe     (see also Shoe virus)TP04VIR        VacsinaTP25VIR        Yankee DoodleTP33VIR        Yankee DoodleTP34VIR        Yankee DoodleTP38VIR        Yankee DoodleTP42VIR        Yankee DoodleTP44VIR        Yankee DoodleTP46VIR        Yankee DoodleTraceback      3066Typo (boot)Typo (COM)     FumbleUIUC virus     Shoe virusUNESCO         DOS-62Venezuelan     Den Zuk        SearchVera Cruz      Ping Pong      Bouncing Dot   Italian Virus  Bouncing BallVacsina        TP04VIRVGA2CGA        AIDS           TauntVienna         DOS-62         DOS-68         648            AustrianVienna-BYale           Alameda virus  Merritt        Peking         SeoulYale C         Alameda-B      SacramentoYankee Doodle  TP25VIRYankee Doodle  TP33VIRYankee Doodle  TP34VIRYankee Doodle  TP38VIRYankee Doodle  TP42VIRYankee Doodle  TP44VIRYankee Doodle  TP46VIRZero Bug       1536                                 - 16 -6.8  TABLE OF VIRUS EFFECTS (by virus name)This information is a reformatted version of that which was madeavailable to the writer by the National Computer Security Association,Suite 309, 4401-A Connecticut Ave. NW, Washington, D.C., 20008.This list is not as complete as the list of names preceding.  Sinceviruses must be created and caught before they can be analyzed for thetype of information that follows, this list will never be as complete asthe list of names.  In some instances, you may have been infected with avariation of the name.  You might wish to check this list for allpossible variations of a name you've found on the list of synonyms.Explanation of codes used under "What it does", and analysis of frequencyof occurrence of each effect:     EFFECT                                  #  OCCURRENCES  %     ------                                  -  -----------  -1.   Virus uses self-encryption              13             122.   Virus remains resident                  83             743.   Infects COMMAND.COM                      8              74.   Infects .COM files                      62             555.   Infects .EXE files                      41             376.   Infects .OVL files                      15             137.   Infects floppy disk boot sector         36             328.   Infects hard disk boot sector           14             139.   Infects partition table                  1              110.  Corrupts or overwrites boot sector      31             2811.  Affects system run-time operation       53             4712.  Corrupts program or overlay files       57             5113.  Corrupts data files                      4              414.  Formats or erases all/part of the disk  17             1515.  Corrupts file linkage (FAT)              9              816.  Overwrites program                       4              417.  Mac virus (as opposed to PC virus)       2              2                 Increase in  DisinfectorVIRUS NAME       Prog'm size  that works     What it does----------       -----------  -----------    ------------1168/Datacrime B    1168      SCAN/D         1, 4, 12, 141184/Datacrime 2    1184                     1, 4, 5, 12, 14123nhalf            3907                     2, 5, 11, 131280/Datacrime      1280      SCAN/D         1, 4, 12, 141514/Datacrime II   1514      SCAN/D         1, 4, 5, 12, 141536/Zero Bug       1536      SCAN/D         2, 4, 11, 121701/Cascade        1701      M-1704         1, 2, 4, 11, 121704/Format         1704      M-1704         1, 2, 4, 11, 12, 141704/Cascade        1704      M-1704         1, 2, 4, 11, 121704/Cascade-B      1704      M-1704         1, 2, 4, 11, 121704/Cascade-C      1704                     1, 2, 4, 11, 121704/Cascade-D      1704                     1, 2, 4, 11, 122930                2930      SCAN/D         2, 4, 5, 12                                 - 17 -3066/Traceback      3066      M-3066         2, 4, 5, 123551/Syslock        3551      SCAN/D         1, 4, 5, 12, 133555                3555                     1, 3, 4405                           SCAN/D         4, 16AIDS                          SCAN/D         4, 16AIDS Info Disk         0      AIDSOUT        11Alabama             1560      SCAN/D         2, 5, 11, 12, 15Alameda-B                                    2, 7, 10Alameda-C                                    2, 7, 10Alameda/Yale                  MDISK          2, 7, 10Amstrad              847      SCAN/D         4, 12April 1st                                    2, 4, 11April 1st-B                                  2, 5, 11Ashar                         MDISK          2, 7, 10Black Hole          1808                     2, 4, 5, 6, 11, 12, 15Brain-B                                      2, 7, 8, 10Brain-C                                      2, 7, 8, 10Century                                      2, 4, 5, 6, 11, 12, 14, 15Century-B                                    2, 4, 5, 6, 11, 12, 14, 15Clone-B                                      2, 7, 10, 15Clone virus                                  2, 7, 8, 10dBASE               1864      SCAN/D         2, 4, 11, 12, 13DOS-62-B                                     3, 4, 11DOS-62-UNESCO        650                     3, 4, 11Dark Avenger        1800      M-DAV          2, 3, 4, 5, 6, 11, 12, 15Datacrime II-B      1917      SCAN/D         1, 3, 4, 5, 12, 14Disk Killer                   MDISK          2, 7, 8, 10, 11, 12, 13, 14Do-Nothing           608      SCAN/D         4, 12Fri 13th COM         512      SCAN/D         4, 12Fri 13th COM-B       512                     4, 12Fri 13th COM-C       512                     4, 12Fu Manchu           2086      SCAN/D         2, 4, 5, 6, 11, 12Ghost-Boot ver.               