VMS Virus

VMS Virus

Post by Ron » Sat, 20 Apr 1996 04:00:00



okay, lets take it one step further for the faint at heart.
if one decided to write a "VMS virus" what is the definition?
me thinx i remember somewhere that tampering with One system does
not qualify a program as a virus. For that definition, the program
would also have to "spread" unto other VMS systems, or if possible
other platforms entirely. So what would it have to do? i suppose
it would mail itself (/foreign i spect) to various systems and
it would go around and look up the most active email accounts of
system admins, then using those account names as a "From" line in
email, send email to other "looked up" programmers addresses, and
include in the body of the message: Bill- Please install the XYZ.EXE
program before you leave tonight, and be sure to give it a startup
command in systartup, and btw, we need to reboot..... <grin>....
if you write it, please give it the appropriate name of "manually
operated virii". heh heh...

and btw:

Quote:>> One of our PC-oriented managers has suddenly found out that we use non-PC
>> computers running VMS and has demanded what we install anti-virus software. I

here is what you "REALLY" need:

edit systartup and add the following lines of code somewhere near the
top:

$ WRITE SYS$OUTPUT "INSTALLING VMS VIRUS ALERT SOFTWARE AT ''F$TIME()'"
$ WAIT 00:00:03
$ WRITE SYS$OUTPUT -
    "%RUN-S-PROC_ID, identification of created process is 2121354A"
$ WRITE SYS$OUTPUT "AntiVirus scanning daemons successfully detached."

then invite the guy to witness your reboot. His ignorance speaks for itself.

R_Rockwell, UMKC/ACS;

**************************< Reply Separator >*********************************



CC:    
Subj:   Re: VMS Virus


Subject: Re: VMS Virus
Date: 20 Apr 1996 01:58:08 GMT





>> Apologies if this has been asked before or if this is in the FAQ.

>> One of our PC-oriented managers has suddenly found out that we use non-PC
>> computers running VMS and has demanded what we install anti-virus software. I
>> have informed him that I do not think such software is available - at least
>> like the PC variety - and that the nature of VMS makes the liklihood of a
>> PC-style virus very unlikely.

>I wonder if there is any particular virus they have in mind?

>Let us suppose that for every Vax or Alpha that contracts a virus there are
>10,000 PCs affected, have they done a cost/benefit analysis on the time needed
>to investigate this?

>I'm not suggesting a virus will never attack your particular system, but I
>cannot recall "Vax Virus alert" exactly dominating this news group/mailing
>list.

>I use an Amiga at home, many of the more professionally produced software
>archives on the internet are PGP signed for verification. I've not come across
>that yet on the odd bits of VMS software I've obtained. It might be nice to see
>this sort of measure become more commonplace to reduce any fears.

The worst kind of fears come from people who are ignorant (I use the word
"ignorant" in it's pure sense and not in a demeaning way).  The problem
here is the supposition by the PC-oriented manager that viruses are
common-place in the VMS world as they are in the PC world.  Even reading
this gets under my skin.

That's not to say that a VMS virus is not possible.  (And Carl Lydick
*swears* they exist -- maybe he's seen one?)  But I have never encountered
one nor encountered another VMSer (other than Carl) that has either.

At any rate, the whole issue is way outside the bounds of where it lies
with PCs.  Tell him VMS has built-in virus protection...  ("The only virus
I see is your PC mentality and as soon as the door swings shut behind you,
consider this machine vaccinated...").

Chris

--
Chris Olive
...VMS is *still* BLISS...

 
 
 

VMS Virus

Post by Arne Vajhoe » Sun, 21 Apr 1996 04:00:00


Quote:> okay, lets take it one step further for the faint at heart.
> if one decided to write a "VMS virus" what is the definition?
> me thinx i remember somewhere that tampering with One system does
> not qualify a program as a virus. For that definition, the program
> would also have to "spread" unto other VMS systems, or if possible
> other platforms entirely. So what would it have to do?

Some DCL code that could be insreted in COM-files and when it ran
infected all other COM-files is has write access to would be a virus.
Due to DCL's readablity it would be easy to spot that one.

It would be much more difficult to fix an EXE-file to infect other
EXE-files. But ofcourse it could be done.

                                                          Arne

Arne Vajh?j                             local DECNET:  KOPC::ARNE
Computer Department                     PSI:           PSI%23831001354030::ARNE

                WWW URL: http://www.hhs.dk/~arne/arne.html

 
 
 

VMS Virus

Post by System Manag » Mon, 22 Apr 1996 04:00:00


: > okay, lets take it one step further for the faint at heart.
: > if one decided to write a "VMS virus" what is the definition?
: > me thinx i remember somewhere that tampering with One system does
: > not qualify a program as a virus. For that definition, the program
: > would also have to "spread" unto other VMS systems, or if possible
: > other platforms entirely. So what would it have to do?

