CRYPT NEWSLETTER 45
November -- December 1997

Editor: George Smith, Ph.D.
INTERNET: 70743.1711@compuserve.com
          crypt@sun.soci.niu.edu
http://www.soci.niu.edu/~crypt

Mail to:
Crypt Newsletter
1635 Wagner St.
Pasadena, CA 91106
ph: 818-568-1748


Who reads Crypt Newsletter:
==========================

The great majority of Crypt Newsletter readers do it on company
time.  While there are accesses at all hours, heaviest usage and
downloading of current issues occurs during U.S. business hours,
beginning at around 7:30 EST and continuing to 4:40 Pacific time.

Readers of Crypt Newsletter log in monthly from organizations like
Lucent Technologies, Loral, Lockheed, MITRE Corporation, MITRE Technology,
NASA-JPL, Midwest Research Institute, Electronic Data Systems, Intel,
Digital, CSIRO, Science Applications, Unisys, the World Bank, Fujitsu,
DuPont, the Securities and Exchange Commission, Boeing, FermiLab, the US
Dept. of the Treasury, the Department of Energy, the US
Naval Undersea Warfare Center, the EPA [?!], Disney [?!?], Oak
Ridge National Lab, Argonne Laboratory, Lawrence Berkeley, Vandenberg
AFB, China Lake Naval Weapons Research, the SPAWAR Submarine Command Office,
the Pentagon and many anonymous U.S. military Internet domains that refuse
open telnet connections and "finger" queries.  Others log in from media
organizations like the BBC, The Bloomberg Business News Service, New York
Times, the Sacramento Bee, various newspapers from the hinterlands,
Federal Computer Week, The Net magazine, and The Age, too.

Crypt Newsletter articles may not be copied or reproduced in or on other
media, on CD-ROM collections of data, or offered - in part or in toto - as
part of any database, data survey, information or research service
without prior consent of the editor. Rates based on word count are
reasonable. Queries by e-mail are welcome.


ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
³ Contents: Crypt Newsletter #45      ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ

 THIS ISSUE

NEWS
Ghost stories seen through a mirror: The Hudson Institute's info-war
hallucination.
Liquor in the front, poker in the rear of the flyin' saucer: Science
Applications' remote viewers.
Scary Symantec lawsuit secrets.
Iman de Excremento: NASA nettled by nuisance macro virus.
The Marsh Commission works the media.
Calling Victor von Doom: Tesla death rays under development, he claims.
Additions to the Joseph K. Guide to Tech: commerce, expert, hardware
glitch and "The Road Ahead."
Thunderbyte Anti-virus for Win95 -- reviewed by Stephen Poole.
MISCELLANY
  Credits/Acknowledgment


CRYPT NEWSLETTER NEEDS YOUR HELP:

Crypt News has never asked its readers for a favor but it has to ask for one now. What was shiny and new twenty issues ago in 1995 is now starting to squeak and groan with age. Crypt Newsletter needs a hardware upgrade!

If you enjoy Crypt News regularly, you can help keep the news coverage hot by purchasing a copy of my book "The Virus Creation Labs." It's available through COMSEC, Ltd. (www.comsecltd.com) as well as bookstores. Eventually, a small but reasonable royalty gets to Crypt News and helps the publication. Or, you might consider passing on a piece of used equipment -- that actually works . A hard disk, a monitor . . . Or just donate!

Now, back to our regularly scheduled transmission.


SOME GHOST STORIES SEEN THROUGH A MIRROR: The Hudson Institute's info-war hallucination.

If you visit this page often you surely have noticed grim dramas that play themselves out in the pronouncements of various national security experts.

Time and time again, prophets appear to warn that our safety and security are at stake or that fantastical threats and intrigue are mounting in the corridors of foreign power.

The solutions offered are always the same. Spend more taxpayer dollars. Give them to the Pentagon, proxies of the Pentagon, and/or consultants offering guidance to the Department of Defense.

In the mainstream media, no one ever questions the methods or results of the prophets of national doom even though the same prophets have racked up a startling number of foolish mistakes and false alarms in the past few years.

