CRYPT NEWSLETTER 34
October-November 1995
Editor: Urnst Kouch (George Smith, Ph.D.)
Media Critic: Mr. Badger (Andy Lopez)
INTERNET: 70743.1711@compuserve.com
Urnst.Kouch@comsec.org
crypt@sun.soci.niu.edu
COMPUSERVE: 70743,1711
�������������������������������������Ŀ
� Contents: Crypt Newsletter #34 �
���������������������������������������
THIS ISSUE
BOOKS
The Real Cyberpunk Fakebook
Giant Black Book of Computer Viruses
The Emperor's Virtual Clothes
NEWS
National Reconnaissance Office secret fund
Keeping up with the NRO's cash flow
National Vanguard mail-bombs
MEDIA
The low spark of well-heeled noise
SOFTWARE
Dr. Solomon's Anti-virus Toolkit
Symantec dirt
LEGAL
Computer viruses and institutional liability
MISCELLANY
Letters page
Glossary
Crypt Newsletter database
Crypt Masthead Info
Credits/Acknowledgements
CYBERSPACE: THE LOW SPARK OF WELL-HEELED NOISE ACCORDING TO
FRONTLINE
On Halloween, FRONTLINE ran "High Stakes in Cyberspace," one of
the best snapshots of the near future of on-line bizness Crypt
Newsletter has seen.
Host Robert Krulwich was critical - even almost nasty - as PBS's
investigative team trotted around to get the goods on the ZIMA
Web homepage, the Washington Post's Digital Ink and other stuff
being sold by an assorted group of ad agents posing as info-highway
gurus.
The Post's Digital Ink, a so-called electronic version of the
newspaper, was shown as a project its editor was tricked into
revealing as fundamentally a mechanism for blurring the distinction
between editorial and advertising content. Community, community,
community, virtual community - that's what Digital Ink claimed to be
about! Yes, Digital Ink's editor had the "community" line down so pat
it sounded like his personal mantra. While he was chanting it, Crypt
News wasted time by imagining someone striking him cruelly about the
head with a metal baton until the real truth leaked out - which it
did, anyway. Digital Ink's leader let slip the true power of the
on-line newspaper: the ability to glue advertising onto page one
. . . the ability to bring white, fattish ruling-class bankers in
on the decision-making . . . the ability to turn the operation
into . . . PRODIGY!
The ZIMA Web page was shown as the black-hole of advertising
vacuity it is. It was a lot of point-and-click about nothing -
"meta-information" or _information about information_ it's called -
fiendishly designed to generate more junk from advertisers deposited
in your mailbox. Although Krulwich never said it, what FRONTLINE
was _really_ showing was that personal computers have provided a
Jim Dandy way in which parasitic businessmen can create money from
nothing by gulling yuppie consumers into being subscribers to a
potentially infinite set of on-line informercials. "Irritating" was
the word Krulwich used to describe the phenomenon.
"High Stakes in Cyberspace" would have been 100 percent perfect
if not for Howard Rheingold showing up. But the clock ran out on
him and FRONTLINE editors spared viewers his soppy cliches about
the virtual world. Spffffft - and the credits inexorably rolled
Howard up in a merciless 30-second soundbite.
FROM THE "SEE THE WORLD IN A GRAIN OF SAND" DEPARTMENT
While browsing the local bookstore yesterday, Crypt ran across
"Cyberpunk Handbook: The Real Cyberpunk Fakebook" by R.U. Sirius,
St. Jude and Bart Nagel (Random House), writers for MONDO 2000
and other publications that Crypt Newsletter does not understand.
It's a humorous - I'm pretty sure - trade paperback for the
unwashed masses. It's mission: tell the proles if they're cyberpunks,
how to be one, or <wink-wink> how to fake being one. Bruce Sterling
wrote the intro and somewhere in there, much to the humor desk's
surprise, CuD and the Crypt Newsletter's Web sites are mentioned as
k3wel places to hang.
In honor of this grand event and for a short time only, Crypt
Newsletter will be conducting cyberpunk lessons on how to smoke
clove cigarettes, drink Japanese beer, write in~elyte~script, wear
leather jackets, be sarcastic even while asleep, send the AT command
to your modem, use hacked Celerity BBS software, get arrested for
red-boxing, visit a "sting" board, read alt.2600, ask the password
for Nowhere Man's Virus Creation Lab, get banned from Internet Relay
Chat, watch "Johnny Mnemonic" and pretend to know what's going on,
surf the Web and pretend to know what's going on, choose the correct
hair pomade or coloring, recognize the best places to shop for
rubber bondage wear or ritual scarification paraphernalia and
- last - but most important, leave your credulity in the toilet.
Unusual for this type of book, the authors have written it so that
it's occasionally mean and cutting right around the time you begin
to consider brandishing a virtual bludgeon in their direction. Did
I mention it was a _very_ amusing read for 10 bucks (cheap)??
"The Real Cyberpunk Fakebook" features a photo of Eric Hughes in
cyberpunk raiment on its cover, too. Right down to the duds, he's
a dead ringer for Greg Strzempka, the singer for an obscure metal
band named Raging Slab. It's true, by golly!
The book is also loaded with photos of menacing-looking GenX'ers,
cans of Jolt cola, one stuffed cat, an odd-looking leather
device - perhaps used during sado-masochistic floggings, and someone
with a chrome bolt through their tongue. If you are still bored,
there's also a crossword puzzle or two.
NATIONAL RECONNAISSANCE OFFICE SPOOKS SECRETLY SET UP SLUSH FUND
In late September, the Washington Post reported that the
spy satellite-flying ultra-secret National Reconnaissance Office
had salted away over $1 billion in cash money left over from
operating costs. In related news, it was revealed the agency had
also been squirreling away unused spy satellites in its Sunnyvale,
CA, facility at an estimated cost to the US taxpayer of $10-15
billion for cleanrooms and maintenance.
The secret NRO fund disclosure comes about one year after the
Senate Intelligence Committee discovered the agency had built a
$300 million headquarters complex in Fairfax County, Virginia,
without telling anyone. Locals were misinformed on the owner of
the complex, believing it was a plant for Rockwell International.
The $1 billion secret fund was accumulated by the NRO as a result
of the agency's practice of being paid in advance for multi-year
satellite programs. The fund was built from budget money diverted
from agency contracts which unfolded at rates slower than planned.
CIA head John Deutch launched an investigation into the $1 billion
fund over the summer but found nothing wrong with the
NRO's handling of cash money. A new chief financial officer,
however, was put in place at the spy satellite agency.
It is also quite entertaining to take a look back at the outcry
which resulted from news of the NRO's new headquarters in August 1994.
