1 INFO-VAX	Mon, 08 May 2000	Volume 2000 : Issue 256       Contents: Re: C routines to access sysuaf  Re: C routines to access sysuaf  Re: computer viruses on VMS  DecMotiff Video Problem  Re: DecMotiff Video Problem 	 Re: OPCOM  Re: Persona system services  Re: the latest billybox virus  Re: the latest billybox virus  Re: the latest billybox virus  Re: the latest billybox virus  Re: the latest billybox virus  Re: the latest billybox virus  Re: the latest billybox virus   F ----------------------------------------------------------------------  # Date: Sun, 07 May 2000 19:50:17 GMT + From: "Matt Jacobs" <mjacobs1@twcny.rr.com> ( Subject: Re: C routines to access sysuaf6 Message-ID: <ZNjR4.2364$Z9.68891@typhoon.nyroc.rr.com>  L Here's a quick hack I did two weeks ago.  It consists of two files, uafdmp.c
 and uafdef.h.   I The uafdef.h file on my system from does not quite match the structure of G the 7.1 sysuaf file I was accessing so I added offsets where necessary.   0 ================================================ uafdmp.c   #include "uafdef.h"  #include <descrip.h> #include <iodef.h> #include <jpidef.h>  #include <libdef.h>  #include <rms.h> #include <ssdef.h> #include <starlet.h> #include <stdio.h> #include <stdlib.h>  #include <string.h>  #include <uaidef.h>     #define TMP_SIZE            1000  #define PRINT_LINE_SIZE     5000  #define MAX_FILE_NAME_SIZE   256  ( int add_to_line (char *line, char *str);   main (int argc, char *argv[]) {      struct FAB      fab;     unsigned long   hash[2];     int             i;     int             j;     FILE           *ofp;9     char            output_file_name[MAX_FILE_NAME_SIZE]; 0     char            print_line[PRINT_LINE_SIZE];     struct RAB      rab;     int             stat;      struct XABSUM   sum;     struct _uaf     uaf;      char            usr_buf[31];     struct XABKEY   xab;
     struct      {short len;       short code;        int *bufadr;       int *retlen;} UaiItem[2];        $DESCRIPTOR(usr, usr_buf);      /* ,     * Check to see that both an input and an)     * output file spec have been entered. 0     *-----------------------------------------*/     if (argc != 3) {7         printf("\nUsage: uafdmp sysuaf_file dmp_file");      } 
     else {*         strcpy(output_file_name, argv[2]);           fab = cc$rms_fab;          sum = cc$rms_xabsum;%         fab.fab$b_shr = FAB$M_SHRPUT; "         fab.fab$b_fac = FAB$M_GET;&         fab.fab$l_xab = (char *) &sum;          fab.fab$l_fna = argv[1];*         fab.fab$b_fns = strlen( argv[1] );           rab = cc$rms_rab;          rab.rab$l_fab = &fab; "         rab.rab$b_rac = RAB$C_SEQ;"         rab.rab$l_rop = RAB$M_NXT;         rab.rab$b_krf = 0;&         rab.rab$l_ubf = (char *) &uaf;%         rab.rab$w_usz = UAF$C_LENGTH;   ,         ofp = fopen(output_file_name, "w+");           if (ofp == NULL) {9             printf("\nError: dmp_file file open error."); ;             printf("\nUsage: uafdmp sysuaf_file dmp_file"); 	         }          else {"             stat = sys$open(&fab);&             if (stat != RMS$_NORMAL) {?                 printf("\nError: sysuaf_file sys$open error."); 
             }              else {)                 stat = sys$connect(&rab); *                 if (stat != RMS$_NORMAL) {F                     printf("\nError: sysuaf_file sys$connect error.");                 }                  else {)                     stat = sys$get(&rab);                      j = 0;3                     while  (stat == RMS$_NORMAL)  {                          j++;(                         if  (j != 1)   {>                             for (i=0; i<PRINT_LINE_SIZE; i++){5                                 print_line[i] = '\0';   I                             sprintf(print_line, "%12.12s [%4.4o,%4.4o] ", F                                     uaf.uaf$t_username, uaf.uaf$w_grp, uaf.uaf$w_mem); I                             add_to_line(print_line, uaf.uaf$t_owner     +  1);   /* offset added */3                             add_to_line(print_line,  af$t_account      );I                             add_to_line(print_line, uaf.uaf$t_defdev    +  1); /* offset added */I                             add_to_line(print_line, uaf.uaf$t_defdir    +  1);   /* offset added */I                             add_to_line(print_line, uaf.uaf$t_lgicmd    +  1); /* offset added */I                             add_to_line(print_line, uaf.uaf$t_defcli    +  1);   /* offset added */;                             fprintf(ofp,"%s\n",print_line);                          } .                         stat = sys$get (&rab);                     }                  } 
             } #             stat = sys$close(&fab);              fclose (ofp); 	         }      }  } ) int add_to_line (char *line, char *str) { 
     int i;     char tmp1[TMP_SIZE];  /     for (i=0; i<TMP_SIZE; i++){tmp1[i] = '\0';} 