Few average Americans know how such mistakes are vended as truth or how intelligence information is twisted into unrecognizable analyses that share no relationship with their original sources. No one gets to look behind the doors of the national security apparatus except the carefully screened. Never you and certainly never anyone you know.

Well, this story gives you a peek behind that door. It's a look at the nuts-and-bolts constituting an intelligence analysis provided by a highly respected think tank. Buckle yourself in and grab the bottle of Tums because it's not a pretty picture.

In Crypt News 44, you read the tale of Mary C. FitzGerald, a Hudson Institute research fellow whose paper "Russian Views on Electronic and Information Warfare" dove into the realms of telepathy, the paranormal and their alleged military application.

In it, FitzGerald fell for an old April Fool's joke known as the Gulf War virus hoax, too.

The Hudson Institute paper stated:

"For example, one cannot exclude the use of software inserts in imported gear used in the Iraqi air defense system for blocking it at the beginning of the war," is one of the incarnations of it -- as reprinted from "Russian Views on Electronic and Information Warfare." Published on the Internet earlier this year, it was disseminated through Winn Schwartau's Information Warfare mailing list.

But where did this come from?

Ironically, the same statement can be found in an article retrieved from the CIA's Foreign Information Broadcast Surface (FBIS). Crypt Newsletter obtained an interesting FBIS English translation of an article published in October of 1995. Written by a Major M. Boytsov, it appeared with the title "Russia: Information Warfare" in a Russian publication entitled "In Foreign Navies."

Despite it's misleading title, Boytsov's article is not about Russian ideas on information warfare. Instead, it is more a survey and analysis of U.S. Department of Defense thinking and effort on the subject. Boytsov's sources are attributed in a footnote to the "foreign press."

So, in October of 1995, Boytsov writes in "Information Warfare," "For example, one cannot exclude the use of software inserts [programmnyye zakladki] in imported gear used in the Iraqi air defense system for blocking it at the beginning of the war." Since Boytsov's sources are the "foreign press," it's quite likely he read of the Gulf War virus hoax either from US News & World Report, the original mainstream media source to spread it, or others pulled along for the ride. (As we've learned, this particular hoax sprang from an April Fool's joke published in Infoworld magazine. The joke was accepted as reality by the national news media and now it's an inescapable part of computer virus lore.)

Since Mary C. FitzGerald's paper was provided as intelligence for the U.S. military, it is of further interest to taxpayers to know that money is being spent to educate the Department of Defense on issues that are normally reserved for television programs on the FOX network -- urban X-File-type myths.

Another section of the Hudson Institute research paper on Russian views in information warfare are worth reviewing when compared with a completely different article published in 1994 by a colonel in the Russian military.

Appearing in an August 1994 issue of Foreign Military Review, and again made available to Crypt Newsletter translated from Russian through the CIA's Foreign Broadcast Information Service (FBIS), Colonel V. Pavlychev writes in the article "Psychotronic Weapons: Myth or Reality":

"The second direction [at the U.S. Department of Defense] includes an in-depth study of paranormal phenomena that are of greatest interest from the standpoint of possible military use -- clairvoyance, telekinesis, and so forth."

Most of Pavlychev's paper is written from the standpoint of discussing U.S. Department of Defense involvement in potential use of the paranormal as a weapon. Leaving aside the ridiculous nature of the topic for an instant, keep in mind that Mary C. FitzGerald's Hudson Institute paper is on "Russian" military views.

In "Russian Views on Electronic and Information Warfare," published by the Hudson Institute and FitzGerald on the Internet earlier this year, we see:

"The second direction includes an in-depth study of paranormal phenomena that are of greatest interest from the standpoint of possible military use -- clairvoyance, telekinesis, telepathic hypnosis, and so forth."

But wait. These aren't Russian views at all. Instead, Colonel Pavlychev attributes them to two Americans: Russell Targ and Keith Harary, who authored a book called "The Psychic Race" in 1984. Targ was a known as a psychic researcher at Stanford Research Institute in the Seventies and Eighties until this type of fringe science became badly discredited. Harary was a psychic who worked with Targ and who occasionally published in unusual journals like "Journal of the American Society of Psychical Research."