An especially pungent quote came from Rep. James Traficant who
railed, ". . . I say we should convert that [new NRO building] to a
prison and start by locking up these lying, thieving, stealing CIA
nincompoops."
As for the NRO secret fund, agency mouthpiece Pat Wilkerson commented
to the Post that he would not comment on his organization "because
the programmatic and dollar content of the NRO budget are still
considered classified."
CONGRESS ERODES INTELLIGENCE BUDGET SECRECY
by Steven Aftergood, Secrecy & Government Bulletin 53, Federation
of American Scientists, 307 Massachusetts Avenue, NE, Wash. D.C.,
20002
Congress has highlighted new details of the structure of the
secret intelligence budget following the disclosure that the
National Reconnaissance Office had been hoarding over a
billion dollars of unexpected funds. Specifically, Congressional
actions have made it possible for anyone to discern where secret
funding for the NRO is hidden with the Defense Dept. budget.
Discovery of the NRO's extraordinary accumulation of unspent
funds, first reported in the Washington Post, led Congressional
appropriators to cut "more than $1 billion" from the NRO's
budget (New York Times, 9/27/95).
After the conference report on 1996 defense appropriations was
issued on September 25 (House Report 104-261), it became possible
to ask: Where in the defense budget was this "more than $1 billion
taken from? The following budget cuts are conspicuous:
� The line item called Selected Activities in the category "Other
Procurement, Air Force" was funded at $4.9 billion, a reduction
of approximately $500 million from the budget request.
� The line item called Special Programs in the category "Missile
Procurement, Air Force" was funded at $1.2 billion, a cut of
approximately $400 million.
New rescissions in previously appropriated 1995 funding of these
two categories were made in the amounts of $180 million and $120
million respectively for a total of $1.2 billion in funding cuts,
which corresponds neatly to the reported reductions in NRO funding.
In conjunction with other sources, the following sources may be
drawn:
� Selected activities in Other Procurement, Air Force is the funding
line for the CIA's portion of the NRO satellite procurement
budget, as well as for the CIA itself.
� Special Programs in Missile Procurement, Air Force is the funding
line for NRO procurement of spy satellites assigned to the Air
Force.
� Other components of the massive NRO budget are hidden in the Navy
budget and in the line item Classified Programs in the category
"Research, Development, Test and Evaluation, Air Force" which
includes the NRO's r&d budget. This line item was funded at $3.3
billion.
The ease with which the NRO budget may be detected by even a casual
observer makes a mockery of claims that intelligence budget secrecy
is a matter of national security. Rather, it has become a
convenient means of reducing public accountability.
Public exposure of the budget details of individual intelligence
agencies now seems increasingly necessary because Congress is so
plainly incapable of performing its intelligence oversight function.
Rep. Larry Combest, who ironically led the effort a week earlier on
the House floor to block public disclosure of the total intelligence
budget (Congressional Record, 9/13/95, p.H8833), complained to the
Post that NRO officials had "fallen quite short of being open
about this."
Taken at face value, Rep. Combest's complaint suggests either a
surprising incapacity to gain access to even the most elementary
information about the NRO, or an astonishing lack of curiosity
and understanding concerning NRO operations and budgeting.
It is hard to comprehend the difficulty of the oversight committees
in spotting the NRO's reservoir of funds, given that the continued
operation of spy satellites beyond their design lifetimes and the
resulting backlog of unlaunched satellites have been publicly noted
by intelligence community officials for several years. It is a
mystery how the "oversight" committees could have failed to realize
that NRO had a substantial surplus of funds that had already been
appropriated to support launches that had not yet taken place.
Fundamentally, the NRO's secret accumulation of a billion dollars
is much less disturbing than the fact that Congress was unaware of
it for an extended period. If the designated Congressional
overseers are unable to reliably keep track of where any given
billion is gowing, then even a rudimentary level of accountability
is impossible and the job must be taken over by others.
Fortunately, the public has access to other sources of information.
For example, an article in the Los Angeles Times entitled "US
Launches Costly Overhaul of Spy Satellites" (9/28/95) provides
background on the classified "8X" satellite program and its budget
implications.
TYRANNY & MUTATION: MARK LUDWIG PUBLISHES GIANT BOOKLOAD OF
COMPUTER VIRUSES
In 1990 Mark Ludwig published "The Little Black Book of Computer
Viruses." It contained the source code for four computer
viruses, one of which - Stealth Boot - has become one of the more
common computer viruses infecting business and home PC's worldwide.
[The virus, known as Stealth Boot C, is the same as the copy
published in the second printing of "The Little Black Book of
Computer Viruses."] As a result, by 1992 Ludwig (also my publisher,
incidentally) was a pariah in conservative computing circles, fit
predominantly for freak-flag-fly-type stories on viruses as artificial
life in WIRED magazine or bad craziness and hate parties at assorted
computer security conferences. In 1990 Ludwig wrote, rather
accurately in retrospect, "[Stealth Boot] is _highly contagious_ . . .
once it's infected several disks, it is easy to forget where it's gone.
At this point, you can kiss it good-bye." Even the printing business
Ludwig uses for his books was infected with Stealth Boot during
production runs.
The introductory parts of Ludwig's new "Giant Black Book of
Computer Viruses" (American Eagle trade paperback, 700 pages)
feature a tone more baldly revolutionary than his previous books.
It's a pitch that resonates with many outsiders - the militias, tax
resisters, Internet anarchists, true believers of New World Order
conspiracy orthodoxy - convinced a big takeover by the
military-industrial complex is imminent. In a segment on "military
applications" of computer viruses Ludwig writes, "Putting military
grade weapons in the hands of ordinary citizens is the surest way to
keep tyranny at bay." We are moving toward an "Orwellian god-state"
he says, and "the Orwellian state is vulnerable to attack -- and it
should be attacked . . . Perhaps we have crossed the line [of this
state] or perhaps we will sometime between when I [write] this and
when you are reading. In such a situation, I will certainly sleep
better at night knowing that I've done what I could to put the tools
to fight in people's hands." Ironically, even extremist Soldier of
Fortune magazine has dropped Ludwig's advertising with nary a word of
explanation. For it, computer viruses are now apparently more feared
than serrated truncheons, pepper spray, assault weapons and
advertising for military adventurers and hit-men.
Dire stuff this is, and the remainder of the "Giant Black Book" is
no exception, with segments devoted to boot sector-infecting
computer viruses, writing "droppers" for them - for example,
the complete source code for Stoned and a diskette-infecting
launcher for it; file-infecting viruses for a multiplicity of
operating systems, virus stealthing; complicated, exotic encryption
schemes aimed at defying anti-virus scanning; and anti-security
measures designed to make clumsy or incomplete disinfection of
Ludwig's viruses a task fraught with the possibility that the
replicating programs will destroy the data structures on the infected
machine in retribution. Portions of the book are reprints or
clean-ups of articles which have appeared over the past couple of
years in Ludwig's Computer Virus Developments Quarterly and its
successor, Underground Technology Review, which have ceased
publication.
