Upload
keith-jackson
View
212
Download
0
Embed Size (px)
Citation preview
Vol. 11, No. 4, Page 16
-
-
-
*
*
*
-
*
h
*
*
*
inadequate system documentation
high staff turnover/poor staff morale
inadequate contracts with suppliers in respect of:
maintenance
off-site storage
hot stand-by
‘unbalanced’ computer systems:
too many hardware suppliers
poor IT planning
under-specified systems
poor PC controls
inadequate comms planning
Concluding the underwriter’s report
Underwriters expect surveyors to make predictions of how much certain types of disaster will cost them:
The first prediction is the Estimated Maximum Loss, or EML. The surveyor identifies the worst event he can envisage and then describes it in terms initially of the direct (property) costs. The EML scenario is by its nature very gloomy and assumes not only a disaster, but the failure of most of the
associated protective systems. In the second set of calculations, Probable Maximum Loss (PML), these protective measures are expected to work as they should. Each of the
perils in the policy are addressed and the scenarios for their occurring are described.
These scenarios are then looked at from the point-of-view of consequential loss: the surveyor attempts to decide how long recovery would take - partial and complete. He relates
this to the business’s annual revenue to derive likely revenue loss for each scenario.
Additionally, he will also estimate additional costs of working and, if appropriate, liquidated
damages and computer debtor records. Some policies offer cover against failure of the electricity supply, telecomms, or market information services: for each of these too,
con loss calculations must be made.
From these and from the body of the
report, the underwriters can proceed to ‘rate’ the risk and determine the premium required if
the risk is to be accepted.
Conclusions
I go back to the deal which is at the heart
of con loss insurance: the insurer says to be
insured: “If you can show me that you have taken all reasonable precautions to prevent or minimize computer-related disasters, then I will cover you for those happenings which are not
reasonably foreseeable - and I will include the consequences of those happenings on your business as a whole”. Few London-based financial institutions take these
“reasonable precautions”; by current informal estimates, almost one-third might probably not be able to get full consequential loss cover resulting from failures of their computer
systems under any terms at all.
Peter Sommer Technical Director
Data Integrity plc
TECHNICAL EVALUATION
Product: Norton Utilities, Advanced Edition
Author, Developer: Peter Norton Computing Inc, 100 Wiltshire Blvd., 9th Floor, Santa Monica, CA 90401, USA; tel: 213-31 g-2000.
Vendor: Many (most?) computer dealers sell
COMPUTER FRAUD &
SECURITY BULLETIN
01989 Elsevier Science Publkbers Ltd., England./89/$Q.O0 + 2.20 No part of this publication may be re reduced, stored in a retrieval system, or transmitted by any form orb an means, electronic, mechanical, p
6. K otocopying, recording or otherwise, without the prior permission oft rIe
pu hshers. (Readers in the U.S.A.-plea% see special regulations listed on back cover.)
Vol. 11, No. 4, Page 17
the Norton Utilities. It is distributed in the UK
by SoftSel.
Availability: IBM PC/XT/AT, PSR or any close compatible running MS-DOS or PC-DOS.
Version evaluated: ~4.5, no serial number, supplied on both 5.25 inch 360K floppies (3
disks), and 3.5 inch 720K floppies (2 disks).
Price: 150 dollars (see below).
Hardware used: Dual floppy ITT XTRA (a PC compatible) with a 4.77MHz 8088 processor,
one 3.5 inch (720K) drive, two 5.25 inch
(360K) drives, and 30Mbyte Western Digital Hardcard, running under MS-DOS ~3.30.
The Norton Utilities have been around for
a long time, indeed I freely admit that I am unable to remember using a PC without a copy
of Norton at hand. This technical evaluation reports on the latest release of the Norton Utilities (version 4.5) specifically with regard to
computer security. I will attempt to answer the
following three questions:
1) If you have never used the Norton
Utilities, are they worth buying for their
security relevant features?
2) If you use a very old version of the Norton
Utilities, as I do, is it worth upgrading?
3) If you keep your version of the Norton
Utilities roughly up to date (say version
4.0), then does version 4.5 offer enough
new facilities to make an upgrade
worthwhile?