MDISK          2, 7, 8, 10, 11Ghost-COM ver.      2351      SCAN/D         4, 10, 12Golden Gate                                  2, 7, 10, 14Golden Gate-B                                2, 7, 10, 14Golden Gate-C                                2, 7, 10, 14Golden Gate-D                                2, 7, 10, 14IRQ v. 41                                    4, 5, 11Icelandic I          642      SCAN/D         2, 5, 11, 12Icelandic II         661      SCAN/D         2, 5, 11, 12Italian/Ping Pong             MDISK          2, 7, 10, 11Italian-B                     MDISK          2, 7, 8, 10, 11Jerusalem           1808      SCAN/D/A       2, 4, 5, 6, 11, 12Jerusalem-B         1808      M-JERUSLM      2, 4, 5, 6, 11, 12Jerusalem-C         1808                     2, 4, 5, 6, 11, 12Jerusalem-D         1808                     2, 4, 5, 6, 11, 12Jerusalem-E         1808                     2, 4, 5, 6, 11, 12, 15Jork                                         2, 7, 10Lehigh                        SCAN/D         2, 3, 12, 14, 16Lehigh-2                                     2, 3, 12, 14, 15, 16Lisbon               648      SCAN/D         4, 12                                 - 18 -MIX1                1618      SCAN/D         2, 5, 11, 12New Jerusalem       1808      M-JERUSLM      2, 4, 5, 6, 11, 12New Zealand                   MD             7New Zealand-B                                7, 8New Zealand-C                                7, 8nVIR                                         11, 17Ohio                          MDISK          2, 7, 10Oropax                                       2, 4Pakistani Brain               MDISK          2, 7, 10Palette/Zero Bug    1536                     2, 3, 4,Payday              1808      M-JERUSLM      2, 4, 5, 6, 12Pentagon                      MDISK          7, 10SF Virus                                     2, 7, 11, 14SRI                 1808                     2, 4, 5, 6, 11, 12SURIV01              897      SCAN/D         2, 4, 11, 12SURIV02             1488      SCAN/D         2, 5, 11, 12SURIV03                       SCAN/D         2, 4, 5, 6, 11, 12SYS                                          2, 7, 8, 11, 12SYS-B                                        2, 7, 8, 11, 12SYS-C                                        2, 7, 8, 11, 12Saratoga             632      SCAN/D         2, 5, 11, 12Saratoga-2                                   2, 5, 11, 12Scores                                       11, 17Search HD                                    2, 7, 8, 10, 11Search-B                                     2, 7, 10, 11Search/Den Zuk                MDISK          2, 7, 10, 11Shoe virus                                   2, 7, 8, 10Shoe virus-B                                 2, 7, 10Stoned/Marijuana              MDISK/P        2, 7, 9, 10, 11, 15SumDOS              1500                     4, 5, 14Sunday              1636      SCAN/D         2, 4, 5, 6, 11, 12Swap/Israeli Boot             MDISK          2, 7, 10Sylvia/Holland      1332      SCAN/D         2, 4, 12Terse Shoe virus                             2, 7, 10Typo (Boot)                   MDISK          2, 7, 8, 10, 11Typo/Fumble (COM)    867      SCAN/D         2, 4, 11, 12Vacsina/TP04VIR                              2, 4, 5Vienna-B             648      SCAN/D         2, 4, 5, 12Vienna/648           648      M-VIENNA       4, 12Yankee Doodle       2855      SCAN/D         2, 4, 5, 11, 12Yankee Doodle/TP25VIR                        2, 4, 5Yankee Doodle/TP33VIR                        2, 4, 5Yankee Doodle/TP34VIR                        2, 4, 5Yankee Doodle/TP38VIR                        2, 4, 5Yankee Doodle/TP42VIR                        2, 4, 5Yankee Doodle/TP44VIR                        2, 4, 5Yankee Doodle/TP46VIR                        2, 4, 5                                    - 19 -6.9  VIRUS DETECTOR AND ANTIDOTE SOFTWARE          *** None offer complete protection ***Some do NOT test for boot sector viruses, modification of the commandinterpreter, branching into the BIOS, etc., unconventional things thatnasty viruses are known to do.  This is not a comprehensive list, butyou'll have an idea of what's available, either commercially or throughpublic domain.  Look for a product that will detect as many of theeffects identified in the previous section as possible.  Warning:  somehighly publicized virus detectors only search for ONE (1) virus!  Othersare more sophisticated, and may even act as a disinfector as well as adetector.Old virus symptoms vs file changesAntidoteAntigenBombsqadCanaryCylene-4C-4Disk Defender * recommended (add-on board - write-protects hard disk)Disk watcherDr. Panda UtilitiesIBM - COMPare in DOSMace vaccineMagic BulletsSyringeSentry * recommended for systems booted regularlyVaccineViraidVirus-Pro * recommended for large corporate environmentsShareware:   Novirus             Flushot4+             Virusck             ViruscanPlus what's shown on preceding pages as a "Disinfector that works".  