: Some DCL code that could be insreted in COM-files and when it ran
: infected all other COM-files is has write access to would be a virus.
: Due to DCL's readablity it would be easy to spot that one.

: It would be much more difficult to fix an EXE-file to infect other
: EXE-files. But ofcourse it could be done.

Or hide the virus code in the unused portions of PSECTs; if more code
space required, just increase the number of bad disk blocks accordingly.

These were a few ideas from Charles Sandmann, who was describing how
a VMS virus could be created.

--Jerry,

Gerald (Jerry) R. Leslie    Aspen Technology, Inc. (my opinions are my own)

 
 
 

VMS Virus

Post by <Tack-Kok... » Tue, 23 Apr 1996 04:00:00


     Hi everyone,
        I'm a fresh graduate with 7 months working experience in OVMS.
     From what I understand about this OS is that whatever the virus is, it
     can only be as powerful as the accounts that runs it.  That is to say,
     whatever the virus can do, you can do it manually too.  And the OS is
     pretty secure from tampering.  The only thing I can think of is that
     the virus program might be intelligent enough to probe the security of
     the system.  But again, these attempts will not escape the eyes of an
     alert administrator.
        I wonder why Unix is more prone to viral attack ...could it be that
     it's OS source is open for modification ??

     cheers,
     peter :)

______________________________ Reply Separator _________________________________
Subject: re: [lord knows] Re: VMS Virus

Date:    20/4/96 12:01 PM

okay, lets take it one step further for the faint at heart.
if one decided to write a "VMS virus" what is the definition?
me thinx i remember somewhere that tampering with One system does
not qualify a program as a virus. For that definition, the program
would also have to "spread" unto other VMS systems, or if possible
other platforms entirely. So what would it have to do? i suppose
it would mail itself (/foreign i spect) to various systems and
it would go around and look up the most active email accounts of
system admins, then using those account names as a "From" line in
email, send email to other "looked up" programmers addresses, and
include in the body of the message: Bill- Please install the XYZ.EXE
program before you leave tonight, and be sure to give it a startup
command in systartup, and btw, we need to reboot..... <grin>....
if you write it, please give it the appropriate name of "manually
operated virii". heh heh...

and btw:

Quote:>> One of our PC-oriented managers has suddenly found out that we use non-PC
>> computers running VMS and has demanded what we install anti-virus software. I

here is what you "REALLY" need:

edit systartup and add the following lines of code somewhere near the
top:

$ WRITE SYS$OUTPUT "INSTALLING VMS VIRUS ALERT SOFTWARE AT ''F$TIME()'"
$ WAIT 00:00:03
$ WRITE SYS$OUTPUT -
    "%RUN-S-PROC_ID, identification of created process is 2121354A"
$ WRITE SYS$OUTPUT "AntiVirus scanning daemons successfully detached."

then invite the guy to witness your reboot. His ignorance speaks for itself.

R_Rockwell, UMKC/ACS;

**************************< Reply Separator >*********************************



CC:    
Subj:   Re: VMS Virus


Subject: Re: VMS Virus
Date: 20 Apr 1996 01:58:08 GMT





>> Apologies if this has been asked before or if this is in the FAQ.

>> One of our PC-oriented managers has suddenly found out that we use non-PC
>> computers running VMS and has demanded what we install anti-virus software. I
>> have informed him that I do not think such software is available - at least
>> like the PC variety - and that the nature of VMS makes the liklihood of a
>> PC-style virus very unlikely.

>I wonder if there is any particular virus they have in mind?

>Let us suppose that for every Vax or Alpha that contracts a virus there are
>10,000 PCs affected, have they done a cost/benefit analysis on the time needed
>to investigate this?

>I'm not suggesting a virus will never attack your particular system, but I
>cannot recall "Vax Virus alert" exactly dominating this news group/mailing
>list.

>I use an Amiga at home, many of the more professionally produced software
>archives on the internet are PGP signed for verification. I've not come across
>that yet on the odd bits of VMS software I've obtained. It might be nice to see
>this sort of measure become more commonplace to reduce any fears.

The worst kind of fears come from people who are ignorant (I use the word
"ignorant" in it's pure sense and not in a demeaning way).  The problem
here is the supposition by the PC-oriented manager that viruses are
common-place in the VMS world as they are in the PC world.  Even reading
this gets under my skin.