Pavlychev also writes on the U.S. use of remote-viewers, or clairvoyants -- which is what most people, including the Russians, call them. ("Remote viewer," in Crypt Newsletter's estimation, was nothing but a clever dodge used by the crackpots in the U.S. Army and intelligence agencies in the Eighties to avoid immediately tipping off supervisors, the press and the skeptical that they were involved in using the equivalent of "crystal ball gazers" for military reconnaissance.)

Anyway, Pavlychev's article states:

"The framework of this phenomenon is quite broad: on a strategic scale, it is possible to penetrate the enemy's main command and control facilities to become familiar with his classified documents; on the tactical level, reconnaissance can be conducted on the battlefield and in the enemy's rear area (the "clairvoyant-scout" will always be located at a safe place). However, problems do exist -- the number of individuals possessing these abilities is limited, and the data received cannot be checked."

Once again, this is material roughly attributed to Targ and Harary in 1984 -- not Russians in 1997.

In the Hudson Institute research paper, this year, we read:

"The framework of this phenomenon is quite broad: on a strategic scale, it is possible to penetrate the enemy's main command-and-control facilities to become familiar with his classified documents; on the tactical level, reconnaissance can be conducted on the battlefield and in the enemy's rear area (the 'clairvoyant-scout' will always be located at a safe place). However, problems do exist -- the number of individuals possessing these abilities is limited, and the data received cannot be checked."

In Pavlychev's "Psychotronic Weapons," we see:

"According to military experts, using psychokinesis to destroy command and control systems and disrupt the functioning of strategic arms is timely. The ability of a human organism to emit a certain type of energy today has been confirmed by photography of a radiation field known as the Kirlian effect. Psychokinesis is explained by the subject's generation of an electromagnetic force capable of moving or destroying some object. Studies of objects destroyed as a result of experiments conducted have shown a different form of breakage than under the effect of physical force."

The Hudson Institute researcher writes in 1997:

"The ability of a human organism to emit a certain type of energy has been confirmed by photography of a radiation field known as the Kirlian effect. Psychokinesis is explained by the subject's generation of an electromagnetic force capable of moving or destroying some object. Studies of objects destroyed as a result of experiments conducted have shown a different form of breakage than under the effect of physical force."

In 1994, Pavlychev says:

Using telepathic implantation, an enemy formation, "instead of exploiting the success, will try to consolidate on the line achieved or even return to the starting line."

In 1997, the Hudson Institute research paper states of the power of implanted telepathic command: "For example, personnel of an enemy formation executing a sudden breakthrough of defenses, instead of exploiting the success, will try to consolidate on the line achieved or even return to the starting line."

In 1994, Pavlychev states:

"Many western experts, including military analysts, assume that the country making the first decisive breakthrough in this field will gain a superiority over its enemy that is comparable only with the monopoly of nuclear weapons. In the future, these type of weapons may become the cause of illnesses or death of an object (person), and without any risk to the life of the operator (person emitting the command). Psychotronic weapons are silent, difficult to detect, and require the efforts of one or several operators as a source of power. Therefore, scientific and military circles abroad are very concerned over a possible 'psychic invasion' and note the need to begin work on taking corresponding countermeasures."

In 1997, the Hudson Institute publication reads:

"Many 'Western experts,' including military analysts, assume that the country making the first decisive breakthrough in this field will gain a superiority over its enemy that is comparable only with the monopoly of nuclear weapons. In the future, these types of weapons may become the cause of illness or death of an object (person), and without any risk to the life of the operator (person emitting the command). Psychotronic weapons are silent, difficult to detect, and require the efforts of one or several operators as a source of power. Therefore, scientific and military circles abroad are very concerned over a possible 'psychic invasion' . . . "

Pavlychev's 1994 article also distinctly points to sources derived from U.S. writers, specifically, the eccentrics -- colleagues of Hal Puthoff, and employees of military men Albert Stubblebine and John B. Alexander's "spoon-bending" and "out of body experience" programs -- in residence at Stanford Research Institute (SRI) and the U.S. Army to study the paranormal in the Eighties.