     i = 0;0     while ((str[i] >= ' ') && (str[i] <= '~')) {         tmp1[i] = str[i];          i++;     }      strcat(line, tmp1);      return(i); }   0 ================================================ uafdef.h   /**/L /*************************************************************************** ***/ /**  **/  /**  Copyright (c) 1996  **/ 5 /**  by DIGITAL Equipment Corporation, Maynard, Mass.  **/  /**  **/ K /**  This software is furnished under a license and may be used and  copied  **/ K /**  only  in  accordance  with  the  terms  of  such  license and with the  **/ K /**  inclusion of the above copyright notice.  This software or  any  other  **/ K /**  copies  thereof may not be provided or otherwise made available to any  **/ K /**  other person.  No title to and ownership of  the  software  is  hereby  **/  /**  transferred.  **/  /**  **/ K /**  The information in this software is subject to change  without  notice  **/ K /**  and  should  not  be  construed  as  a commitment by DIGITAL Equipment  **/  /**  Corporation.  **/  /**  **/ K /**  DIGITAL assumes no responsibility for the use or  reliability  of  its  **/ < /**  software on equipment which is not supplied by DIGITAL. **/  /**  **/ L /*************************************************************************** ***/L /***************************************************************************6 *****************************************************/= /* Created: 25-NOV-1996 18:18:55 by OpenVMS SDL EV1-52     */ G /* Source:   2-MAR-1996 17:58:12 $64$DUA2130:[LIB_H.SRC]UAFDEF.SDL;1 */ L /***************************************************************************6 *****************************************************/ /*** MODULE $UAFDEF ***/ #ifndef __UAFDEF_LOADED  #define __UAFDEF_LOADED 1   D #pragma __nostandard             /* This file uses non-ANSI-Standard features */ ! #pragma __member_alignment __save  #pragma __nomember_alignmentE #ifdef __INITIAL_POINTER_SIZE            /* Defined whenever ptr size  pragmas supported */K #pragma __required_pointer_size __save       /* Save the previously-defined  required ptr size */K #pragma __required_pointer_size __short      /* And set ptr size default to  32-bit pointers */ #endif   #ifdef __cplusplus     extern "C" { #define __unknown_params ... #define __optional_params ...  #else  #define __unknown_params #define __optional_params ...  #endif   #if !defined(__VAXC) #define __struct struct  #define __union union  #else  #define __struct variant_struct  #define __union variant_union  #endif   /*++ */! /* User authorization file format  */= /* Note: With the exception of the username and account name,  */= /* all strings are blank padded counted strings. Username and  */, /* account name are uncounted, blank padded. */ /*-- */> #define UAF$C_USER_ID 1                 /* main user ID record */7 #define UAF$C_VERSION1 1                /* this version  */B #define UAF$C_KEYED_PART 52             /* ISAM keys come this far */L #define UAF$C_MAX_PWD_LENGTH 32         /* maximum plaintext password length */L #define UAF$K_MAX_PWD_LENGTH 32         /* maximum plaintext password length */E #define UAF$C_AD_II 0                   /* AUTODIN-II 32 bit crc code  */G #define UAF$C_PURDY 1                   /* Purdy polynomial over salted  input */F #define UAF$C_PURDY_V 2                 /* Purdy polynomial + variable length username */G #define UAF$C_PURDY_S 3                 /* PURDY_V folded into password 	 length */ G #define UAF$K_CURRENT_ALGORITHM 3       /* current DEC algorithm number  */G #define UAF$C_CURRENT_ALGORITHM 3       /* current DEC algorithm number  */$ #define UAF$C_PREFERED_ALGORITHM 127$ #define UAF$K_PREFERED_ALGORITHM 127I #define UAF$C_PREFERRED_ALGORITHM 127   /* preferred hash algorithm - use 
 current */I #define UAF$K_PREFERRED_ALGORITHM 127   /* preferred hash algorithm - use 
 current */F #define UAF$C_CUST_ALGORITHM 128        /* customer algorithm division */F #define UAF$K_CUST_ALGORITHM 128        /* customer algorithm division */B #define UAF$K_FIXED 644                 /* length of fixed portion */B #define UAF$C_FIXED 644                 /* length of fixed portion */ #define UAF$K_LENGTH 1412  #define UAF$C_LENGTH 1412 E #define UAF$S_UAFDEF 1412               /* Old size name, synonym for  UAF$S_UAF */   typedef struct _uaf { :     unsigned char uaf$b_rtype;          /* UAF record type */=     unsigned char uaf$b_version;        /* UAF format version  */K     unsigned short int uaf$w_usrdatoff; /* offset of counted string of user  data */      __union  {3         char uaf$t_username [32];       /* username  */         __struct  { #             char uaf$t_fill_0 [31]; G             char uaf$t_username_tag;    /* tag to differentiate records  */             } uaf$r_fill_1;          } uaf$r_fill_0;      __union  {7         unsigned int uaf$l_uic;         /* user ID code  */         __struct  { <             unsigned short int uaf$w_mem; /* member subfield */;             unsigned short int uaf$w_grp; /* group subfield  */             } uaf$r_fill_3;          } uaf$r_fill_2; >     unsigned int uaf$l_sub_id;          /* user sub-identifier */F     unsigned __int64 uaf$q_parent_id;   /* identifier of owner of this
