MEMOIR3.CVP 921214 Memoirs of an (untrustworthy) virus researcher I had been involved with a three day data communications course. These types of seminars are generally pretty intense. At the end of the thrid day, the other instructor and I were "winding down", when one of the hotel pages showed up with a message for me. Unusually, this course was in my home town. The message was from my wife, and, to make a long story fit into the restraints I place on this column, she was passing along an emergency message. One of the financial institutions in town had been hit by a virus. In a panic, they had phoned the sysop of a board that I supported. The sysop, at the insistence of the bank, phoned my home. My wife, at the insistence of the bank, called the hotel. (This may seem like window dressing, but the insistence of the bank does form an important part of this story.) Those of you who have been in this position know that "virus attacks" usually don't involve viral programs. They are far more likely to involve things like power cords, diskettes that have been stapled to folders and disk caching programs. In addition, it was the end of a long, hard three days. But, when the call goes out, you heed the call, right? I phoned the contact at the bank. To my surprise, the contact was fairly knowledgeable about computers. Even better, careful note had been taken of all the untoward activity. It certainly sounded viral-like. What was more, it was a completely unknown virus behaviour, seemingly circumventing the security of a certain LAN OS (whom we know but do not name). All of this took only about ten minutes to ascertain. Having discussed all this at length, I stated that I concurred that this was a viral occurrence. However, given that it was unknown, I could not proceed any farther until I actually got to their site and ran further tests. At this point, we hit a snag. "Oh, no" she said. "You can't come down here. It would violate our security." I must have misheard. Their security was already compromised, was it not? Yes it was, she confirmed. To a sufficient degree that she had pestered my friends, colleagues and family until she got me? Yes. And we had determined that this beast was exhibiting viral behaviour, but was an unknown quantity. Yes. Yet the bank, having determined that it had a significant yet unknown virus loose in their LAN, would not allow the expert they had called upon into the data centre (for the purpose of dealing with said problem) because the entry of the security consultant would constitute a security risk? Yes. In other words, their security was broken, but they wouldn't let me fix it because that violate their security. Exactly. There was, of course, only one thing to say. "Good luck." copyright Robert M. Slade, 1992 MEMORI3.CVP 921214 ============== Vancouver ROBERTS@decus.ca | Ceterum Institute for Robert_Slade@sfu.ca | censeo Research into rslade@cue.bc.ca | Datapac User p1@CyberStore.ca | delendam Security Canada V7K 2G6 | esse