That's not to say that a VMS virus is not possible.  (And Carl Lydick
*swears* they exist -- maybe he's seen one?)  But I have never encountered
one nor encountered another VMSer (other than Carl) that has either.

At any rate, the whole issue is way outside the bounds of where it lies
with PCs.  Tell him VMS has built-in virus protection...  ("The only virus
I see is your PC mentality and as soon as the door swings shut behind you,
consider this machine vaccinated...").

Chris

--
Chris Olive
...VMS is *still* BLISS...

 
 
 

VMS Virus

Post by Christian Knapmey » Tue, 23 Apr 1996 04:00:00


  >      Hi everyone,
  >         I'm a fresh graduate with 7 months working experience in OVMS.
  >      From what I understand about this OS is that whatever the virus is, it
  >      can only be as powerful as the accounts that runs it.  That is to say,
  >      whatever the virus can do, you can do it manually too.  And the OS is
  >      pretty secure from tampering.

That's correct. You could only infect your own executables (or the ones
that are open for writing). Would be an interesting experience, but
fortunately only for yourself.

  >                                    The only thing I can think of is that
  >      the virus program might be intelligent enough to probe the security of
  >      the system.  But again, these attempts will not escape the eyes of an
  >      alert administrator.

Like SATAN does?

  >         I wonder why Unix is more prone to viral attack ...could it be that
  >      it's OS source is open for modification ??
  >      
  >      cheers,
  >      peter :)
  >

Viruses on Unix are as seldom and * as on VMS. Your statements
for VMS are true for Unix, too: it can only be as powerful as the account
it runs on. And it could only infect the executables on which
you've write permission.

The OS source isn't open for modification, and being able to read it doesn't
mean being able to recompile the kernel. It's only open for reading
and finding hairy bugs and exploiting these...

Greetings,
  Christian.

--
 ----------------------------------------------------------------------------

  TecMath GmbH                          Voice: 06301/606-0  Fax: 06301/606-66
  Sauerwiesen 2                         Face : Room 115
  67661 Kaiserslautern, Germany         Disclaimer: as usual
 ---------- press any key to continue. press any other key to quit.----------

 
 
 

VMS Virus

Post by Carl J Lydi » Tue, 23 Apr 1996 04:00:00


=okay, lets take it one step further for the faint at heart.
=if one decided to write a "VMS virus" what is the definition?
=me thinx i remember somewhere that tampering with One system does
=not qualify a program as a virus. For that definition, the program
=would also have to "spread" unto other VMS systems,

Not true.  For it to be a virus, it must simply infect other files.  Those
files need not be on other systems.
--------------------------------------------------------------------------------

Disclaimer:  Hey, I understand VAXen and VMS.  That's what I get paid for.  My
understanding of astronomy is purely at the amateur level (or below).  So
unless what I'm saying is directly related to VAX/VMS, don't hold me or my
organization responsible for it.  If it IS related to VAX/VMS, you can try to
hold me responsible for it, but my organization had nothing to do with it.

 
 
 

VMS Virus

Post by Michael Moron » Tue, 23 Apr 1996 04:00:00




> okay, lets take it one step further for the faint at heart.
> if one decided to write a "VMS virus" what is the definition?

Well lots of people will call almost every bit of malicious software that can
"infect" a system a "virus" but really a virus is really just a subset. If you
think how real viruses work, they're not themselves living creatures but are
just some DNA and some protein that tricks other cells to reproduce them along
with some bad side effects.  A (true) computer virus gets right into the
executive of the operating and sort of becoming part of the operating system.
VMS viruses of this sort are rare/nonexistant since the operating system itself
and the files it resides on are protected from nonprivileged users.  On VMS
a true virus would affect the system as a whole and not just one user.

I suppose that a program that 'infected' a single user file and affected that
(nonprivileged) user only could also be a virus.  This is a gray area since
in the PC area there is no line between the user and the system, a PC is a
single user system (barring a Linux, etc. OS)

A "trojan horse" is a type of program that claims to be one thing but really
would do something else, and you have to trick the target to run it.  Such as
creating a file REALLY_GREAT_GAME.EXE where the victim is likely to find it and
try to run it, and when run the program would do something in addition to
playing the game, such as copy private email to some location where the
creator could peruse them, or just deleting files or something.

A "worm" is a program that does something and copies itself to another computer
on a network where it activates itself there, and it does its * and copies
itself elsewhere and...  I've seen one of these on VMS using the DECnet TASK
object which allows random DCL files to be activated.  Since then the default
has been tightened up so that one can no longer copy a random .COM file to a
node and then activate the file on that node using the default decnet account.