 account */7     char uaf$t_account [32];            /* account name  */7     char uaf$t_owner [32];              /* owner's name  */9     char uaf$t_defdev [32];             /* default device  */<     char uaf$t_defdir [64];             /* default directory */=     char uaf$t_lgicmd [64];             /* login command file  */F     char uaf$t_defcli [32];             /* default command interpreter */:     char uaf$t_clitables [32];          /* user CLI tables */     __union  {:         unsigned __int64 uaf$q_pwd;     /* hashed password */         __struct  { :             unsigned int uaf$l_pwd;     /* 32 bit subfield */             } uaf$r_fill_5;          } uaf$r_fill_4; :     unsigned __int64 uaf$q_pwd2;        /* second password */B     unsigned short int uaf$w_logfails;  /* count of login failures */?     unsigned short int uaf$w_salt;      /* random password salt  */J     unsigned char uaf$b_encrypt;        /* primary password hash algorithm */ /* known hash algorithm indices  */L     unsigned char uaf$b_encrypt2;       /* secondary password hash algorithm */B     unsigned char uaf$b_pwd_length;     /* minimum password length */     char uaf$$$_fill_1 [1]; F     unsigned __int64 uaf$q_expiration;  /* expiration date for account */=     unsigned __int64 uaf$q_pwd_lifetime; /* password lifetime  */B     unsigned __int64 uaf$q_pwd_date;    /* date of password change */F     unsigned __int64 uaf$q_pwd2_date;   /* date of 2nd password change */I     unsigned __int64 uaf$q_lastlogin_i; /* date of last interactive login  */G     unsigned __int64 uaf$q_lastlogin_n; /* date of last non-interactive  login */C     unsigned __int64 uaf$q_priv;        /* process privilege vector  */E     unsigned __int64 uaf$q_def_priv;    /* default process privileges  */A     __struct  {                         /* minimum security class  */         char uaf$b_fill_2 [20];          } uaf$r_min_class;A     __struct  {                         /* maximum security class  */         char uaf$b_fill_3 [20];          } uaf$r_max_class;     __union  {>         unsigned int uaf$l_flags;       /* user flags longword */         __struct  { <             unsigned uaf$v_disctly : 1; /* no user control-y */F             unsigned uaf$v_defcli : 1;  /* only allow user default CLI */G             unsigned uaf$v_lockpwd : 1; /* disable SET PASSWORD command  */J             unsigned uaf$v_restricted : 1; /* restricted account (pre-V5.2 CAPTIVE) */ ?             unsigned uaf$v_disacnt : 1; /* no interactive login  */A             unsigned uaf$v_diswelcom : 1; /* skip welcome message  */@             unsigned uaf$v_dismail : 1; /* skip new mail message */@             unsigned uaf$v_nomail : 1;  /* disable mail delivery */F             unsigned uaf$v_genpwd : 1;  /* passwords must be generated */C             unsigned uaf$v_pwd_expired : 1; /* password has expired  */H             unsigned uaf$v_pwd2_expired : 1; /* 2nd password has expired */<             unsigned uaf$v_audit : 1;   /* audit all actions */E             unsigned uaf$v_disreport : 1; /* skip last login messages  */E             unsigned uaf$v_disreconnect : 1; /* inhibit reconnections  */<             unsigned uaf$v_autologin : 1; /* auto-login only */E             unsigned uaf$v_disforce_pwd_change : 1; /* disable forced  password change */I             unsigned uaf$v_captive : 1; /* captive account (no overrides)  */C             unsigned uaf$v_disimage : 1; /* disable arbitrary image 
 activation */ H             unsigned uaf$v_dispwddic : 1; /* disable password dictionary	 search */ L             unsigned uaf$v_dispwdhis : 1; /* disable password history search */L             unsigned uaf$v_defclsval : 1; /* default classification is valid */J             unsigned uaf$v_extauth : 1; /* external authentication enabled */I             unsigned uaf$v_migratepwd : 1; /* migrate UAF pwd to external  auth */ '             unsigned uaf$v_fill_10 : 1;              } uaf$r_fill_7;          } uaf$r_fill_6; G     unsigned char uaf$b_network_access_p [3]; /* hourly network access, 
 primary */G     unsigned char uaf$b_network_access_s [3]; /* hourly network access,  secondary */K     unsigned char uaf$b_batch_access_p [3]; /* hourly batch access, primary  */C     unsigned char uaf$b_batch_access_s [3]; /* hourly batch access,  secondary */K     unsigned char uaf$b_local_access_p [3]; /* hourly local access, primary  */C     unsigned char uaf$b_local_access_s [3]; /* hourly local access,  secondary */E     unsigned char uaf$b_dialup_access_p [3]; /* hourly dialup access, 