Other material from the Pavlychev paper is roughly attributed to another U.S. source, a book called "Mind Wars: The True Story of Government Research Into the Potential of Psychic Weapons," written by Ronald McRae and published by St. Martins in 1984.

And still other sources include American network television shows and the New York Times -- obviously also published in the U.S..

It need repeating that Pavlychev's article is not a monograph on Russian military views on the paranormal, but rather his analysis of the U.S. military's involvement in the area with information obtained from open source literature published in the United States.

Paradoxically, the Hudson Institute's Mary C. FitzGerald uses the same subject material as Pavlychev's 1994 article and turns it around 180 degrees to show "Russian Views on Electronic and Information Warfare."

What does all this gobble on telepathy and psychotronic brain weapons from books on the paranormal and comments from fringe researchers written in the Eighties have to do with Russian views on information warfare today? Does it have anything to do with information warfare and Internet security at all? Excellent questions! Ask the mandarins at the Hudson Institute. Perhaps they know.

All of this serves to demonstrate that the environment in which these weird stories of strange pseudo-science and technology in service to the military machine circulate is like a hall of mirrors in which the equivalent of techno-myths and modern ghost stories bounce back and forth through Cold War minds until few can even tell where they originally came from.

Like any good ghost story, they gain credibility when passed through supposedly expert sources -- think tanks. But the only thing remarkable about them is how they're used to frighten the ignorant -- in this case, military men, political leaders or uncritical journalists.

-----------------

Notes: Mary C. FitzGerald responded to having her report written up with regards to the Gulf War virus hoax in the Netly News. Her comments are appended to the original (URL below) and they are republished here in contrast with this issue's analysis.

Mary C. FitzGerald replied:

"According to George Smith, the sun revolves around the earth, the earth is flat, the Conquest of the Skies will never fly, and the new Revolution in Military Affairs is a Pentagon war-theory euphemism wherein futuristic contraptions are predominantly products of wishful thinking.

"Mr. Smith debunks the potential use of computer viruses in warfare. He further argues that they are merely a conspiracy by the Pentagon and conservative think tanks designed to enhance a non-existent threat -- presumably to increase defense spending. He has the right to say whatever he thinks, but the only thing he has demonstrated is his own selective paranoia.

"The paper he cites is my presentation of Russian views on the nature of future war, a subject to which the Russians for many decades have devoted extensive resources and manpower. The Chief of the Russian General Staff, Marshal Ogarkov, not the Pentagon, used the phrase the Revolution in Military Affairs (RMA) over two decades ago to point out the impact of technology on future warfare. His writings and those of other Russian military theorists on the RMA are proving to be very prophetic. Ogarkov in the mid-70s correctly envisioned the type of warfare that was demonstrated in Desert Storm. Russian military theorists are evaluating not only the impact of computer viruses, but also all other types of information weapons, logic bombs, special microbes, and micro-chipping. They are also studying the impact of other new technologies (such as precision-guided munitions, third-generation nuclear weapons, and weapons based on new physical principles). George Smith may refuse to accept the potential of new technologies on modern warfare, but the Russians clearly disagree with him.

"P.S. Throughout his commentary, Mr. Smith erroneously takes my discussion of what Russian military theorists have said and presents it as direct quotes from me."

More relevant links:


LIQUOR IN THE FRONT, POKER IN THE REAR OF THE FLYING SAUCER: Another brief in a continuing series.

Science Applications International Corporation (SAIC): gigantic contractor for the Pentagon which most Americans have never heard of; or, a secret corporation that relies almost exclusively upon taxpayer dollars for profits.

Usage: "The ideal Science Applications International Corporation business project always involves classification so that outside audits and meddlesome taxpayers can be side-stepped," the SAIC vice-president patiently explained to the new hire.