The only other books in the arena even remotely reminiscent of
Ludwig's newest - beside his own stuff - is Ralf Burger's
"Computer Viruses -- A High-Tech Disease," published in 1988 by
a company also in the business of marketing Burger's anti-virus
software. However, Burger's chapters on simple overwriting viruses
and the mutilation of computer data coupled to simulation of horrible
hardware problems with software - besides being simplistic and dated
- lacks the weird joie de vivre Ludwig's "Giant Black Book" flashes
in assembly language-illustrated tracts on choosing between
formulations of sudden, unexpected data incineration or creeping
file corruption - routines perhaps perfected while Ludwig was writing
destructive code for a US Army group attached to NATO a couple of
years ago.
Those who worry about presumed virus-writing churls from the Internet
getting a copy should stop right now. Real life probably won't be
quite as predictable. Even though the "Giant Black Book" is genuinely
menacing-looking, for the truth to be told experience suggests most
would-be and practicing virus-writers are either too penniless to
purchase it, too oblivious to everything but their own transient
concerns to read it carefully enough so it really hurts, or too
bitterly envious of Ludwig for making a living selling viruses which
they've been unable to trade for even a bag of chipped wampum, to
make much of the virus code and tutorials which constitute the
backbone of the book. History also indicates that it's not a big
jump to see that as with "The Little Black Book," one or two of the
"Giant Black Book's" Ludwig viruses could wind up in circulation on
national computers within two to three years, resulting in an
indeterminate amount of garment rending, trashed data and lost money,
blood on the floors of information systems departments, insane
shouting, and kill crazy editorializing in computer security
publications, none of which will have any impact on the perverse
reality of the world of computer viruses.
There's a part near the end of the "Giant Black Book," written
with an X-file-ish sci-fi whiff of looming future techno-anarchy.
Those comfortable with the reading material found in comic books
devoted to the current fascination with cyberpunk, computer network
dystopia, mysterious helicopter flights over the hinterlands, and
rental vans packed with bags of fuel oil-soaked ammonium nitrate will
be pleased. As for the bottom line on "The Giant Black Book of
Computer Viruses": Like all Ludwig's books, it's a distinctly
unusual acquired taste requiring a small but significant amount of
technical acumen to crack. But it also tends to be as interesting a
read as you'll find if you're one with the stones for it.
"The Giant Black Book of Technological Booby Traps, er, Computer
Viruses" -- $39.95 cash money from American Eagle, Show Low, Arizona.
(ISBN 0-929408-10-1)
Additional notes: A recent Computer underground Digest tabbed
Jean Bernard Condat, president of the French chapter of the Chaos
Computer Club, as a hireling of a French secret government agency,
the Direction de la Surveillance du Territoire. Indeed, he
appeared to be its puppet, blackmailed into service when fingered
for a petty crime as a student in Lyons. According to the report
in CuD, he provided reports and acted as an agency beard while
posing as the most famous French hacker. Condat claimed to have
broken away from the agency in 1991 but the excerpt in Computer
underground Digest implies the facts are fuzzy in this area. In
1992, Condat translated "The Little Black Book of Computer Viruses"
for Ludwig and agented it to French publishers. Turned down by
Idalis, one of the largest French publishing firms, reportedly
over qualms with the translation, the book was eventually optioned
by Addison-Wesley France. The publication of it in France in
1993 as "Naissance d'un virus" resulted in a civil suit. Ludwig
dropped Condat as an agent about a year later for reasons
apparently having to do with reliability, according to the
American Eagle publisher.
NET-BABBLERS INEXHAUSTIBLE PREPARE INSTITUTIONS FOR OVERTHROW -or-
ELECTRO-PAMPHLETEERS FOR NATIONAL VANGUARD LAUNCH OCTOBER OFFENSIVE
A spam a day keeps the delete key in play. It's something everyone
seems to forget when dealing with mail-bombs, particularly when
they're selling conspiracy theory like one that declared dead
cultural anthropologist Franz Boas the root of all world evil in
early October. Yes, the same Franz Boas who wrote famous
books on the Indians of the Northwest.
Skipping the hare-brained discussion for the sake of sanity, the
anti-Franz Boas essay arrived on e-mail doorsteps and Usenet news
packaged as annoyance electronic mail. It triggered the usual
outrage - pissed-off Netizens shaking their cyberfists in hackneyed
fury, promising unspecified retribution: perhaps nasty phone calls and
retaliatory nuisance spam -- all aimed at National Vanguard/National
Alliance, a Hillsboro, West Virginia, publisher responsible for the
best-selling piece of race-hate conspiracy science-fiction,
"The Turner Diaries."
Consider the nature of National Vanguard, a publisher that advertises
in the back of "The Turner Diaries" for a comic book called "New World
Order Comix." Fifteen to eighteen-year olds, says the advertising,
can read the NatVan funnies to "understand the nature of the evil
forces which have deliberately wrecked their schools . . . by
organizing to oppose the enemies of their race and civilization." A
few pages earlier is the blurb for another book, "Serpent's Walk,"
that promises the "Good guys" -- Hitler's SS -- finally win after
going underground and continuing the fight for a century. Are you
left with impression that the anger of spammed Netizens might just
roll off the back of the National Vanguard, already certified as
a social leper for about two decades?
If not, revisit for a moment the history of "The Turner Diaries."
First published in 1978 by author William Pierce after being
serialized in his magazine, National Vanguard, "The Turner Diaries"
has sold approximately 200,000 copies without really being in any
bookstores to speak of.
The National Alliance spam is mildly reminiscent of the strategy
Piece used with Soldier of Fortune magazine's subscription list
in 1981. Pierce purchased SOF's mailing list and subsequently
sent a National Alliance/National Vanguard catalog to the magazine's
subscribers. Some readers of SOF complained vigorously and the
magazine apologized to its readers, promising to more carefully
screen those wishing to purchase its subscriber base.
"The Turner Diaries" is an escalatingly violent book, apocalyptic
and brutal in its imagery of a white supremacist underground
fighting a total war against the US government. It's told primarily
from the point of view of one of the minor lights of the white
supremacist underground, one "Earl Turner," who takes part in a
number of the book's key battles.
In "Turner," guns are outlawed by the hated US government with
"the Cohen act." Soon after, Earl Turner and a cell of guerillas
demolish FBI headquarters in Washington, D.C., with a rented truck
filled with fertilizer/foil oil explosives. The aim: to smash a
super-computer and database designed to keep track of US citizens.
