VULNERABILITIES MEETING
April 26, 1999
4:00 – 5:00pm
3085 ENG II
In attendance:
Matt Bishop (MB), Tuomas Aura (TA), Keith Herold (KH), Lauren and Charlie
TOPICS
- 
Symbolic Links
- 
Melissa Virus
- 
Dissecting Melissa
- 
How do you stop a virus like Melissa?
- 
Other virus and/or Hoaxes
- 
How do you register software code in practice?
Next Meeting Topics
- 
Symbolic Links
- 
In progress
- 
Melissa Virus
- 
Question of scale, target
- 
Ethics of allowing virus to be downloadable off the internet.
- 
Three of the largest anti-virus groups have a policy regarding release
of virus code
- 
They can't publish any part of a virus or the virus itself
- 
Exchange…
- 
Ostracize people who publish the code.
- 
Dissecting Melissa
- 
Checks to keys in registries
- 
Looks to see if Melissa is already installed
- 
Looks for Microsoft Outlook
- 
Disconnects, installs Melissa key - appears to work only once on system
- 
Infection phase - template and active documents
- 
Infects every open document with a macro
- 
How do you stop a virus like Melissa?
- 
Disable macros
- 
Create sandbox around virus
- 
Password protect macros
- 
Do not allow macros to alter other macros (Karger's scheme) - should work
for Word, not for Excel?
- 
TA: Makes it more difficult, but still possible. Must create file from
scratch or rename it.
- 
Integrity checking
- 
List of allowed macros
- 
Modify macro with another macro
- 
Other Virus and/or Hoaxes
- 
Other hoaxes
- 
ZD net hoax - PC has built in microphones that are always on. If you are
connected to the internet, they could theoretically record what you say.
- 
Similar problems with camera that can't be disconnected.
- 
FrameMaker
- 
Competitor name "Interleaf" changed to "FrameMaker"
- 
Adobe Acrobat 4.0
- 
Anti-virus company claimed there was a virus on the distribution disk -
later proved false.
- 
There was a sequence code that matched a known virus signature
- 
How do you register software code in practice?
- 
Can't install any software
- 
Have a separate production and installation mode (Separation of duty principle)
- 
Work in a controlled environment
- 
Ultimately, you rely on the user to know the machine
- 
Problems with installing software from the browser.
- 
Next Meeting Topics
- 
State of the Vulnerabilities Database
- 
Signatures of Vulnerabilities/Attack Tools
- 
Language to represent signature of attack tools
- 
Look at similarities with CIDF