The complete computer virus handbook : David Frost Price Waterhouse, LBU9, 1 London Bridge Street,...
-
Upload
keith-jackson -
Category
Documents
-
view
214 -
download
0
Transcript of The complete computer virus handbook : David Frost Price Waterhouse, LBU9, 1 London Bridge Street,...
Vol. 11, No. 4, Page 22
meet the challenge. User hostility and failure
to consistently comply with the system’s rules
weighed against its deployment. The spectre
of terrorism was also ever-present - a ‘live
and well’ verifier was needed to ensure that
severedfingers could not fool the system!
It takes a brave man to demonstrate a new
system undergoing trials to a large
professional audience. Ian Cameron of British Telecom did just that by using ‘Phoneline’ - a
joint venture between BT and the Royal Bank of Scotland plc. A voice verification system combined with a password and a PIN number entitles the user to undertake a series of
account transactions and requests by
telephone. The system chooses words at random to counter tape-recording of a
legitimate user by an imposter.
The presentations concluded with a video film about EyeDentification System 7.5, a
retinal scanner and its use within a US state penitentiary. The blood vessel pattern of the
eye is the most distinctive and individual biometric feature. Retinal scanning can thus
provide access control at the highest security
levels. Health and safety questions related to retinal scanning are never far from the surface. However, a method that has gained official
acceptance in Sweden, West Germany and the ever stringent United States would appear
to be beyond reproach.
The consensus among delegates and speakers was that biometric systems offered enormous potential; there was much work still to be done; and that the United Kingdom (in particular) required official standards.
This worthwhile and enjoyable day was a brave departure on the part of the organizers into a relatively new and often misunderstood area of security. I for one, came away with a basic understanding of the methods involved, the available and emerging technology, the suitable applications in the real world, and the advantages and disadvantages inherent to biometric systems.
Ed ward Wilding
Biometrics Seminar Reference Manual
(f35 inclusive). Available from Elsevier
Seminars, Mayfield House, 256 Banbury Road, Oxford OX2 7DH.
BOOK REVIEW
Title: The Complete Computer Virus Handbook, Issue 1, October 1988
Author: David Frost
Publisher: Price Waterhouse, LBUS, 1
London Bridge Street, LONDON (Tel: 01-407-8989).
Price: f 15 (including post and packaging)
This handbook is the result of work carried
out on viruses by Price Waterhouse during
1988. Further editions are planned.
There are three main sections to the book.
The main text (20 pages), an appendix describing the various viruses that are thought
to be prevalent (9 pages, one virus per page), and an appendix detailing evaluations of the anti-virus products that are currently available
(28 pages). There is no index, and a short list
of only 13 references at the back of the book.
The content contains a clear explanation
of the possible ways in which viruses can be
detected and neutralized. Much care has been taken to define all the terms used within
the book, and given some of the rubbish about
viruses appearing in the press recently, this is
very valuable.
The anti-virus programs discussed in the
book are classified into 3 types. Class 1 : infection prevention designed to stop replication, and prevent the initial outbreak. Class 2 : infection detection designed to spot virus attacks. Class 3 : infection identification of specific types of virus.
COMPUTER FRAUD &
SECURITY BULLETIN
01989 Ekevier Science Publkhers Ltd., Engiand./89/$0.00 + 2.20 No part of this publication may be re roduced, stored in a retrieval system, or transmitted by any form or b an means, electronic, mechanical, p publishers. (Readers in the U.S.A ’
otocopying, recording or otherwise, without the prior permission oft L .-please see special regulation listed on back cover.)
Vol. 11, No. 4, Page 23
The book does not make clear which of the comments about anti-programs relates to actual testing with viruses, and which comments are based on the various manufacturers’ literature. Of the 28 anti-virus products mentioned in the book, I only have detailed knowledge of ‘Vaccine’ from Sophos (it is the subject of a forthcoming technical evaluation). The entry for Vaccine states that it can not check the boot sector, the File Allocation Table, the root directory, hidden files, or MS-DOS interrupts. Vaccine can check all these!
Discussion of the details of the various viruses contains the caveat: “These details have been obtained from press reports and, where possible, by evaluating the virus program itself”. The book would gain in stature if specific details of the viruses available for testing were provided, along with details of which anti-virus programs they have been tested against.
A methodology is proposed which aims to help to reduce the risk of exposure to computer viruses. After severe paraphrasing this boils down to : take regular backups, don’t boot the computer from an unknown floppy disc, test software for the presence of a virus, don’t use programs downloaded from bulletin boards, educate the computer users, and do all tests on an isolated computer. I can’t fault such advice.
I commend the lack of plugs for Price Waterhouse in the book. It must have been tempting to scatter details of the various Price Waterhouse services throughout the text, but this has been sensibly constrained to a single clearly marked page.
The book comprises A5 pages inserted in a ring binder, but the small size of the rings prevents the pages being turned properly. This proved near impossible to use, so I removed the sheets from the binder, whereupon they promptly fell all over the floor. A better ring binder would seem a good idea in future editions.
Title : Online Auditing Using Microcomputers.
Author: Jerry Fitzgerald.
Publisher: Jerry Fitzgerald & Associates, 506 Barkentine Lane, Redwood City, CA 94065, USA.
Price: US$27.95 (USji5.00 additional for international airmail).
Jerry Fitzgerald’s Online Auditing Using
Microcomputers) comes with a disk that contains some 28 audit and/or security
programs that make it a worthwhile addition to anyone’s utility program file. The author has
reviewed more than 300 public domain software programs and selected this handy
collection.
Although this 44-page volume is directed toward the auditor there are many programs that can be used for data integrity and other security purposes. Written in simple language for the non-technical microcomputer user, the book contains some unusual programs.
BADSECT enables the user to identify bad
sectors on either a floppy or hard disk. Although these sectors are not normally readable under conventional DOS methods, the program also permits the user to ‘restore’
these sectors so that they can be read more easily.
CMP can be used to compare two files on different or the same disk for identifying added, changed or deleted sections in one file. This is a useful program to determine if any
modifications were made during the file copy procedure.
COMPARE performs a line-by-line comparison of two ASCII source files. When a difference is detected, seven lines of code from each file are displayed.
DPROTECT is used to ‘write protect’ one
or more floppy disk drives and simultaneously
protect all hard disk drives from illegal or
COMPUTER FRAUD &
SECURITY BULLETIN
(31989 Elsevier Science Publishers Ltd., Engiand./89/$0.00 + 2.20 No part of this publication may be re reduced, an
IL means, electronic, mechanical, p R
stored in a retrieval system, or transmitted by any form orb otocopying, recording or otherwise, without the prior permission oft L
pu hshers. (Readem in the U.S.A. -please see special regulations listed on back cover.)