The "freedom fighters" declare war on the government, blacks, Asians,
Latinos, those who fornicate with them and liberal journalists. In
scenes straight out of Nazi Germany, those in the ruling overclass
arrayed against the insurrectionists are rounded up and hung en
masse - made to wear placards proclaiming "I defiled my race." There
are scenes of torture, sodomy by metal rod, numerous shootings
and savage beatings. Israel, Russian and US cities are destroyed by
nuclear warheads. The Pentagon is leveled by Earl Turner who flies
an atomic bomb into it while on a kamikaze mission -- his
final initiation into the book's holiest of holies, The Order.
China is rendered uninhabitable by biological weapons. Turner's white
supremacists impose a new "empire" upon the world.
Pierce put a reading list of required material for white supremacists
in one of his National Alliance catalogs. In it, Pierce claimed,
"[Turner] will be too strong a dish for any reader who has not
thoroughly prepared himself for it," according to "Warrior Dreams"
author and academic James Gibson.
Despite its repellent nature, many took "The Turner Diaries" very
seriously. In 1983, the Bruder Schweigen, or Order, were one heavily
armed, well-organized outlaw group of white supremacists inspired by
it. The Order held up banks and armored cars to raise money - almost
$4 million - for their revolution and modeled it on the struggle
portrayed in "The Turner Diaries." Order member Bruce Pierce murdered
Alan Berg, a Denver talk radio host, by submachine-gun fire and was
eventually caught, convicted and sentenced to 200 years to life in
prison. Berg fit the Order's interpretation of "Turner Diaries'"
definition of a liberal Jewish journalist. In 1984, the FBI, writes
author Gibson, "closed in on the Order's island hideout [in Puget
Sound, Washington] . . . Several members of the Order surrendered;
[Bruce] Matthews, [their leader], refused." The FBI set the hideout
on fire with magnesium flares and a grenade launcher, an exploding
weapons cache widened the blaze and Matthews died in the conflagration.
His body was recovered later, a gold Order medallion charred into his
chest [page 250].
Laurence Canter and Martha Siegel created a cottage industry early
this year when they hit stores with "How to Make a Fortune on the
Information Superhighway," a book on the "legitimate" business uses
of ruthless scattershot e-mail advertising. Having reportedly sold
47,000 copies as a hard cover for one of the major publishers, it was
only a matter of time until businesses or groups like National
Alliance, those which could hardly be expected to even faintly mind
the collective ire of 'Net administrators, began to act on it.
AUTHOR DINTY MOORE'S HANDBOOK FOR CLOSET INTERNET CURMUDGEONS
"The Emperor's Virtual Clothes: The Naked Truth About Internet
Culture" (Algonquin Books of Chapel Hill, $17.95) is a bird
of a different feather: an Internet cynic's handbook written
in a happy, frothy tone - presumably because it's author seems
to be a pretty pleasent prof in residence at Penn State University.
Packaged by Algonquin so it's somewhat reminiscent of Jon Winokur's
"Closet Curmudgeon" books, "Emperor's Clothes" is its author's
anecdotal view of on-line culture. In it Moore covers all the
popular 'Net issues and controversies: privacy, sex, the nature of
obsession and creeping Toffler-ism. Never so mean as Crypt
Newsletter, "Emperor's Clothes" nevertheless drives home its
skeptic's point of view well, even invoking Thoreau as a comical
muse from time to time.
One of my favorite parts was Moore's description of one 'Net
fanatical collegian seemingly lacking even the wit of a pig's
bladder on a stick. The subject has become so encrusted with the
trivia of networked existence he can't break away from on-line
games and chat. His grades are shit; what's left of his mind is
oozing from his ears. The poor sod has forfeited his personality
to a $1000 plastic and glass box! However, you can bet there's
always time for one more round in the multi-user dungeon role-playing
game.
For those who enjoy their prose sardonic, "The Emperor's Virtual
Clothes" is cool.
THE SOLOMON ANTI-VIRUS TOOLKIT: THE EVOLUTION OF SCANNING SOFTWARE
Back in 1993 in an article for Crypt Newsletter #9 called "Take
the Prodigy challenge with the Dr. Solomon Anti-virus Toolkit," I
did a run through of this British program, then distributed by
On-Track Data Recovery in the U.S.
PRODIGY's marketing of the Dr. Solomon Toolkit was uniquely absurd,
so weird I've never seen it repeated anywhere else. The
Sears-Roebuck administered "personal information service"
for yuppies hyped the software offer which, on the surface,
appeared quite attractive. It offered a special data integrity and
recovery package which was essentially a broken up grab-bag of
software utilities looted from other commercial products. In toto
it consisted of the Solomon Toolkit's FindVirus anti-virus scanner,
an "unerase" program designed to allow buyers to easily recover
recently scotched files and a rudimentary set of hard disk
maintenance programs. This was a vile deal aimed squarely at suckers
since the current version of DOS had already shipped with programs
that covered almost everything included in the package except for
Solomon's FindVirus.
However, Prodigy did offer the Solomon Anti-virus Toolkit for
$39. The catch was it came sans manual. Of course, you could
also buy the manual, thereby bringing the total price up to
$99, about what you would paid for the Toolkit straight from
On-Track. The logic behind the marketing hook seemed to be the
thinking that consumers would jump at the apparent _reduced_ price
of the Toolkit, order it and find that once they had it, it didn't
make sense without the manual. Of course, then the manual would be
purchased anyway.
In 1995, Alan Solomon (S&S International) is no longer dependent
on this kind of "help" to merchandise his product in the U.S.
The company has moved aggressively into the national market and
opened offices in Mission Viejo, California, and Burlington,
Massachusetts. However, the core of his Toolkit's virus control
strategy remains the same: effective use of the FindVirus anti-virus
scanner and Guard, a memory resident utility which acts as a
sentry armed with a sub-set of FindVirus's capability.
FindVirus operates on a philosophy of rigorous detection and
identification of computer virus infection. Briefly, one can
explain it thus:
The FindVirus scanner has an entry for the "Mr.X" virus in its
virus information database. According to the entry for the
"Mr.X" virus, FindVirus knows the virus infects .COMfiles and that
infected files begin with a jump command that points to the end of
program where the virus has added its code to the parasitized file.
FindVirus looks for a string of bytes uniquely chosen from the
"Mr.X." virus and if it finds such a string - or perhaps matches
a calculation based upon the string - checks for the true virus
identity by performing another calculation on the expected volume
of the virus, say, from the beginning of its control point to the
end of the viral code. If the calculation corresponds to the value
FindVirus holds in its database for this particular virus and every
other check mentioned is valid, a live copy of the "Mr.X" virus has
been found in the file.
