106 lines
5.6 KiB
Plaintext
106 lines
5.6 KiB
Plaintext
|
|
Columbus Day Virus: Press Release (21)
|
|
|
|
|
|
FOR IMMEDIATE RELEASE: Jan Kosko
|
|
Sept. 22, 1989 301/975-2762
|
|
|
|
TN-XXXX
|
|
|
|
|
|
COMPUTER SECURITY EXPERTS ADVISE STEPS
|
|
TO REDUCE THE RISK OF VIRUS ATTACKS
|
|
|
|
To reduce the risk of damage from potentially serious
|
|
computer viruses, including one called "Columbus Day," experts at
|
|
the National Institute of Standards and Technology (NIST), the
|
|
National Computer Security Center (NCSC), and the Software
|
|
Engineering Institute (SEI) are recommending several measures plus
|
|
commonsense computing practices.
|
|
"This advice is being offered to encourage effective yet calm
|
|
response to recent reports of a new variety of computer virus,"
|
|
says Dennis Steinauer, manager of the computer security management
|
|
and evaluation group at NIST.
|
|
While incidents of malicious software attacks are relatively
|
|
few, they have been increasing. Most recently, a potentially
|
|
serious personal computer virus has been reported. The virus is
|
|
known by several names, including "Columbus Day," Datacrime and
|
|
"Friday the 13th." In infected machines it is designed to attack
|
|
the hard-disk data-storage devices of IBM-compatible personal
|
|
computers on or after October 13. The virus is designed to
|
|
destroy disk file directory information, making the disk's
|
|
contents inaccessible. (A fact sheet on this virus is attached
|
|
and includes precautionary measures to help prevent damage.)
|
|
While the Columbus Day virus has been identified in both the
|
|
United States and Europe, there is no evidence that it has spread
|
|
extensively in this country or that it is inherently any more
|
|
threatening than other viruses, say the computer security experts.
|
|
"Computer virus" is a term often used to indicate any self-
|
|
replicating software that can, under certain circumstances,
|
|
destroy information in computers or disrupt networks. Other
|
|
examples of malicious software are "Trojan horses" and "network
|
|
worms." Viruses can spread quickly and can cause extensive
|
|
damage. They pose a larger risk for personal computers which tend
|
|
to have fewer protection features and are often used by non-
|
|
technically-oriented people. Viruses often are written to
|
|
masquerade as useful programs so that users are duped into copying
|
|
them and sharing them with friends and work colleagues.
|
|
Routinely using good computing practices can reduce the
|
|
likelihood of contracting and spreading any virus and can minimize
|
|
its effects if one does strike. Advice from the experts includes:
|
|
* Make frequent backups of your data, and keep several
|
|
versions.
|
|
* Use only software obtained from reputable and reliable
|
|
sources. Be very cautious of software from public sources,
|
|
such as software bulletin boards, or sent across personal
|
|
computer networks.
|
|
* Don't let others use your computer without your consent.
|
|
* Use care when exchanging software between computers at work
|
|
or between your home computer and your office computer.
|
|
* Back up new software immediately after installation and use
|
|
the backup copy whenever you need to restore. Retain
|
|
original distribution diskettes in a safe location.
|
|
* Learn about your computer and the software you use and be
|
|
able to distinguish between normal and abnormal system
|
|
activity.
|
|
* If you suspect your system contains a virus, stop using it
|
|
and get assistance from a knowledgeable individual.
|
|
In general, educating users is one of the best, most cost-
|
|
effective steps to take, says Steinauer. Users should know about
|
|
malicious software in general and the risks that it poses, how to
|
|
use technical controls, monitor their systems and software for
|
|
abnormal activity, and what to do to contain a problem or recover
|
|
from an attack. "An educated user is the best defense most
|
|
organizations have," he says.
|
|
A number of commercial organizations sell software or
|
|
services that may help detect or remove some types of viruses,
|
|
including the Columbus Day virus. But, says Steinauer, there are
|
|
many types of viruses, and new ones can appear at any time. "No
|
|
product can guarantee to identify all viruses," he adds.
|
|
To help deal with various types of computer security threats,
|
|
including malicious software, NIST and others are forming a
|
|
network of computer security response and information centers.
|
|
These centers are being modeled after the SEI's Computer Emergency
|
|
Response Team Coordination Center, often called CERT, established
|
|
by the Defense Advanced Research Projects Agency (DARPA). The
|
|
centers will serve as sources of information and guidance on
|
|
viruses and related threats and will respond to computer security
|
|
incidents.
|
|
In addition, NIST recently has issued guidelines for
|
|
controlling viruses in various computer environments including
|
|
personal computers and networks.
|
|
NIST develops security standards for federal agencies and
|
|
security guidelines for unclassified computer systems. NCSC, a
|
|
component of the National Security Agency, develops guidelines for
|
|
protecting classified (national security) systems. SEI, a
|
|
research organization funded by DARPA, is located at Carnegie
|
|
Mellon University in Pittsburgh.
|
|
|
|
|
|
NOTE: Computer Viruses and Related Threats: A Management Guide
|
|
(NIST Special Publication 500-166) is available from
|
|
Superintendent of Documents, U.S. Government Printing Office,
|
|
Washington, D.C. 20402. Order by stock no. 003-003-02955-6 for
|
|
$2.50 prepaid. Editors and reporters can get a copy from the NIST
|
|
Public Information Division, 301/975-2762.
|