 primary */E     unsigned char uaf$b_dialup_access_s [3]; /* hourly dialup access,  secondary */E     unsigned char uaf$b_remote_access_p [3]; /* hourly remote access, 
 primary */E     unsigned char uaf$b_remote_access_s [3]; /* hourly remote access,  secondary */H     char uaf$$$_fill_4 [12];            /* space for 2 more access types */     __union  {I         unsigned char uaf$b_primedays;  /* bits representing primary days  */         __struct  { L             unsigned uaf$v_monday : 1;  /* bit clear means this is a primary day */K             unsigned uaf$v_tuesday : 1; /* bit set means this is an off day  */)             unsigned uaf$v_wednesday : 1; (             unsigned uaf$v_thursday : 1;&             unsigned uaf$v_friday : 1;(             unsigned uaf$v_saturday : 1;&             unsigned uaf$v_sunday : 1;'             unsigned uaf$v_fill_11 : 1;              } uaf$r_fill_9;          } uaf$r_fill_8;      char uaf$$$_fill_5 [1]; @     unsigned char uaf$b_pri;            /* base process priority */G     unsigned char uaf$b_quepri;         /* maximum job queuing priority  */G     unsigned short int uaf$w_maxjobs;   /* maximum jobs for UIC allowed  */ /* 0 means no limit  */E     unsigned short int uaf$w_maxacctjobs; /* maximum jobs for account 
 allowed */ /* 0 means no limit  */I     unsigned short int uaf$w_maxdetach; /* maximum detached processes for  UIC */ /* 0 means no limit  */D     unsigned short int uaf$w_prccnt;    /* subprocess creation limit */=     unsigned short int uaf$w_biolm;     /* buffered I/O limitt */;     unsigned short int uaf$w_diolm;     /* direct I/O limiti */B     unsigned short int uaf$w_tqcnt;     /* timer queue entry limit */:     unsigned short int uaf$w_astlm;     /* AST queue limit */8     unsigned short int uaf$w_enqlm;     /* enqueue limit */:     unsigned short int uaf$w_fillm;     /* open file limit */<     unsigned short int uaf$w_shrfillm;  /* shared file limit */A     unsigned int uaf$l_wsquota;         /* working set size quota  */C     unsigned int uaf$l_dfwscnt;         /* default working set sizej */A     unsigned int uaf$l_wsextent;        /* working set size limitt */:     unsigned int uaf$l_pgflquota;       /* page file quota */9     unsigned int uaf$l_cputim;          /* CPU time quotad */H     unsigned int uaf$l_bytlm;           /* buffered I/O byte count limit */L     unsigned int uaf$l_pbytlm;          /* paged buffer I/O byte count limit */F     unsigned int uaf$l_jtquota;         /* job-wide logical name table creation quota */uK     unsigned short int uaf$w_proxy_lim; /* number of proxies user can granti */D     unsigned short int uaf$w_proxies;   /* number of proxies granted */K     unsigned short int uaf$w_account_lim; /* number of sub-accounts allowed  */H     unsigned short int uaf$w_accounts;  /* number of sub-accounts in use */A     __struct  {                         /* default security class  */         char uaf$b_fill_6 [20];i         } uaf$r_def_class;6     char uaf$$$_fill_99 [44];           /* spare space */?     char uaf$$$_fill_100 [768];         /* user-extensible area  */
     } UAF;   #if !defined(__VAXC)2 #define uaf$t_username uaf$r_fill_0.uaf$t_usernameG #define uaf$t_username_tag uaf$r_fill_0.uaf$r_fill_1.uaf$t_username_tagr( #define uaf$l_uic uaf$r_fill_2.uaf$l_uic5 #define uaf$w_mem uaf$r_fill_2.uaf$r_fill_3.uaf$w_meme5 #define uaf$w_grp uaf$r_fill_2.uaf$r_fill_3.uaf$w_grp ( #define uaf$q_pwd uaf$r_fill_4.uaf$q_pwd5 #define uaf$l_pwd uaf$r_fill_4.uaf$r_fill_5.uaf$l_pwd , #define uaf$l_flags uaf$r_fill_6.uaf$l_flags= #define uaf$v_disctly uaf$r_fill_6.uaf$r_fill_7.uaf$v_disctly ; #define uaf$v_defcli uaf$r_fill_6.uaf$r_fill_7.uaf$v_defcli = #define uaf$v_lockpwd uaf$r_fill_6.uaf$r_fill_7.uaf$v_lockpwd C #define uaf$v_restricted uaf$r_fill_6.uaf$r_fill_7.uaf$v_restricteda= #define uaf$v_disacnt uaf$r_fill_6.uaf$r_fill_7.uaf$v_disacnt A #define uaf$v_diswelcom uaf$r_fill_6.uaf$r_fill_7.uaf$v_diswelcom1= #define uaf$v_dismail uaf$r_fill_6.uaf$r_fill_7.uaf$v_dismail ; #define uaf$v_nomail uaf$r_fill_6.uaf$r_fill_7.uaf$v_nomail$; #define uaf$v_genpwd uaf$r_fill_6.uaf$r_fill_7.uaf$v_genpwd E #define uaf$v_pwd_expired uaf$r_fill_6.uaf$r_fill_7.uaf$v_pwd_expiredaG #define uaf$v_pwd2_expired uaf$r_fill_6.uaf$r_fill_7.uaf$v_pwd2_expired"9 #define uaf$v_audit uaf$r_fill_6.uaf$r_fill_7.uaf$v_auditoA #define uaf$v_disreport uaf$r_fill_6.uaf$r_fill_7.uaf$v_disreportmG #define uaf$v_disreconnect uaf$r_fill_6.uaf$r_fill_7.uaf$v_disreconnect=A #define uaf$v_autologin uaf$r_fill_6.uaf$r_fill_7.uaf$v_autologin ! #define uaf$v_disforce_pwd_changes3 uaf$r_fill_6.uaf$r_fill_7.uaf$v_disforce_pwd_change{= #define uaf$v_captive uaf$r_fill_6.uaf$r_fill_7.uaf$v_captivef? #define uaf$v_disimage uaf$r_fill_6.uaf$r_fill_7.uaf$v_disimagesA #define uaf$v_dispwddic uaf$r_fill_6.uaf$r_fill_7.uaf$v_dispwddic A #define uaf$v_dispwdhis