Using this method, FindVirus can only rarely be tricked into
inappropriately identifying viruses. This means its rate of false
alarming on programs and data contained within the average computer
is vanishingly small. The 1993 version of FindVirus was just as
fussy about virus identification. However, when it came to repairing
virus-infected programs, the Toolkit's on-line help recommended
replacing the infected file from distribution disks because while
it was possible "to remove the fly from the ointment," most users
preferred a "new jar of ointment."
This is gone from Toolkit 1995. Since FindVirus's mechanism of
detection is dependent upon exacting identification of computer
viruses, there is little point in shrinking from using the program
to cut viruses from infected programs. Stated another way,
FindVirus will simply refuse to disinfect viruses it cannot identify
exactly. This seems like an obvious point until you realize that
many, many anti-virus programs don't supply this rigor, and can be
happily demonstrated ruining infected programs when asked to remove
viruses - if they can remove them at all - for which they only have
an approximate diagnosis. Such a result would be catastrophic if
practiced on a heavily infected network. The flip side of the coin
is that a program like FindVirus, with the records of approximately
7000 computer viruses in its database, can be expected to perform
rapid and precise disinfection in such a situation.
Going beyond exact identification of rudimentary viruses, FindVirus
has been optimized for polymorphic detection. According to the
Toolkit's on-line help and Alan Solomon's books, the current
engine driving FindVirus got its start when Nowhere Man's NuKE
Encryption Device landed on his desk embedded in the ITSHARD virus.
Blocked by the complexity of the code garbling generated by it,
Alan Solomon started development on a fix for FindVirus that would
enable it to unwind Nowhere Man's encryptor reliably as well
as universally covering all similar types of polymorphic encryption.
Generally, this could be approached by writing software which
simulates the code in a suspect program. One could start by
inspecting a stretch of code thought to be part of a virus and
responsible for its self-decryption (which a polymorphically
encrypted virus must have) by checking if the code appears to
sequentially walk through a chunk of the suspected virus, modify it
and write it back in unencrypted form. Such an anti-virus scanner
could load a suspect file into a buffer, set up a bunch of registers
in memory and start inspecting. It would update the simulating
registers according to the action dictated by the instructions found
in the scanned code. However FindVirus was to do this, the idea was
to apply an engine which would drive the decryption employed by
just about any type of virus. Once perfected, then the same
rules FindVirus uses to detect and disinfect simple viruses can
be brought into play to identify and disinfect any virus underlaying
various layers of disguising encryption. Alan Solomon incorporated
just such a technological innovation into FindVirus and the program
won a Queen's Award for Excellence as a result of it.
Anyway, however FindVirus does this, it seems to work rather well.
In a quick and dirty test we generated 200 samples each of a handful
of encrypted viruses: Oi Dudley, Mutation Engine Insuff and Encroacher
from the old Crypt Newsletter, SMEG v.03, and Virogen using the Vice
encryptor. FindVirus hit almost all, missing only 3 percent of the
Virogen Vice samples. It precisely identified the one-in-every-ten
unencrypted copies of Encroacher generated by a buggy version of
the Mutation Engine and the original Encroacher virus seed file, or
dropper, a feature useful in computer forensic work. Oddly, it
identified all Mutation Engine Insuff samples as "like" Mutation
Engine viruses. It also successfully disinfected all detected
infections except for Mutation Engine Insuff, which can only be
deleted or renamed. FindVirus renamed them which is an adequate
solution. A competing program, Dr. Web, was used as a simple
barometer. Web detected all Mutation Engine Encroacher samples,
for example, but promptly destroyed every program upon disinfection.
The final S&S selling point for FindVirus, implemented just
recently, is "heuristic" virus detection, or detection based
upon the looking for code that does things viruses are expected
to do. Although not a new feature in anti-virus land, it's
new for FindVirus which delivers the capability _only_ if
called for specifically by command-line switch. So, while
FindVirus missed 3 percent of the Virogen Vice infections, it's
"heuristic" ANALYZE switch, coupled with the program's virus
decryption engine, uncovered every one of the misses with a
generic "like a virus" warning message. The catch is the user
must have the wit to use it in potentially hot situations. With
the ANALYZE feature enabled, FindVirus - like any "heuristic"
detector - can generate, or be compelled to generate, false
alarms.
The memory resident VirusGuard portion of the Solomon Toolkit
intercepted most, but not all of the encrypted viruses. It
missed Mutation Engine and SMEG samples, but was successful
at intercepting Oi Dudley and Virogen Vice specimens.
The Solomon Anti-virus Toolkit creates the usual anti-virus
industry standard rescue disk capable of jump-starting a
dead dog hard disk but no longer carries along a copy of FindVirus
as it did a couple years ago. The documentation concedes that
the steady rain of increasing computer virus strains has inflated
the size of the program, making this impractical. Instead, it recommends
use of the copy of FindVirus on the original diskettes when treating
a badly contaminated or damaged system.
The Anti-virus Toolkit comes with a manual and an interesting
Virus Encyclopedia which contains entries for a large number
of viruses S&S International has thoroughly dissected. Oddly,
the index page numbers for the viruses described in this edition
were listed as variant numbers of pages _beyond_ the actual
entries in the encyclopedia. For example, the data on Micropox
virus was listed at page 247 but actually resided on page 239;
the data for FLIP listed as 108 when it was on 105, the entry
for Natas virus as 163, but actually on page 158. Initially,
this led me to suspect I was a victim of creeping mental illness.
[Hmmmm. Could be evidence of Index.Fiddler. Just a little inside
computer virus humor!]
The Toolkit also contains a number of other programs including
a file integrity checker, disk and file examination programs, and
a couple of certification programs which augment the use of FindVirus
and Guard in virus control and additionally supply an easily administered
measure of access control to a secured machine's files and diskettes.
The Solomon Toolkit's use of technology in precise virus
identification and removal are features that serve it well. It is
these same features, seamlessly incorporated into the software,
which are difficult for magazines to explain adequately to potential
consumers. It is a paradox that they are the same features which set
the Toolkit apart from and above elegant-looking, power-marketed
turds like Symantec's Norton Anti-virus.
S&S International USA: 17 New England Executive Park, Burlington,
MA, 01803 ph: 1-617-273-7400.
FROM THE "YOU CAN'T POLISH A TURD BUT THAT WON'T STOP 'EM FROM
TRYING" DEPARTMENT
Alert reader David Kennedy passed along this latest bit of
consumer news, courtesy of the institutional machine at Symantec.
Apparently, Philistines in charge of marketing and disinformation
at the Norton Anti-virus issued a statement of unique interest to
Crypt Newsletter readers.
Symantec, it claims, has opened an "Anti-Virus [telephone] HotLine."
"This _revolutionary_ [emphasis added] new service will place
live anti-virus technicians at your finger tips to quickly and
efficiently help you resolve those burdensome live virus infection
situations, no matter what product you are using to detect the virus,"
it reads.