Ialso have a list of over 100 shareware products that do everything fromdetect and/or disinfect to write-protecting the hard drive and requiringpassword access .... but my fingers are getting tired from typing at thispoint, and there are more important things to cover - after all, ifyou're careful, you won't need a list of detectors/disinfectors.                                 - 20 -6.10  TROJAN HORSESWhile a "virus" is something hidden within another program that iswaiting to make your system really sick, and a "worm" may be somethingthat lives on its own and usually transmits through networked computers, a "Trojan Horse" is a little of both, so I've included it with this virussection if only to warn you of its existence.  It lives on its own as aprogram, and will bring you down like Helen of Troy's soldiers.  "Iwouldn't copy something like that," you say.  Well, like Helen's horse,it comes disguised.  It will purport to do something really neat, likecompress files (so you have more disk space available), sort yourdirectories (so you can find things more easily), or play chess oranother game with you.  In actuality, it's really just waiting to do thethings that viruses do - trash your files, scramble your boot sector, fryyour FAT, or erase your hard disk.  It doesn't usually do anything itpromises to do.The following are just a few examples of the known Trojan Horses, mostof which come from bulletin boards.  Please don't misunderstand me, mostBB operators are honest people who are trying to help the computerindustry as a whole, but they can't be held responsible for the peoplewho might dial into their BB and leave a disaster waiting until the nextcaller(s).SCRNSAVE.COM:  This is supposed to blank your screen after x seconds of               inactivity, thus preventing image burn-in or apparently               offering a sense of security;  say goodbye to your files               while it erases your harddisk.TSRMAP:        For the 'sophisticated' user who uses Terminate and Stay               Resident programs, it's sometimes handy to have a map of               where these programs are loaded in memory, and be able to               delete some if you're short of memory;  hopefully this               same 'sophisticated' user has a copy of track 0, because               his was just sent to heaven ..... or elsewhere.DOS-HELP:      Sounds great, doesn't it?  This TSR program is supposed to               give on-line help on DOS commands.  Your hard disk was               just formatted.ULTIMATE.EXE:  This is supposed to be a DOS shell (if you've used               Directory Scanner or some other software that allows you               to move around directories and load programs easily, or               even a menu system, then you know what a DOS shell is).                While the "Loading..." message shows on your screen, the               FAT (file allocation table) of your hard disk went to the               trash bin.BARDTALE.ZIP   This purports to be a commercial game from Electronic Arts               (BARDTALE I)  Someone reverse engineered this program, and               wrote in a routine to format your hard disk upon               invocation.                                 - 21 -COMPRESS.ARC   This is dated April 1 1987, is executed from a file named               RUN-ME.BAT, and is advertised as "shareware from Borland"               (Borland is a highly reputable company).  It will not               compress your files, but it will very competently destroy               your FAT table.DANCERS.BAS    You'll actually see some animated dancers in colour -               while your FAT is being tromped on.DEFENDER.ARC   Think you're going to get a copy of Atari's DEFENDER for               nothing, huh?  There's still no such thing as a free               lunch, and this one will be particularly expensive:  it               not only formats your hard disk, but it writes itself to               your ROM BIOS - the chip that holds the Basic Input Output               System for your machine.  Get your wallet out.SIDEWAYS.COM   The good "SIDEWAYS.EXE" is about 30Kb, while this version               is about 3Kb.  The really big difference, though, is what               happens to your hard drive - it's spun off into oblivion.These are only a few of the 70 or so Trojans I have listed at work, butI'm sure you've got the idea.  These programs (a) stand alone, (b) oftenclaim to do something useful, (c) may be hacked versions of goodsoftware, (d) may be named the same as good software, (e) may send youback to using a quill pen.                                 - 22 -7.   