uaf$r_fill_6.uaf$r_fill_7.uaf$v_dispwdhis A #define uaf$v_defclsval uaf$r_fill_6.uaf$r_fill_7.uaf$v_defclsval = #define uaf$v_extauth uaf$r_fill_6.uaf$r_fill_7.uaf$v_extauth)C #define uaf$v_migratepwd uaf$r_fill_6.uaf$r_fill_7.uaf$v_migratepwd 4 #define uaf$b_primedays uaf$r_fill_8.uaf$b_primedays; #define uaf$v_monday uaf$r_fill_8.uaf$r_fill_9.uaf$v_monday[= #define uaf$v_tuesday uaf$r_fill_8.uaf$r_fill_9.uaf$v_tuesday_A #define uaf$v_wednesday uaf$r_fill_8.uaf$r_fill_9.uaf$v_wednesday ? #define uaf$v_thursday uaf$r_fill_8.uaf$r_fill_9.uaf$v_thursdaye; #define uaf$v_friday uaf$r_fill_8.uaf$r_fill_9.uaf$v_fridaye? #define uaf$v_saturday uaf$r_fill_8.uaf$r_fill_9.uaf$v_saturday(; #define uaf$v_sunday uaf$r_fill_8.uaf$r_fill_9.uaf$v_sunday & #endif      /* #if !defined(__VAXC) */    $ #pragma __member_alignment __restoreE #ifdef __INITIAL_POINTER_SIZE            /* Defined whenever ptr sizea pragmas supported */? #pragma __required_pointer_size __restore        /* Restore ther' previously-defined required ptr size */* #endif #ifdef __cplusplus     }  #endif #pragma __standard   #endif /* __UAFDEF_LOADED */   ------------------------------  % Date: Sun, 07 May 2000 15:08:12 -0600 % From: Dan O'Reilly <dano@process.com> ( Subject: Re: C routines to access sysuafB Message-ID: <4.2.0.58.20000507150621.00a43640@pop.clsp.uswest.net>  ' At 01:50 PM 5/7/00 , Matt Jacobs wrote: M >Here's a quick hack I did two weeks ago.  It consists of two files, uafdmp.c  >and uafdef.h.  I Thanks, that's sort of what I had in mind.  I did get another brainstorm,+H though, that worked OK for what I really needed, which was to look up anI account by UIC.  In that case, I can feed the UIC to sys$idtoasc, that'll*J return a username than I can use for sys$getuai.  Works just fine for what	 I needed.t  J Many thanks to all respondents - my solution was one suggested by somebody
 else, too.   ------I +-------------------------------+---------------------------------------+ I | Dan O'Reilly                  |                                       | I | Principal Engineer            |  "Time flies like an arrow.  Fruit    |yI | Process Software Corporation  |   flies like a banana."               |aI | http://www.process.com        |                    -- Groucho Marx    |hI +-------------------------------+---------------------------------------+T   ------------------------------  # Date: Mon, 08 May 2000 00:16:50 GMT* From: d.webb@mdx.ac.uk$ Subject: Re: computer viruses on VMS) Message-ID: <8f5119$icj$1@nnrp1.deja.com>   : In article <20000507124728.25509.00001760@ng-df1.aol.com>,&   merefbast@aol.com (MerefBast) wrote:F >    Hi. I am looking for information to compare the susceptibility of various ( > operating systems to computer viruses. >*G >    I am particularly interested in references for factual information*	 about the*G > kinds, nature, and number of security holes, as well as the number of* actual> > viruses, worms, and Trojan Horses for each operating system. >   G As far as I am aware there are no viruses for either VMS or Unix in the* wild.*   The most famous worms were  ? The Internet worm of 1988 which propogated through Unix systems*? and the WANK worm of 1989 which propogated through VMS systems.D  H I believe there have been a few other Unix based worms but haven't heard of any other VMS based ones.  G These traditional worms relied upon OS security holes. Hence because ofaD the security of current VMS versions it is unlikely that such a wormD could be written today. Unix systems might still be vulnerable - seeA later. However traditional worm writing seems to have gone out ofa favour.u  F An email worm ala ILOVEU or MELISSA which relies for transmission on aD user reading a mail message would theoretically be possible for bothC VMS and Unix. (Though only with VMS running software in addition tonA the standard VMS MAIL - eg PMDF  which handles Mime attachments).dE Given the spread of Microsoft products on the desktop and the ease offE identifying addressbooks associated with such products these products > make a much better target than VMS or Unix based mail systems.  F Trojan programs are a threat to any system. If someone with privilegesC installs a program there is always the possibility that it containsn malevolent code.    H To get a general appreciation of the types and numbers of security holes? on various operating systems have a look at the bugtraq list on  http://www.securityfocus.com/5  ! See the Vulnerabilities database.f  > You can search via Vendor OS and version ( EG SUN SOLARIS 8.0)  D VMS is under the Vendor DIGITAL (There are additional vendor entries9 COMPAQ and DIGITAL(COMPAQ) but these do not include VMS).   E VMS has very few vulnerabilities listed (about one every 18 months or  so).G Solaris and WNT have entries which appear much more frequently. In both_4 cases averaging at least one bug every 2 to 4 weeks.    