I have seen a program that sort of resembled a VMS virus.  This was back in
the VAXstation II days, and only ran on the 2 plane VWS black&white systems.
It loaded "something" into pool somewhere so that every few minutes a large
"cockroach" ran across the screen.  It was otherwise harmless.  There was no
evidence of it between "roaches", although if you happened to catch it when
the "roach" was running you could see a "Cockroach!" process.  It needed heavy
privileges to load.  It did not attempt to propogate itself so never was a
true virus.

Quote:> So what would it have to do? i suppose
> it would mail itself (/foreign i spect) to various systems and
> it would go around and look up the most active email accounts of
> system admins, then using those account names as a "From" line in
> email, send email to other "looked up" programmers addresses, and
> include in the body of the message: Bill- Please install the XYZ.EXE
> program before you leave tonight, and be sure to give it a startup
> command in systartup, and btw, we need to reboot..... <grin>....
> if you write it, please give it the appropriate name of "manually
> operated virii". heh heh...

This is a trojan horse since it's manually activated although it could be
a sort of virus if, once installed, it infested the operating system itself.
It could also be wormish if it tried to do this trick across the net onto
other systems.

-Mike

 
 
 

VMS Virus

Post by Dave Howe » Wed, 24 Apr 1996 04:00:00


Has anybody seen a book called "Hitchhiker's Guide to VMS" ?

There are some quasi-viral things in there, I think.  It mentions gaining
access to higher modes of operation (e.g. user to executive), and I think
there's even a few bits about riding in someone else's process space.

I haven't seen it in a long time, but from what I remember of this book, if you
wanted to mess up a VMS system or network, you could manage to do this from the
material in this book.

The whole premise of the book is that a user wanted revenge on the system
manager, then found a 'book' that told him how to do it...

Dave H

I must study politics and war, that my sons may have leave
to study mathematics and philosophy.  My sons ought to study
mathematics and philosophy, natural history and naval
architecture, navigation, commerce, and agriculture, in order
to give their children a right to study painting, poetry,
music, architecture, statuary, tapestry, and porcelain.
                                      -- John Adams

 
 
 

VMS Virus

Post by Robert Koehl » Wed, 24 Apr 1996 04:00:00


: Has anybody seen a book called "Hitchhiker's Guide to VMS" ?

As anyone who has read and understood that book knows, nothing it contains
changes the fact that one must first gain privileged access.  Not necessary
in the desktop worlds of DOS and MAC.

------------------------------------------------------------------------------
Bob Koehler                     | CSC/SSD/MITG

 
 
 

VMS Virus

Post by Martin Hoogenboo » Wed, 24 Apr 1996 04:00:00



Quote:> Has anybody seen a book called "Hitchhiker's Guide to VMS" ?

Sounds like a book I'd like to read, can anyone help me to more
information about it, ? Author, ISBN number ?

Regards,
Martin Hoogenboom

 
 
 

VMS Virus

Post by t.w.ogletre » Thu, 25 Apr 1996 04:00:00



> Has anybody seen a book called "Hitchhiker's Guide to VMS" ?

> There are some quasi-viral things in there, I think.  It mentions gaining
> access to higher modes of operation (e.g. user to executive), and I think
> there's even a few bits about riding in someone else's process space.

> I haven't seen it in a long time, but from what I remember of this book, if you
> wanted to mess up a VMS system or network, you could manage to do this from the
> material in this book.

> The whole premise of the book is that a user wanted revenge on the system
> manager, then found a 'book' that told him how to do it...

> Dave H

> I must study politics and war, that my sons may have leave
> to study mathematics and philosophy.  My sons ought to study
> mathematics and philosophy, natural history and naval
> architecture, navigation, commerce, and agriculture, in order
> to give their children a right to study painting, poetry,
> music, architecture, statuary, tapestry, and porcelain.
>                                       -- John Adams

If I recall correctly the Hitchhiker's Guide came from one of
the DEC trade magazines (was it Digital Review?) and was a
regular column, then a book. It wasn't written for hackers,
etc., but tohelp system managers, etc., understand the innards
of their systems better.

t.w.ogletree
http://www.twoinc.com


 
 
 

VMS Virus

Post by Uwe Leinberger GSI Darmsta » Thu, 25 Apr 1996 04:00:00



> Has anybody seen a book called "Hitchhiker's Guide to VMS" ?

Hmm...this sounds like a nice piece missing in the small free upper left
corner of my white wall :-)

Anybody knows bibliographic details ?