First a quick description of what the Norton
Utilities are. If you have ever had a need to
reclaim an erased file, dig around inside
MS-DOS, completely erase the contents of a disk or a file, hide files, inspect hidden files, or
generally do things for which the programs
supplied as standard with MS-DOS are
useless, then one of the best places to start is the Norton Utilities. This is a collection of
programs (integrated together) which provide
such facilities. There are competitor programs
(e.g. PC Tools), and there are public domain programs offering similar features (e.g. Ultra
Utilities). There is no space within this technical evaluation to go into detailed
comparison between such products.
From the viewpoint of someone coming across the Norton Utilities for the first time, the constituent programs that offer features
relevant to computer security are:
‘FA’ (File Attributes) can display, set or
reset any of the four MS-DOS file attributes
(Archive, Hidden, System and Read-Only). Similarly ‘FD’ (File Date) can alter the date
and/or time on a file, ‘FF’ (File Find) can locate
lost files or directories across one or more
disks, and ‘FR’ (Format Recover) can undo the
accidental formatting of a hard disk.
‘NDD’ (Norton Disk Doctor) can be used to
find and correct any physical or logical errors
on floppy or hard disks.
‘NU’ (Norton Utilities main program) can
be used to explore or edit any area of a disk including files, directories, the File Allocation
Table, and the Partition Table. Facilities are available to recover deleted files. A quick unerase program (‘QU’) is also provided which
is capable of dealing with simple cases of
accidental file erasure automatically.
‘UD’ (Unremove Directory) can recover
removed directories.
‘WIPEDISK’ AND ‘WIPEFILE’ can be used
to ensure that files which were once present
on a disk have been over-written (and can
never be recovered).
Any of the above programs (and the rest
of the 27 programs that comprise the Norton
Utilities), can be executed either as a normal
DOS program, or via the Norton Integrator
program (‘NI’), which provides a list of the available facilities, and lets the user point at
what he wishes to execute.
In answer to the first question, if any of the
COMPUTER FRAUD 81
SECURITY BULLETIN
01989 Etsevier Science Publishers Ltd., England./S9/$0.00 + 2.20 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form orb an means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission oft
L L
pu ltshers. (Readers in the U.S.A.-please see special regulations listed on back cover.)
Vol. 11, No. 4, Page 18
security relevant features described above is of use to you, then the Norton Utilities offers a
mature well tested product, and should prove a good buy for someone recently involved with computer security. I would even recommend
the Norton Utilities to someone new to
MS-DOS requiring the security relevant
facilities described above, as the programs are
very easy to use.
The 217 page manual is clearly written, although the index could usefully contain more
detail. Besides the main manual, the package
includes two supplements, a small 35 page booklet called ‘The Norton Disk Companion’
which explains the structure of MS-DOS disks,
and a book entitled ‘The Norton Trouble
Shooter’ (158 pages) which explains how to
solve various problems using the Norton
Utilities. This problem solving book is well
written, and offers step by step descriptions of
solutions to specific problems.
The copy of the Norton Utilities provided
for evaluation was obviously American in origin, all prices are quoted in dollars, and the
contact addresses are all in the States - the
registration card even has an American stamp
on it.
If you already have version 4.0 of the
Norton Utilities, then the major enhancement relevant to computer security in version 4.5 is the program called ‘NDD’ (Norton Disk
Doctor). This claims to execute over 100
individual tests on any disk under test. I used ‘NDD’ at some length to test out floppy disks and hard disks. On my computer it takes
about two and a half minutes to do a complete
examination of a floppy disk, and somewhat over twenty minutes to completely examine the hard disk. A quick inspection taking only a few
seconds is possible in either case, where the
sector by sector examination of the disk is
omitted.
Probably the most useful features of ‘NDD’ are those that make a disk bootable (even if DOS reports ‘No room for system files’), revive a faulty disk, and fix problems caused by using
the DOS utility ‘RECOVER’. When a faulty disk is revived, the data originally on the faulty
part of the disk is retained, even though a new format pattern has been written to the faulty
part of the disk. Such facilities could change
the attitudes of many users towards disk
problems. It is often quite difficult to correct
disk problems, and I feel sure that the facilities offered by ‘NDD’ can be used without requiring
much technical knowledge. It is certainly
worth trying to correct a disk problem using this program before calling in a highly priced
consultant to fix the problem. This of course
assumes that you are confident that you know
enough to avoid compounding the problem by
taking such a course of action.
In common with all Norton programs,
menu commands within ‘NDD’ can be selected
either with the cursor key, or the first letter of
the visible text. A single line at the bottom of
the menu provides a short explanation of each
menu option. This changes when the cursor
bar is moved from one option to another.