PC RULES OF THUMB  (Additional to Basic Rules of Thumb)Run virus check BEFORE backupBoot floppy systems from known, protected disks onlyNever work with masters - first make copies on a trusted machineStore data on floppy:     set path in autoexec.bat, but load from A: to      ensure data goes to floppySave your data periodically while workingUse write protect tabsUse write protect software on hard disk / backup track 0Never boot HD systems from floppies (unless known and     protected)New/repaired hard disk? - run a virus detectorUse protection package (practice safe hex)Avoid shareware / BB demos     if you use a BB, set path to A: beforehand,     download only to A:, poweroff immediately after,     then powerup and do a virus scan on the floppy;     always scan sharewareKnow the source of your softwareDon't use illegal copiesIf your data is truly confidential, don't depend on     DELETE - you must use, e.g., WipefileAutopark softwareHardcards                                 - 23 -6.   A FEW EASY TRICKS FOR PC SECURITY1.   Set Read only attributes on all files ending with .COM, .EXE, .SYS,     . OVL,  .BIN,  .BAT          e.g.:     ATTRIB +R *.SYS2.   Use an undocumented trick in DOS of naming your data files ending     with an ASCII blank or NUL character (ASCII 32 or 255): ***          e.g.:     COPY  A:OLDFILE.TXT  NEWFILECHR$(255).TXT              or    REN  A:MYFILE.DAT  MYFILECHR$(32).DAT     ***  Newer versions of DOS will give the ASCII blank or null by          holding the [Alt] key and striking the numeric keypad numbers;          e.g.  COPY  A:OLDFILE.TXT  NEWFILE[Alt]2553.   Prevent inadvertent formatting of the hard disk:          Rename FORMAT.EXE to (e.g.) DANGER.EXE          Write a 1-line batch file called FORMAT.BAT:               DANGER A: %1 %2 %3 %4 %5 %64.   Have a batch program as a shutdown routine, to run:          1. Virus Check          2. Copy Track 0          3. Back up your data files          4. Park the heads                                 - 24 -9.   SO YOU'RE INFECTEDTerminate all connections with other computersRecord your last activitiesDetermine the nature and extent of the damageNotify other usersContact the source of the carrier software_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Back up data files to new diskettesErase infected disk (using high or low level format -     low level is preferred to re-write track 0)Check master disks with detection program(s)Restore system filesRestore data filesRun detection program(s) againBe careful in future - think like a thief!                       ------------------                                 - 25 -10.  SUMMARY:  WHAT CAN YOU DO?There are many aspects to computer security, none of which are totallywithin your control, but all of which are reasonably within your control. One of the major methods of getting control is to establish anenforceable security policy AND a disaster recovery plan.  However, it'salmost impossible to establish a plan unless you first know what therisks are.WHEN YOU GO BACK TO YOUR OFFICETry putting some staff into two teams: "hackers" and "police" (or callthem Blue Jays and Cardinals if you find that offensive).  The role ofthe hackers is to try to dream up all the things they could get from ordo to the company (or to a department) by breaking computer security. The role of the police is to respond with defenses.    Then switch roles.List all the ideas, no matter how "far out" they seem, then use this forthe basis of risk analysis and disaster recovery planning.  The only ruleto this game is that no idea is initially rejected.Now that you have some idea of the value of your data and the risks it isunder, you can begin to work on a "Computer Security Policy" and a"Disaster Recovery Plan."  While many suggestions have been made on theprevious pages, recognize that not all risks/solutions apply to allorganizations:  you have to make some judgement calls based on yourassessment of the risk.  The judgement is based on how much loss you can comfortably sustain, yet remain in business.  The level of securityprotection you require may not always be the same.  It may vary with thevalue of the hardware, software or data under consideration;  thesecurity level, therefore, might be stated as "minimal," "discretionary,""mandatory," or "verified."  The point is, as long as it's beenconsidered, you're closer to having a good security system than if youhave no policy or a policy that's based on guesswork.You may find, after working on this for a while, that you may wish todevelop a separate policy for the selection or development, change,testing and implementation of software.  This might be stated as simplyas, "No system shall be acquired, developed, changed or implementedwithout the prior approval of the Systems Steering Group."  This mightalso go on to cover documentation; e.g., "Documentation must be completefor all systems prior to implementation, and must include sections onfiles used, access controls, security considerations and controls(etc.)."Some further points for consideration are included in the next section.                                 - 26 -11.  COMPUTER SECURITY POLICY:  POINTS FOR CONSIDERATIONAny policy on computer security must be based on the premise thatinformation is a valuable asset of the company, just like its premises,equipment, raw materials, inventory and so on.  More than one company hasgone under because they lost their accounts receivable data in a fire,flood, or from a simple hard disk failure.  The value of your data shouldbe subjected to a risk analysis, and all identifiable risks assessed.  