---from the Joseph K Guide to Tech Terminology


While examining the Hudson Institute's 1997 research paper on information warfare, Crypt News did a cross-reference of the term "remote viewing" in the Washington Post's database, reasoning that older material on Pentagon and intelligence agency involvement would crop up.

Indeed, such was the case. And Crypt News' favorite secretive DoD contractor bore mention, too. That's right! Science Applications International Corporation's (SAIC), Tyson's Corner, Virginia, office was administering these pseudo-science programs on taxpayer dollars as late as 1995.

"We aren't going to be able to discuss any details about this without permission from the client," was the only comment The Washington Post reporter was able to wrest from a SAIC mouthpiece. The client, in the Post article, was indeterminate: either the Defense Intelligence Agency or the Pentagon.

The non-disclosure comment is common to Science Applications representatives. Alert Crypt Newsletter readers may recall the company employing a similar dodge when called before Congress in 1996 to discuss alleged computer break-ins at Department of Defense and corporate networks.

Administering the SAIC program was a "nuclear physicist," Edwin C. May. May was a firm believer in the paranormal program and employed two psychics who had formerly peddled their trade at SRI in California.

The psychics were said to have tried to view underground tunnels in North Korea. A couple of years earlier, they attempted to find SCUD missiles during the Gulf War.


RUSSIA: THE VIRTUAL FALLGUY

Crypt Newsletter readers may have noticed how some computer security "experts" and bemused technology reporters in the mainstream media tend to spread tales of menacing goings on in the former Soviet Union. They always make for good fireside reading.

Cliff Stoll had a skeptic's tool he used "Silicon Snake Oil" to defend against frank bull. He called it his "bogometer." Crypt News calls its model of the "bogometer" the phlogiston spectrometer. If you see news stories invoking the "Russians" as perpetrators of some futuristic sounding techo-atrocity, your phlogiston spectrometer should be clicking.

Crypt Newsletter summarizes a few of the best of these tales for your review:

1. "Embittered Russian computer programmers, out of work since the collapse of the Soviet Union, are busy writing computer viruses as revenge against their former masters and the West. Soon Western computers will collapse under the virtual plague."

This one cropped up in the earlier part of the decade, was seen frequently until about 1994 and now only rarely shows up in pieces written by the totally out-of-it. It formed a partial basis for an entertaining book called "Approaching Zero" (Bantam), now out of print in this country.

Have you noticed your neighborhood computers crashing under the weight of Russian-made computer viruses, lately?

2. "The Russians are the inventors of information warfare."

See Mary C. FitzGerald's remarks in this issue. Sometimes it's seen in another permutation: "The Chinese are the leaders in information warfare."

3. "Terrorists in Russia are selling plans, peddling working models, and disseminating technology on the Internet of/for electromagnetic pulse ray guns, hand grenades, mortars, etc."

See back issues of the Crypt Newsletter. Spread by the U.S. military, wire services, popular science magazines and consultants to the Department of Defense.

4. "The Russians are developing mental telepathy as a weapon. Trained psychokinetic assassins have killed tethered goats at 60 paces in secret trials."

See this issue. Dates from the early Seventies, at least.


SCARY SYMANTEC LAWSUIT SECRETS

What do "The Texas Chainsaw Massacre" and Symantec have in common? No, they're not tasteless entertainments -- but that's a good guess.

Both purchased the services of TV horror hostess Elvira (a.k.a Cassandra Peterson) this Halloween season.

Two days prior to Halloween, Symantec commissioned the "Mistress of the Dark" and self-proclaimed "guy's favorite sport utility vehicle" to appear as "Elvirus" at Gardena High School in Southern California. "Elvirus" was Symantec's choice as "computer virus expert" and she held a seminar on those scary, scary replicating programs for the students. The computer lab was reportedly done up to resemble a mad scientist's while Peterson declaimed on the horrors of infected files and technological catastrophe. On Halloween, Elvira acted as host for a TV broadcast for Tobe Hooper's film of a cannibalistic family of cretins, allegedly patterned on the life of serial murderer Ed Gein. From computer viruses to flesh-eaters. Now that's mental flexibility.