"To help you in your fight against virus infections Symantec is
proud to introduce the industry's _first_ [emphasis added] dedicated
anti-virus hotline."
This was inspirational and in the spirit of the free flow of
information, Crypt Newsletter announces it has opened an
Anti-Symantec telephone HotLine. This revolutionary new service
will place live editors at your fingertips to quickly and
efficiently help you resolve those burdensome confusions that arise
from reading Symantec corporate babble and then spending too much
cash money on software products like the Norton Anti-virus.
As a bonus, the Crypt Newsletter Anti-Symantec HotLine releases
the following:
Peter Norton, the guy whom the Norton Anti-virus is named
after, once claimed computer viruses were urban legends!
Symantec's Anti-Virus HotLine is not the first anti-virus
help line. (Big surprise!) Why, just this summer Crypt saw
the National Computer Security Association advertising one
in its company magazine. Peter Tippett, who recently worked
for Symantec, had his photo on its cover, too. It's true!
Much of the development staff that went into programming and
"perfecting" the Norton Anti-virus left the company this
year for the competition! Oh no! They won't be around to answer
telephones. It's true!
For example, Martin Fallenstedt, Dave Perry and Jimmy Kuo
went to McAfee Associates. Therese Padilla went to Command
Software (F-Prot). (Crypt knows this is true because Crypt
spoke with her recently.) Peter Tippett is now affiliated
with the National Computer Security Association. The NCSA
magazine says he's its "President." Joe Wells, another Norton
Anti-virus developer, went to IBM.
Joe Wells even mentioned on Compuserve this summer that "there
[were] several other people," who also went from Symantec
to McAfee Associates. "When I visited them early this month,
I suggested the company name be changed from McAfee to McMantec,"
said Joe. Haha! Joe made a joke of it! What a funny guy!
John McAfee, when in an ebullient mood, also used to speak of
having a McAfee Associates special team drive around in a mobile
home to supply emergency service to companies laid low by
computer virus! McAfee Associates has telephones, too.
It's true! ["The Virus Creation Labs," page 11.]
QUESTIONS: COMPUTER VIRUS LIABILITY
[In January 1995, the US Bureau of Public Debt's Security Branch and
its legal department debated the issue of unintentional distribution
of computer viruses and the legal liability of institutions found to
have passed contaminated software or diskettes. The discussions
were published in the US Bureau of Public Debt's Information Systems
Security Monitor newsletter and credited to Kim Clancy (Security
Branch), Jim Kramer-Wilt (Legal) and Lisa Martin (Legal). It is
reprinted here with permission.]
Security Branch: "What, if any, boilerplate language exists that
we could put in contracts that would protect us if we received disks
that were infected with a virus? What are [others] doing?
Legal: "At present, Public Debt is not using any special language
in . . . contracts. The present warranty clause does not protect
us from consequential damages. Procurement uses a general clause
unless the Contracting Officer determines that a greater level of
protection is necessary. We could insist that a clause be inserted
that the contractor has screened the software for any known viruses.
This, of course, would not protect us from unknown viruses. It
appears that we should be making the screen ourselves, rather than
relying upon the contractor. I would assume that such screens
are being made."
Security Branch: "In the area of Interagency agreements - what is
our liability if, for example, we would send [someone] a diskette
with a virus? Is exempting language available? Would it be
effective, such as in contracts with these [others]?"
Legal: "Contracts between government agencies follow the general
outline of the first question above. Government agencies are pretty
much self-insured for such damages. Any diskettes sent to other
agencies should carry the following disclaimer:
WE HAVE SCANNED THIS DISKETTE FOR VIRUSES USING <SOFTWARE BRAND AND
VERSION INSERTED HERE>. NONE OF THE DISKETTES HAVE ANY VIRUSES
ACCORDING TO OUR USE OF THESE PROGRAMS. HOWEVER, BE AWARE THAT
THERE MAY BE VIRUSES OR OTHER DANGEROUS PROGRAMS THAT HAVE ESCAPED
DETECTION. WE DO NOT WARRANT OR REPRESENT THAT ANY OF THE DISKETTES
ARE ABSOLUTELY FREE OF VIRUSES, TROJAN HORSES, WORMS, TIME BOMBS OR
ANY OTHER TYPE OF DANGEROUS COMPUTER PROGRAM. YOU SHOULD PERFORM
YOUR OWN TESTING TO ASSURE THAT THE FILES YOU DOWNLOAD ARE TRULY
FREE OF VIRUSES OR OTHER DANGEROUS PROGRAMS.
This disclaimer could be in the form of a pre-printed sticker that
is affixed to the diskette package."
Security Branch: "What should we do if we get a diskette with a
virus from another company? Should we contact the vendor? Are
there any repercussions if we do contact the vendor?"
Legal: "You should contact the vendor and inform them of your
finding. Whatever action they choose to take is up to them.
I believe that there is a duty to contact the vendor and there
should be no legal repercussions. We also feel that you should
pass along your findings to Main Treasury, e.g. 'I scanned the
diskette with a certain virus checker and found this virus,'
thereby making no statement as to how the virus got on the
diskette. In other words, only reporting exactly what you
observed."
PART II: LIABILITY FOR VIRUSES, A NEGLIGENCE STANDARD
. . . Tort and civil liability is rarely discussed in the
context of [computer] viruses since there is a growing body of
criminal law regulating the introduction of them into a system.
The introduction of viruses _may_ allow an injured plaintiff relief
under the tort theories of conversion, trespass and tortious
interference with contractual relations. Tort liability has been
an issue of concern to the managers of computer systems and networks.
The failure of managers to safeguard their systems may lead to
recovery in tort by injured third parties. One suggestion has
been to impose strict legal liability on the producers and vendors
of computer systems, services, networks and software, requiring
adequate safeguards and barriers to be placed to avoid unauthorized
invasions, and to carry adequate insurance should an invasion occur.
This standard may be too demanding since even the best boundaries
of technological protection have proved to be penetrable. A system's
need for the existence of trap doors for programming and debugging
will also be troublesome for managers should a strict liability
standard be implemented. Negligence may be a viable alternative
standard should strict liability be too harsh. A manager's duty to
the system would entail the reasonably prudent selection,
implementation and maintenance of the security provisions of the
system.
Application of negligence principles to the manager would require
her to use reasonable care to secure the system when it is
foreseeable that failure to secure it would result in injury to
foreseeable plaintiffs. A test similar to the one created by Judge
Learned Hand in United States v. Carroll Towing may be a viable
standard in this instance. Since there are times when every
computer system may be infected by a virus, the manager's
duty should be a function of three variables, paraphrased from
Judge Hand's decision in Carroll Towing:
1) the probability of invasion by a virus;
2) the gravity of the resulting injury; and
3) the burden of adequate precautions.