 David Webb VMS and Unix team leader CCSS Middlesex University  > >    A copy of the information to <MerefBast@aol.com> would be appreciated. >t >    Thanks....m >  >/      & Sent via Deja.com http://www.deja.com/ Before you buy.t   ------------------------------  # Date: Sun, 07 May 2000 18:15:37 GMTR From: andre@bwu.com.br  Subject: DecMotiff Video Problem) Message-ID: <8f4brv$sa1$1@nnrp1.deja.com>   E I am trying to run Motiff in an AS250 4/266 with Open VMS 6.2 but the E software shows me the following message: "%DECW$DEVICE-W-NODEVICE, nol graphics devices found."< I am using a non Digital video board. Could be the problem ?   Thanks for your help   Andr Leibovici  andre@bwu.com.br    & Sent via Deja.com http://www.deja.com/ Before you buy.*   ------------------------------  # Date: Sun, 07 May 2000 21:02:54 GMTE From: Dirk Munk <munk@home.nl>$ Subject: Re: DecMotiff Video Problem' Message-ID: <3915D9FE.CC4E5051@home.nl>u   andre@bwu.com.br wrote:a > G > I am trying to run Motiff in an AS250 4/266 with Open VMS 6.2 but theoG > software shows me the following message: "%DECW$DEVICE-W-NODEVICE, noo > graphics devices found."> > I am using a non Digital video board. Could be the problem ?  G Depends on the board, but most likely yes. There is a list of supportedfA graphics options on the VMS web pages. Getting hold of a suitable * graphics device could be a problem though.     >  > Thanks for your help >  > Andr Leibovici  > andre@bwu.com.br > ( > Sent via Deja.com http://www.deja.com/ > Before you buy.    ------------------------------  $ Date: Sun, 7 May 2000 13:23:25 -0500) From: "John E. Malmberg" <wb8tyw@qsl.net>b Subject: Re: OPCOM. Message-ID: <shbcpsa7qil35@corp.supernews.com>  + Paul Sture <paul@sture.ch> wrote in message % news:VA.00000035.056d40e9@sture.ch...4  G > But the cluster had this on last week doesn't have graphics consoles.f8 > Unfortunately it's not a cluster I can reboot at will.  " I do not think a reboot is needed.  7 Also the WINDOW_SYSTEM parameter appears to be dynamic.d  $ After the required logicals are set:  * $@sys$system:startup opcom !Restart Opcom.   -Johnu wb8tyw@qsl.network   ------------------------------  $ Date: Sun, 7 May 2000 17:57:25 -07005 From: "cstranslations" <cstranslations@email.msn.com>c$ Subject: Re: Persona system services) Message-ID: <O8SmPiIu$GA.229@cpmsnbbsa03>_  . John Vottero <John@MVPSI.com> wrote in message> news:C15945A9D9EFCF11BA8B08002BBF1CCC0CD6E5@berry.mvpsi.com... > Allow me to correct myself.  >$H > Your problem is that you are passing the username in the item list and thatG > you are using V7.1 with V7.2 documentation.  Pass the username as the  secondE > argument.  Don't pass an item list.  In fact, in V7.1 the item lists argumentL > didn't exist.  Look at the VAX documentation of the persona services which I*. > think cover the Alpha V7.1 persona services.   Ayup - that was the problem.  L Still have a mindset from the east coast job where we were running 5.5-2 andC I was looking at 6.2 docs. At usermode things are generally forwardnI compatible (and in this case I don't believe the particular set of systemnJ services in question were even implemented). Have 7.1-1H1 here at home andI in the present job (7.2 system service manuals here at home although it'suI the 7.1 set at work), and well, can't use something that it's implementedu yet.  / Damn shame it's just the 7.2 set that's online.    Thanks Joei   ------------------------------  % Date: Sun, 07 May 2000 13:44:47 -0500i) From: "John E. Malmberg" <wb8tyw@qsl.net>p& Subject: Re: the latest billybox virus7 Message-ID: <0ea101bfb854$52ad3570$020a0a0a@xile.realm>   & Howard S Shubs <hshubs#mindspring.com>  D > In article <shb03g3hqil126@corp.supernews.com>, "John E. Malmberg" > <wb8tyw@qsl.network> wrote:t > L > >This last one did not autoexecute.  One of the previous ones did.  Enough TVI > >and Print Journalists have now pointed this out to the script kiddies.f8 > >These writers are slowly learning from this feedback. > K > It doesn't matter.  Security-through-obscurity is just a delaying tactic.   J True,  But neither should one actively advertise how to architect a better attack.d  H The speed these script kiddies are learning is really slow.  No sense inL speeding them up.  There are quite a few concepts that they are missing, and) this indicates a low level of competence.e  G The people that really know enough to do some real damage, have alreadymK discovered that they can make enough money legitimately so they do not wanta to bother with such things.u  K What surprises me of all of the admissions I have seen in print from peoplew. that set it off that should have known better.   -Johnn   ------------------------------  % Date: Sun, 07 May 2000 14:45:21 -0500i, From: Howard S Shubs <hshubs@mindspring.com>& Subject: Re: the latest billybox virus> Message-ID: <hshubs-C6F8A3.14452107052000@news.mindspring.com>  K In article <8f481g$n10$1@pyrite.mv.net>, "Bill Todd" <billtodd@foo.mv.com> v wrote:  L >It's partly that I have a clear understanding of what 'certain' means.  ButK >I also suggest that anyone sufficiently incompetent to pass along an email1J >virus can't reasonably be termed 'trustworthy' in this context (which is,H >after all, precisely the context the warning exists in).  If that's not@ >possible for you to grasp, I'm afraid I can't help you further.  O No, what's impossible for me to grasp is your misunderstanding of the level of  I ignorance of most people.  Until they were warned about the worm, people  L simply went along doing their normal thing.  They saw new mail from someone J they knew, and read it as they normally would.  While it didn't make much > sense, perhaps the attachment would help, so they launched it.    