‘NDD’ appears to have no knowledge of
my 3.5 inch, 720K, disk drive. This is in spite
of the fact that the Norton Utilities are supplied
in this format (see above), and the other
Norton Utility programs all seem quite happy manipulating files on this drive. ‘NDD’ knows
that the drive is there, but when it has failed to
interpret the disk content correctly, the user is
asked to nominate the disk format in use. 720K is not among the options which are
offered. As my computer currently has both 5.25 and 3.5 inch disk drives, I found this
frustrating.
During testing I found one strange anomaly. Even if I specified that ‘NDD’ should
examine a floppy disk, the program stated that it was first going to examine the partition table
of the hard disk. It then accessed the hard
disk, even if ‘NDD’ was executed with floppy disk as the default drive. However all reports pertained to the floppy disk drive. Curious.
I found this program hard to test, for when a floppy disk ever shows an error, I
COMPUTER FRAUD &
SECURITY BULLETIN
01%9 Elsevier Science Publishers Ltd., England./89/!$0.00 + 2.20 No part of this publication may be re reduced, an means, electronic, mechanical, p g
stored in a retrieval system, or transmitted by any form orb otocopying, recording or otherwise, without the prior permission oft L
pu 6. Itshers. (Readers in the U.S.A.-please see special regulations listed on back cover.)
Vol. 11, No.4, Page 19
immediately retrieve the files and throw the
disk away. Therefore I do not have a store of
faulty disks. However from the use I have
made so far of ‘NDD’, I think that I shall revise my policy on floppy disks. In future I will let
‘NDD’ have one attempt at rectifying a problem
before I decide to throw a faulty disk away.
The questions stated above get easier to
answer when I look at my own copy of the
Norton Utilities which is now almost three
years old (version 3.1, dated 26th January 1986). Apart from programs that have been
extended, improved and generally cleaned up,
there are so many new facilities that I am not going to attempt to list them within this technical evaluation. The immediate impact is
that the menus are much simpler to use, and a lot of thought has gone into how information is presented on screen.
I appreciate that it is difficult to provide a detailed report after a quick trial of what is an
extensive and complex product. However,
from preliminary investigation, I would certainly
advise upgrading to the Advanced version of the Norton Utilities if you have an old version.
In short, the answers to question 1 ), 2)
and 3) listed above are, Yes, Yes and Probably.
Keith Jackson
VIRUSES
‘1813’ STRIKES CITY UNIVERSITY
An outbreak of the ‘1813’ (or ‘Friday the
13th’) computer virus has occurred at City University, London. The virus enters a system
attached to an executable file. When the file is
executed, the virus code does a TSR
(Terminate and Stay Resident), and becomes
resident in memory. All programs executed
from that point until the computer is next
re-booted get infected. Read-Only, Hidden, or
System status does not protect a program against infection, but the system file
Command.Com is exempt infection.
The virus traps the error handler, so no
error reports are displayed if the virus tries to write protected disk, or attempts to access a
drive with no disk in it.
The code of the virus contains several errors. These are mainly concerned with making too many assumptions about the format of executable files, and in one instance the virus is known to have attached itself six times to a given file. The virus causes most programs that use overlays to crash.
Previous press reports have discussed erroneous code within this virus that checks for ‘May 13th 1987’. City University staff have disassembled the virus, and state that this is not a fault, it is correct code with two functions:-
- To spread, but do nothing else in 1987.
- In any other year to do something special
(presumably nasty, details not yet avail- able) on any Friday 13th, otherwise to do
odd things to the screen.
The virus described above is different from the commonly occurring Brain and Italian viruses, as it does not reside in the boot sector of a disc. The virus will therefore not be detected by many (most?) of the anti-virus programs on the market. Programs that spot virus activity by calculating cryptographic checksums across a set of files should detect the virus, as long as the infected file(s) are part of the checksum process. Sadly such programs can only show that a virus is active, they do nothing to prevent or cure the outbreak.
Keith Jackson
BUY ONLY FROM RELIABLE SOURCES
This advice appears in every list of
recommendations of ways to reduce the
COMPUTER FRAUD &
SECURITY BULLETIN
01989 Ekevier Science Publishers Ltd., England./89/$0.00 + 2.20 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form orb an
x. means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission oft r,
pu lashers. (Readers in the U.S.A. - pIeaxe see special regulation5 listed on back cover.)