The application of this test may provide a flexible and workable
alternative approach to manager's liability for the failure to
protect the computer system from viruses.
Suggestions for reasonable protection:
1) Limiting computer access by terminated employees, particularly
those who have been subjected to disciplinary action;
2) Requiring a showing of need before allowing any employee to
access system software on multiuser systems;
3) Requiring staff to devote greater attention to monitoring the
use of computer systems and to checking for evidence of unusual
or suspicious activity.
Staff with responsibility for computer systems should be centrally
involved in analyzing these or other protective policies, and
should be given necessary resources to carry out these functions.
_Establishment of Operational Safeguards_
In addition to establishing access restrictions, a number of steps
might be taken to reduce the risks of harm from a computer virus:
1) Installing software programs that keep watch for computer
viruses;
2) Testing software [and storage media] for presence of computer
viruses;
3) Initially installing new software, particularly those of
uncertain origin on an isolated computer system;
4) Immediately investigating unexplained or suspicious activity,
including unauthorized attempts to . . . alter files
5) Immediately removing from computers any software that exhibits
symptoms of possible virus infection;
6) Establishing backup policies designed to assure that clean
copies of uninfected application programs remain available for
a reasonable time;
7) Requiring the grandfathered rotation of backup copies, stored
off-site;
8) Conducting periodic security audits to determine whether
reasonable steps have been taken to assess and counter any
particular virus threat.
LETTERS: READER WONDERS ABOUT CRYPT BY FTP, WELFARE OF SECURITY
BRANCH'S KIM CLANCY; UTR AND MORE AMUSING BUSINESS AT NORMAN DATA
Dear Crypt:
A few months ago, I asked about early issues of Crypt Newsletter.
You said you weren't aware if they were generally available by
anonymous ftp through the Internet. My recent travels took me to
an anonymous ftp site - ftp.fc.net - which has a complete set of
the newsletters under the directory: pub/deadkat/virus/CryPt. I'm
letting you know for informational purposes. You must get requests
for these issues quite often.
I also read your book and found it entertaining as well as
informative. One thing I would find interesting - perhaps in a future
issue - is a follow-up story on Kim Clancy and the bulletin board
system she ran that came under criticism.
---Tom Corrigan
[Crypt responds: Thanks for the tips. Crypt Newsletter gets many
requests for back issues by anonymous ftp and most of them go
unanswered. There are a number of Web pages and Internet sites
with accounts offering Crypt News but they're not listed because
of the frangible nature of so many Internet sites.
In 1992 Crypt Newsletter was distributed by bulletin board system
and I got into the habit of posting telephone numbers in the credits
section of the magazine. However, the numbers were ephemeral, always
changing, and it became pointless to maintain a list.
Today, however - for one time only (or until the topic comes up
again), two spots which offer links to Crypt News are:
http://www.xcitement.com/virus
http://www.io.org/~ronl
Both are clean-looking pages, utterly lacking in pictures of floral
arrangements, furniture, pets, soiled underwear, obscure rock groups,
rubber fetishists or the vain gimmickry and pitiless infomercialism
common to the more garish spots on the Web. These pages exist to
publicize a wide variety of computer virus binary images and source
code. Along with similar spots, the sites infrequently become topics
of discussion in the Usenet's alt.comp.virus newsgroup. If you are
inexperienced in the area or someone new to the Crypt Newsletter,
keep in mind that Internet sites with computer viruses on-line for
FTP or World Wide Web access can sully your image and reputation if
you let slip you fancy them while in conservative company. By nature
they're controversial, which is understating the issue somewhat.
Also, you can't - can't - can't - be infected with computer
viruses by viewing Web pages or ftp directories filled with them.
However, it's possible to become an embarrassment to yourself and
many loved ones if you download computer viruses from the Internet
and deliver them into the hands of incompetents, yourself included.
It's also not impossible to imagine a poor unfortunate scruff so
bereft of good sense and self-control he runs afoul of the law and
becomes the object of a criminal investigation as a result of an
interest in computer viruses. [Nota bene: Crypt Newsletter 32 and
33, "Blewed, screwed and tattoo'd, parts one and two: The sorry
tale of an English virus writer strung up in the Crown Court."]
There's a subtext embedded in the preceding discussion but Crypt News
thinks that, frankly, most of it is lost on the average readership.
As for Kim Clancy, is working for Security Branch of the US Bureau of
Public Debt in Parkersburg, West Virginia. She comments she will
be leaving the department at the end of this month. Clancy also hosts
the Security RoundTable discussion group on Mindvox in New York City.
Congressman (Dem.) Ed Markey, the political nuisance who became
tangentially involved in the AIS scandal, fell on hard times in
1994 when the Republicans rode into town and knocked the Democrats
from power. Markey is now farther from the limelight on information
technology affairs and has had a difficult time living up to the
sobriquet Washingtonian magazine awarded him in 1988: "No. 1 Camera
Hog in Congress." Remember, it was just in an August 1993 issue of
the Los Angeles Times that Telecommunications and Finance
subcommittee Markey-underling Rep. (Dem.) W. J. Tauzin of Louisiana
was claiming "Ed . . . has arrived" and courtier for the entertainment
industry and Motion Picture Association of America president Jack
Valenti burbled "[Markey is presiding] over a sea change in the way
we communicate."
Anyway, Markey - or more likely a staff flunky ghost-writer - has
recently written on atomic bomb technology transfer in "Nuclear
Peril: the Politics of Proliferation." He's also been involved in
hassling the State Department over French overflights of the US by
air transports carrying fissionables for use in the controversial
Pacific test shots. Markey is also working to clean up children's
television programming and involving himself in the Congressional
debate and legislation over obscenity and the Internet. Come to
think of it, Crypt Newsletter believes this is more useful work
than any amount of fiddling with the Internet, BBSes, computer crime
or computer viruses.]
Dear Crypt:
How do I get the Underground Technology Review? I am interested
in making pepper spray and computer viruses.
---Name of young reader withheld for his own benefit
[Crypt responds: Underground Technology Review is no more. UTR
editor Mark Ludwig recently confided that a Norman Data Defense
employee (name withheld to protect job security) called him trying
to secure, scrounge - actually, a complimentary subscription to the
publication. Sadly, for Norman Data, UTR is now discontinued.
As for pepper spray, it's not effective against computer viruses.]
Dear Crypt:
Hi! I am from Cyprus. I want to know if you have the latest version
of Virus Creation Laboratory. I have the 1992 version and I want an
upgrade. Or, if you have another virus creation programme, please
inform me.
---Name of young reader withheld for his own benefit
[Crypt responds: Does this mean you're still deviling the Turks on
the other side of the island?]