H >Because they're quite convenient on the occasions when they *are* used.  D This convenience must be balanced against the potential for lossage.    K >Absolutely.  And you have all the mechanisms you need today in Outhouse to : >do so (you do set up systems for your users, don't you?).  N Certainly.  I set up all the VMS systems I've worked with for quite a while.  F I avoid Windows systems like the plague, bringing in my own Macintosh L Powerbook for my use while at work when possible.  When not possible, I use M the Windows box as a terminal to get to the system where I do my actual work.     : >See above:  Outhouse provides what you need in this area.  F If it warns ahead of time, that's nice.  Is there a way for admins to O completely disable such "features" as this scripting?  If I -had- to supervise aL such systems, they -would-not-have- the ability to run scripts w/o approval M from Moi.  I wouldn't allow my users to have this ability.  So far, it's not r been an issue.    G >Actually, I don't consider myself a troll (and don't particularly care H >whether you may).  I usually raise these issues because of the residualH >feeling from days long past that VMS users were a cut above the generalK >population in their analytical abilities and might respond to reason if itt6 >was placed sufficiently close underneath their noses.  K Considering that we've been pointing out flaws in the MS Windows operating nO system for the last few days, and you come back disgarding all of that, yes, I n feel there's a chasm here. --  ; Howard S Shubs      hshubs@mindspring.com    hshubs@bix.com ? The Denim Adept     Which is better, Maryann or pickled Ginger?i> SPAM: uce@ftc.gov   postmaster@[127.0.0.1]   abuse@[127.0.0.1]   ------------------------------  $ Date: Sun, 7 May 2000 16:41:04 -0400' From: "Bill Todd" <billtodd@foo.mv.com> & Subject: Re: the latest billybox virus( Message-ID: <8f4k9c$8ga$1@pyrite.mv.net>  7 Howard S Shubs <hshubs@mindspring.com> wrote in messagee8 news:hshubs-C6F8A3.14452107052000@news.mindspring.com...L > In article <8f481g$n10$1@pyrite.mv.net>, "Bill Todd" <billtodd@foo.mv.com> > wrote: >iI > >It's partly that I have a clear understanding of what 'certain' means.n ButoG > >I also suggest that anyone sufficiently incompetent to pass along ant emaildL > >virus can't reasonably be termed 'trustworthy' in this context (which is,J > >after all, precisely the context the warning exists in).  If that's notB > >possible for you to grasp, I'm afraid I can't help you further. >mG > No, what's impossible for me to grasp is your misunderstanding of the  level ofJ > ignorance of most people.  Until they were warned about the worm, peopleE > simply went along doing their normal thing.  They saw new mail froml someone K > they knew, and read it as they normally would.  While it didn't make much @ > sense, perhaps the attachment would help, so they launched it.  C As has been pointed out elsewhere, this level of ignorance was also E exhibited by a great many people who unquestionably should have knownfI better.  This suggests strongly that the problem is simply one of lack ofpE experience with new technology (including some of its pitfalls) which D experience will largely eliminate, rather than some innate universal2 stupidity that requires prohibition as a solution.   >  >nJ > >Because they're quite convenient on the occasions when they *are* used. >/F > This convenience must be balanced against the potential for lossage.  K Which is precisely what the ability to configure Outhouse options accordingn" to individual system needs allows.   >  > J > >Absolutely.  And you have all the mechanisms you need today in Outhouse to< > >do so (you do set up systems for your users, don't you?). >eG > Certainly.  I set up all the VMS systems I've worked with for quite ae while.G > I avoid Windows systems like the plague, bringing in my own MacintoshaI > Powerbook for my use while at work when possible.  When not possible, Ie use_I > the Windows box as a terminal to get to the system where I do my actuall work.r >l >.< > >See above:  Outhouse provides what you need in this area. > G > If it warns ahead of time, that's nice.  Is there a way for admins to47 > completely disable such "features" as this scripting?6  < Yes, under the rather comprehensive security settings in IE.     If I -had- to superviseeD > such systems, they -would-not-have- the ability to run scripts w/o approvalJ > from Moi.  I wouldn't allow my users to have this ability.  So far, it's notu > been an issue. >f > I > >Actually, I don't consider myself a troll (and don't particularly carelJ > >whether you may).  I usually raise these issues because of the residualJ > >feeling from days long past that VMS users were a cut above the generalJ > >population in their analytical abilities and might respond to reason if it8 > >was placed sufficiently close underneath their noses. >_L > Considering that we've been pointing out flaws in the MS Windows operatingI > system for the last few days, and you come back disgarding all of that,n yes, I > feel there's a chasm here.  J The problem is that what people here have been pointing out these last fewD days aren't flaws, but reasonable design choices:  the choice not toG encumber a single-user system with multi-user protection features (thatfF would have taken some considerable effort to add to the code base thatK resulted in Win9x) that would still protect only the system itself, not thefG user's data on it (and that data is the primary thing worth preserving,pK since the system can always just be reinstalled), and the choice to providedL email options that users clearly use (along with the ability both to provideD cautionary access to them and to disable them entirely, according to individual system needs).i  K Microsoft at its best produces mediocre software, and some of it fails evendF to rise to that level.  