Itis not until you identify the risks that you can plan for a disasterrecovery.Your policy might include some of the many things addressed previously inthis paper:  e.g., storing data only on removable media (diskettes ortapes), limiting access to bulletin boards, establishing passwordcontrols, rules on physical security, use of immunization software, etc. There are, however, some other specific points not previously discussed:RESPONSIBILITYRecognize that security is a management issue, not a technologicalissue, and that setting policy is the responsibility of seniormanagement.  They must be 'on board' and understand why a security policyis needed to make it sensible and effective, and they must give overtsupport.Someone should be in charge of computer and network security.  Withoutsomeone in charge, important security tasks may not get done.  The dutiesof the security manager would include responsibility for limiting accessto the network, securing the information that passes over it, overseeingpassword systems, and installing security packages that protect computersfrom illegal tampering once a user is on the network.  Other duties mightinclude analyzing the network for security weaknesses and helping usersunderstand the security strengths and weaknesses of the network.The amount of time required of the system security specialist may dependon the size of the organization, and on the number and complexity of thesystems in use or planned.Having one person in charge is probably the ideal security arrangement.The security specialist can become aware of all of the issues affectingcomputer/network security, can schedule and establish priority foractions, and can ensure that the actions are taken.This position in the organization requires some authority and autonomy. For instance, security is compromised if the boss shares his/herpassword.  The  security specialist needs to be able to change the boss'spassword if this happens, and gently but firmly discuss the problemswhich could result. In many organizations, putting two or more people in charge of somethingdiffuses responsibility.  Each can think that some security concern wasthe responsibility of the other.  If two individuals are charged withnetwork security, be certain that they work well together, communicate                                 - 27 -well, and will each put in their fair share of the analysis and work thatis required for security.In some organizations, a "communications manager" is responsible forlimiting access to the network (with dialback modems and encryptiondevices), while the network manager maintains password systems andinstalls security software. If someone is in charge of network security and you don't know about it,then they haven't been very  obvious about it.  They need not be.  But ifit is evident to you that security is lacking, then perhaps the issue ofresponsibility should be examined (or re-examined).BACKUPSThose who are most zealous about backups are those who've been affectedin the past by a loss of data.  If backups are performed every day, yourcomputer or network is probably in good shape when the hard disk or fileserver goes to heaven.  You will want to verify that this is the case,since most organizations (and individuals) put this off... and off...until it's too late.Backing a system up once a week is not enough, unless the system israrely used.  If your last backup was a week ago, and your hard disk orthe hard disk in the file server crashes, all users of the network havelost one week's work.This cost is enormous.  If you have 10 users who have lost 30 hours ofwork each, if each user is paid $20/hour, and overhead is 100%, then youhave just lost 10 x 30 x 20 x 2 = $12,000.  If you assume that backuptakes one $20 hour with a tape drive, you could back the system up 600times for $12,000. That's nearly three years, if backups are done fivetimes a week.  Many hard disks will not run continuously for three years. Even if you're a 'stand alone' computer user, your time is valuable.  Youmight consider a policy that, if recovery covers a period of more than'x' days, it must be done on the employee's own time, and all deadlinesmust be met - tough, but it get's the point across!Irregular backups are a sign that backup is not taken as seriously as itshould be.  It is probably wisest to do the arithmetic, comparing thecosts of backup with the costs of losing work for multiple users.  Thecost comparison in the commentary on the second answer doesn't evenconsider the possibility of losing irreplaceable files, such as thosecontaining new accounts receivable entries or new prospects.Since file backup is a "private" activity, not knowing how often itoccurs  does not mean that it does not occur.  But if you have a securityconcern,  you should find out what the correct answer is.  After all, ifyou use the network, and it is not backed up frequently, it is your workthat is lost when the hard disk in the server crashes.                                 - 28 -BEWARE:  backing up is NOT enough!  