Editor, Publisher, ISBN??

Thanks

Uwe

 
 
 

VMS Virus

Post by Dave Howe » Thu, 25 Apr 1996 04:00:00




>> Has anybody seen a book called "Hitchhiker's Guide to VMS" ?

>If I recall correctly the Hitchhiker's Guide came from one of
>the DEC trade magazines (was it Digital Review?) and was a
>regular column, then a book. It wasn't written for hackers,
>etc., but tohelp system managers, etc., understand the innards
>of their systems better.
>t.w.ogletree
>http://www.veryComputer.com/



The verstion I saw is indeed a book, on the shelf at Micro Center at the
intersection of Nutley and Lee Highway, Merrifield, *ia.

The book begins with Billy, PO'd at his system manager, thinking he's
incompetent and that Billy can do his job MUCH better, so he finds the Guide,
who teaches him how to take over the host processor, and hide his tracks, in
order to make the sysman look bad...and that's just the first chapter!

I am going to buy this book today, because you never need a book like this
until you need one badly...;-)

BTW, to those out there who asked, Jackie (my wife) and our new baby Caitlin
Marie, are home from the hospital and doing fine...

Cheers,

Dave H

I must study politics and war, that my sons may have leave
to study mathematics and philosophy.  My sons ought to study
mathematics and philosophy, natural history and naval
architecture, navigation, commerce, and agriculture, in order
to give their children a right to study painting, poetry,
music, architecture, statuary, tapestry, and porcelain.
                                      -- John Adams

 
 
 

VMS Virus

Post by ch.. » Thu, 25 Apr 1996 04:00:00


Quote:>Has anybody seen a book called "Hitchhiker's Guide to VMS" ?

Articles were published in DEC Professional or somewhere I think. I didn't know
there was a book.

Quote:>There are some quasi-viral things in there, I think.  It mentions gaining
>access to higher modes of operation (e.g. user to executive), and I think
>there's even a few bits about riding in someone else's process space.

>I haven't seen it in a long time, but from what I remember of this book, if you
>wanted to mess up a VMS system or network, you could manage to do this from the
>material in this book.

>The whole premise of the book is that a user wanted revenge on the system
>manager, then found a 'book' that told him how to do it...

It was by Bruce Ellis - a very knowledgeable (and so far as I know,
responsible) VMS guy, who used to lecture at DECUS UK conferences. The articles
weren't that irresponsible, just a light-hearted look at how to fiddle with the
internals. It was entertaining, educational, and picked up where "Advanced VMS
Internals" left off.

One useful thing I recall was adjusting process quotas on a per-machine basis
in a cluster with a common SYSUAF, to take account of different memory sizes,
etc - constructive rather than destructive fiddling.

It didn't publish any security holes as I recall - you needed privs to use the
code he provided. Most of us could probably do pretty destructive things to a
VMS system given CMEXEC priv or whatever - it doesn't actually take much
ingenuity.

Regards, Chris Sharman

 
 
 

VMS Virus

Post by kari » Fri, 26 Apr 1996 04:00:00




> > Has anybody seen a book called "Hitchhiker's Guide to VMS" ?

> Sounds like a book I'd like to read, can anyone help me to more
> information about it, ? Author, ISBN number ?

> Regards,
> Martin Hoogenboom


My 1990 copy is called "The Hitchhiker's Guide to VMS", An Unsupported,
Undocumented, Can-Go-Away-At-Any-Time Feature of VMS by Bruce Ellis.
ISBN 1-878956-00-0
Professional Press Books
101 Witmer Road
Horsham, PA 19044
(215) 957-1500  FAX (215) 957-1050

Recommended.
--
Kari Nousiainen                 Disclaimer:

"Life's too short for arguing - much."

 
 
 

1. Question on VMS Virus

I have never heard of a system running OpenVMS to obtain a virus, but
recently we found that a NT Server which provides a software link to 1
of our servers had many virus's on it.

Is there software I can obtain to check for virus's on my alpha
servers or should I not worry about it.

If so the companies name or homepage would be greatly appreciated.

Thanks,

Shawn

2. Screensaver src & Ms Win SDK 3.1

3. VMS virus ?

4. comp.sys.3b1 FAQ part1

5. VMS Virus (thanks)

6. FS: Printed Fred Fish Index

7. VMS virus killer

8. Really weird NAT problem...

9. VAX/VMS virus?

10. VMS Virus

11. Antigen Notification:Antigen found VIRUS= JS/Loop (NAI) virus

12. Bugbear virus - this dog don't hunt on VMS!

13. Do viruses exist on VMS?