The problem here is that people seem unable toE distinguish between their general reaction to such mediocrity and thesE specific aspects that define it (hint:  they don't include the designu choices noted above).9  L If you guys are incapable of rational, analytical thought, I agree that thisD is an unbridgeable chasm.  But it's not an issue that should just beJ ignored:  otherwise less informed people might take your rants as factual.   - bill   > --= > Howard S Shubs      hshubs@mindspring.com    hshubs@bix.comPA > The Denim Adept     Which is better, Maryann or pickled Ginger?r@ > SPAM: uce@ftc.gov   postmaster@[127.0.0.1]   abuse@[127.0.0.1]   ------------------------------  " Date: Mon, 8 May 2000 00:44:35 GMT9 From: Kilgallen@eisner.decus.org.nospam (Larry Kilgallen)D& Subject: Re: the latest billybox virus+ Message-ID: <NS3Wu87K+vuo@eisner.decus.org>0  p In article <009E9B8B.10FC58FB@SendSpamHere.ORG>, system@SendSpamHere.ORG (Brian Schenkenberger, VAXman-) writes:i > In article <gOJ49EHUJxj1@eisner.decus.org>, Kilgallen@eisner.decus.org.nospam (Larry Kilgallen) writes:dr >>In article <009E9B08.336F6BF0@SendSpamHere.ORG>, system@SendSpamHere.ORG (Brian Schenkenberger, VAXman-) writes: >>L >>> monopoly$chlock crap is already infiltrating VMS.  If we're not careful K >>> and we don't yell loudly enough, the next thing to be incorporated justsJ >>> might be one of these REALLY STUPID monopoly$chlock features.  Then, IK >>> ask, where will we be?  "pissing and moaning" here, I would hope, wouldi9 >>> send a signal that we won't/don't tolerate such crap.- >>; >>I am not convinced Microsoft errors are infiltrating VMS.-6 >>Certainly the Lanman networking support in Pathworks8 >>suffers from the insecurities of the Microsoft design,8 >>but nobody is pushing it for VMS-to-VMS communication. >>9 >>As for the Registry, the DECUS talks claimed that their 8 >>goal was to build a Registry that was more robust than8 >>on NT, but that they still were not going to depend on >>it for booting VMS.- >  > Right Larry, > G > If DECompaq wishes to provide some monopoly$chlock feature on VMS formF > the pirposes of supporting an application for a monopoly$chlock likeH > environment, so be it.  I will not, however, tolerate the short-sight-F > ed monopoly$chlock-like features if they will break my system's sec-G > urity or encumber my doing things in a sound VMS-like manner.  I sus-t  > pect others feel the same way.  3 But I think concern may be less and less necessary, 2 as the fascination with all things Microsoft seems1 to be in retreat at DEQ.  The new latest thing isu1 supposed to be Apache, which is approximately thee5 antithesis of Microsoft.  Of course eternal vigilance 7 is the price of liberty, as there might be shortcomingst in the Apache code, as well.   ------------------------------  % Date: Sun, 07 May 2000 23:00:41 -0400 0 From: JF Mezei <jfmezei.spamnot@vl.videotron.ca>& Subject: Re: the latest billybox virus/ Message-ID: <39162DCF.2904D34C@vl.videotron.ca>S  = One quick thought: (yeah, I know this ia rather rare for me).o  J Any email system can have fancy features such as ability to excute scripts etc.    I But such features, when they provide the ability to run scripts that have M access to the user's files etc, should be restricted to INTERNAL EMAILS ONLY. L Any email that comes through a foreign gateway should not result in the used* being able to double click on executables.   ------------------------------  $ Date: Mon, 8 May 2000 00:14:46 -0400' From: "Bill Todd" <billtodd@foo.mv.com>g& Subject: Re: the latest billybox virus( Message-ID: <8f5es2$sms$1@pyrite.mv.net>  ; JF Mezei <jfmezei.spamnot@vl.videotron.ca> wrote in messagea) news:39162DCF.2904D34C@vl.videotron.ca...e? > One quick thought: (yeah, I know this ia rather rare for me).j >pL > Any email system can have fancy features such as ability to excute scripts > etc. >iK > But such features, when they provide the ability to run scripts that havenI > access to the user's files etc, should be restricted to INTERNAL EMAILSe ONLY.sI > Any email that comes through a foreign gateway should not result in the  used, > being able to double click on executables.  K Now *that's* getting closer to a BETTER implementation, rather than just noIJ implementation at all.  It sounds like a good default, though users shouldH have the ability to change that default (perhaps only with administrator9 permission in cases when an administrator is configured).i  4 Email systems are used in all kinds of environments:K corporate-internal-only, mixed internal/external, external only (typical ofaJ the home PC), ...  Their software should be configurable to meet the needsK (and protection needs) peculiar to each such environment, not restricted to  the lowest common denominator.   - bill   ------------------------------  % Date: Mon, 08 May 2000 00:37:33 -040010 From: JF Mezei <jfmezei.spamnot@vl.videotron.ca>& Subject: Re: the latest billybox virus/ Message-ID: <3916447B.EE5039AF@vl.videotron.ca>t   Bill Todd wrote:6 > Email systems are used in all kinds of environments:M > corporate-internal-only, mixed internal/external, external only (typical ofiL > the home PC), ...  Their software should be configurable to meet the needsM > (and protection needs) peculiar to each such environment, not restricted to/  > the lowest common denominator.    N The problem is that corporations have been brainwashed into using home-quality@ (read: low-quality) software as their corporate backbone. I hopeN Digital/Compaq got bitten real bad by the ILOVEYOU thing. They most certaintly deserve it.    ------------------------------   End of INFO-VAX 2000.256 ************************