You MUST periodically run yourrecovery procedure .... how else will you know it will work when you needit most?PURCHASINGThe policy should state the controls in place for purchase of bothhardware and software, and it should be consistent and centralized. Unless you've seen what some software can do to destroy security, or howdifficult it is to interconnect different equipment, this might seem todestroy some autonomous activities in your organization.  Autonomy bedarned, it's the company that's paying the bill.MAINTENANCE AGREEMENTSAll warranty registrations must be mailed to the manufacturer, andrecords kept of purchase dates, expiry dates and repairs made under thewarranty.  Keeping accurate records has substantiated the completereplacement of more than one machine.SOFTWARE LOADINGThe checking, copying and loading of software should be theresponsibility of one person or department.  The 'penalty' for loadingillegal/unauthorized software can range from a note in the personnel fileto dismissal, depending on the organization.  The opposite, copying theorganization's software for loading in another location, should also becovered in the policy, because the company (as the registered owner)could be party to a lawsuit without the ability to plead ignorance.EMPLOYMENT TERMINATIONIn several organizations, when a person submits their resignation, theiraccess to the computer system is immediately withdrawn.  This, of course,requires a close liaison with the personnel department in largeorganizations.  Many of these companies feel it's worth the salary costto have the person leave the premises immediately (escorted), and simplypay out their notice period.  If your company adopts such a policy, itshould be made very clear that it is not an indication of trust in theperson, but simply a means to reduce risk to the valuable resources ofhardware, software and data.  It must be administered consistently andequitably to avoid problems.    There are problems with such a policy,not the least of which could be someone who gives a very lengthy noticeperiod simply because they're aware of the policy - but you couldtransfer them to a clerical job for the interim (like the mail room) orto maintenance staff (washroom detail).- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                    - 29 -12.  TO RUN SCAN (Virus detection software included on this diskette)SCAN looks for 42 viruses in software files, but not in data files.  Iknow it works on Jerusalem-B because I used SCAN to detect that virus ona machine at work.  This is NOT the latest version of SCAN, but thenagain, you're not likely to have the latest viruses (I hope).If you want to print the documentation, type:  COPY A:SCAN.DOC PRNIf you want to run SCAN, just type:     A:SCAN [drive identifier]                                 e.g.,  A:SCAN C:An article from the Washington Post, January 14, 1990, on ComputerViruses was added to the diskette after this paper was written.          To read this article, key  TYPE A:ARTICLE|MORE                To print the article, key  COPY A:ARTICLE PRN- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -If you have found this presentation useful, either by attending or byreading or using the information on this diskette, then I am rewarded. If you found it useful, please feel free to copy this diskette or itscontents and share it with others - I would ask that you don't changeanything, though.  (It was virus free at the time I made the originaldiskette - but if you trust that statement, you might just have made yourfirst mistake.)  If you'd like to make suggestions that would improve the information onthis diskette, I would be very happy to hear from you.  I'd also like tohear from you if you wish to discuss security issues, get a virusinfection or hit by a Trojan Horse, or even just to comment on thecontents of this paper.  My address and phone number are on the firstpage of this document.If you would like to join the National Computer Security Association, a'form' for application is on the next page.  They provide benefits suchas a Virus Self-Defense Kit that's more sophisticated than the softwareon this diskette, newsletters, a virus-free bulletin board with hundredsof security-related programs, discounts on software, books andconferences, and advice if you run into trouble.Happy (and safe) computing!                         E. A. (Liz) BedwellNational Computer AssociationSuite 3094401-A Connecticut Ave. NWWashington, DCUSA   20008              Phone:    (202) 364-8252[ ]  I wish to join NCSA.  Cheque enclosed for $45.00 (US funds)[ ]  I wish to join NCSA.  Please bill me for $45.00 (US funds)Name:          _____________________________________________________Organization:  _____________________________________________________Address:       _____________________________________________________               _____________________________________________________City, Prov.:   ____________________________ Postal Code ____________Phone (with area code):  ___________________________________________Title or Position, or interest in computer security:               _____________________________________________________               _____________________________________________________.Downloaded From P-80 International Information Systems 304-744-2253