CRYPT HYPERBASE
If you're reading this you don't have it. Crypt #34 was also published
as a hypertext/xText reader. It adds hyperlinked cross indices and a
linked glossary, as well as greatly expanded discussion of topics
covered in this edition. The hypertext editions provide a convenient
way to order your library of Crypt Newsletters. With the reader,
it is only necessary to copy the Newsletter database issues - the
files with names like CRYPTxx.XDB - into the same directory as the
reader and go. The reader will provide a pick list of the
collected issues and link through them as they are displayed and read.
CRYPT NEWSLETTER HYPERTEXT DATABASE
The CRYPT NEWSLETTER database is now available as a hypertext
tool. We've collected all the Crypt Newsletters from the
magazine's initial publication in 1992 to the present and
reworked them into a linked, keyworded, annotated hypertext
database.
The database contains not only the best of Crypt Newsletter but
also a great deal of additional material and notes never published
before. Where appropriate, additions have also been made to old
issues and articles to provide current perspective and background.
The database also contains a keyworded glossary and extensive
subject index spanning the length and breadth of the newsletter.
In the database you'll find comprehensive stories and news on:
� the computer virus underground and virus-writers
� the anti-virus industry
� on-line culture and sociology
� the secret government within the military industrial complex
� anti-virus software reviews
� book reviews of current titles in security
� annals of computer crime & computer virus spread
� discussion of legal issues with regard to computer viruses and
related computer crime
� review of the mainstream media: the shams and scams reported as
real news. Take a clear-eyed, skeptic's look at the information
highway!
And there's much more, all delivered in the acerbic, to-the-point
style used by the Crypt Newsletter.
The Crypt Newsletter database is also extensible. Future hypertext
issues can easily be copied to the database's directory on your
home computer and be seamlessly integrated into the collection.
The Crypt Newsletter hypertext database can be purchased
for $60, plus $1.50 shipping and handling. Overseas customers
add $6.50 for shipping and handling.
Checks or money orders should be made payable to:
George Smith, Editor
Send to: Crypt Newsletter
1635 Wagner St.
Pasadena, CA 91106
USA
Remember to include your current mailing address with purchase.
REACHING CRYPT NEWSLETTER
Send software, books, or public-relations phlogiston for review
and consideration to:
Crypt Newsletter
1635 Wagner St.
Pasadena, CA 91106
Alternatively: public relations phlogiston may be e-mailed:
crypt@sun.soci.niu.edu or 70743.1711@compuserve.com
Phones: 818-568-1748
CRYPT ON COMPUSERVE
Those readers with accounts on Compuserve can now take part in the
dedicated Crypt Newsletter message base and attached file library in
the National Computer Security Association special interest group.
GO NCSAFORUM and look for message base #20, Crypt Newsletter.
Current issues are on-line in the attached file library.
CRYPT NEWSLETTER WORLD WIDE WEB HOME PAGE
You can visit Crypt & The Virus Creation Labs on the
World Wide Web, download back issues and sample a chapter
from VCL!
Set your graphical browser (Mosaic, Netscape, etc.) to:
URL: http://www.soci.niu.edu/~crypt
ACKNOWLEDGEMENTS - In one way or another, this issue couldn't
be the scintillating read it is without:
Bob Casas, Ph.D., of CPC Ltd.(COMSEC), Glenview, Illinois, for
hypertext & hyperlinks prodding; Roger Thompson of Thompson
Network Software, Marietta, Georgia, for sundries; Steven
Aftergood of the Federation of American Scientists, Washington,
D.C., for keeping Urnst, the cat, in good reading material with
those timely FAS reports; Dave Kennedy of NCSA for consumer
alerts.
----------------------------------------------------------------
If you quite enjoy the Crypt Newsletter, editor George Smith's book,
The Virus Creation Labs: A Journey Into the Underground," will
really flip your wig. In it Smith unravels the intrigue behind
virus writers and their scourges, the anti-virus software
developers and security consultants on the information highway.
What readers are saying about THE VIRUS CREATION LABS:
"[VIRUS CREATION LABS] is informative and stunningly
incisive . . . "
---Secure Computing, October 1995
"George Smith . . . takes a look at the world of virus writers
and anti-virus software vendors in a style similar to that
of 'Cyberpunks' -- anecdotal, humorous and revealing . . . a
lucid and entertaining read."
---Computer Security Journal
"Heavens - I don't think I've had as hysterically funny a read
in MONTHS! The politics of the anti-virus field is at
least as back-biting and insane as the virus writing field, if not
more. You really probably have no idea exactly how 'corrupt,
corroded and tangled' the anti-virus field really
was . . . *chuckle* . . . Anyhow, I just thought I'd write to you
to express my appreciation, as an ex-member of that 'long chain
of cheats, hypocrites and fools' for a hysterically funny look
into the 'underground' that produced the code we had so much
fun - and really we DID, especially in the early
days - reverse engineering and countering."
---an ex-McAfee Associates employee
"There are relatively few books on the 'computer underground' that
provide richly descriptive commentary and analysis of personalities
and culture that simultaneously grab the reader with entertaining
prose. Among the classics are Cliff Stoll's 'The Cuckoo's Egg,'
Katie Hafner and John Markoff's 'Cyberpunk,' and Bruce
Sterling's 'The Hacker Crackdown.' Add George Smith's
'The Virus Creation Labs' to the list . . . 'Virus Creation
Labs' is about viruses as M*A*S*H is about war!"
---Jim Thomas, Computer underground
Digest 7.18, March 5, 1995
"THE VIRUS CREATION LABS dives into the hoopla of the Michelangelo
media blitz and moves on to become an engaging, articulate,
wildly angry diatribe on the world of computer virus writers . . .
Expert reporting."
----McClatchy NewsWire
-------------------------order form-------------------------
Yes, I want my wig flipped and wish to receive a copy of George
Smith's "The Virus Creation Labs: A Journey Into the Underground"
(American Eagle, ISBN 0-929408-09-8).
Price: $12.95/copy plus $2.50 shipping per book (add $7.50 overseas)
NAME: _____________________________________________
ADDRESS: __________________________________________
CITY/STATE/ZIP: __________________________________
Payment method:
___ Master Charge
___ Money Order
___ Check
___ Visa
Credit Card # ___________________________________________
Expiration date _________________________________________
Name: ____________________________
Orders can be taken by voice or fax through regular phone
number and/or 1-800 number in USA. COD welcome.
American Eagle: 1-800-719-4957
1-602-367-1621
POB 1507
Show Low, AZ 85901
-------------------------------------------------------------
George Smith, Ph.D., edits the Crypt Newsletter. Media critic
Andy Lopez lives in Columbia, SC.
copyright 1995 Crypt Newsletter. All rights reserved.