Booooooo! Pretty frightening.

But not as frightening as the nightmares Symantec flacks must have about Trio Systems' lawsuit against the company becoming common knowledge.

In case you've been out of the country, Symantec has been waging an information war against arch-rival McAfee Associates. The company has launched a meretricious lawsuit accusing McAfee of usurping Symantec computer code but seemingly more directly aimed at damaging McAfee stock prices.

Trio Systems, a small firm in Pasadena, Calif., is suing Symantec for copyright infringement on a massive scale, something you won't find proudly mentioned in the raft of Symantec corporate phlogiston issued on the McAfee case.

You see, Trio licenses a code library called C Index/II, which it negotiated with Symantec for use in Norton Administrator and Norton Desktop Administrator. However, Alan Bartholomew -- Trio's founder -- stumbled over his copyright notice in another Symantec product for which no license had been negotiated.

Henry Gradstein, Trio's lawyer against Symantec in this case, told Crypt Newsletter that Symantec "admitted in sworn interrogatory statements" to the presence of "10 to 20,000 lines" of Trio's C Index/II code in six other of its products, including Norton For Your Eyes Only, Norton Utilities 8.0 for Windows and DOS, Norton Utilities for Win95 and PC Anywhere versions for DOS, Win95 and Windows NT.

Asked what would be sought as reward in the case, Gradstein said, "Nine figures."

"Ouch, ouch, oowwwwitccch," scream Symantec fluglemen as they envision having to spin this one into a corporate victory, should it all turn out badly.

Symantec representatives did not respond to queries about the Trio Systems case.

[You can read the nasty details and the court documents on Rob Rosenberger's Virus Myths site --- http://www.kumite.com.]


IMAN DE EXCREMENTO: NASA NETTLED BY NUISANCE MACRO VIRUS

In late October, Federal Computer Week featured a story about macro virus infection at NASA.

The macro virus infecting NASA's Houston systems was subsequently sent to Moscow's Mir space station controllers in a Word document e-mail attachment where it also caused infections.

NASA officials blamed the Russians for being cash poor and not having up-to-date software to catch the virus. The Russians blamed NASA for sending them the virus. There was surely a bucket load of blame but no one who would bravely take a fall for it.

However, the story was refreshing news of techno-reality in stark contrast to the usual company line in the mainstream media condemning the Russians for the atrocity of Mir and crediting NASA as the repository of all technological and scientific know-how in the Western world.

In fact, the macro virus infection at NASA revealed a certain lack of techno-agility on the part of the U.S. organization since -- theoretically -- it's quite possible to obtain software from the Internet which will unilaterally remove macros from Word documents regardless of the identity of a putative virus. And NASA, of course, is supposed to be well-wired.

Further, one might assume that computer programmers at NASA have more than enough savvy to homebrew a specific remedy once they had the virus in hand.

The Federal Computer Week piece also featured two experts (see the Joseph K definition of the word in this issue for the appropriate context) declaiming on the nature of the computer virus problem: James Oberg and Henry Hertzfeld.

In addition, this particular piece had all the hallmarks of a vendor leak. The phenomenon works like this: An anti-virus company is called at the last minute by desperate administrators to supply a fix. The vendor's marketing and p.r. departments get wind of it and issue a quick press release to trade publications in order to generate some publicity for the product. Hypocritically, the official policy of the vendor is usually to refuse to document the names of clients, citing ethical considerations and confidentiality, when asked to provide examples of work supporting exorbitant claims of virus infection in unrelated news stories.


MARSH COMMISSION DELIVERS CLASSIFIED REPORT, WORKS MEDIA LIKE PROS

In mid-October, the President's Commission on Critical Infrastructure Protection delivered a report on threats from cyberspace to the President. It was promptly classified. A second edition for public consumption was made available on the Commission's Website in Adobe Acrobat format the first week in November.

However, commissioners used the week of the report's delivery to work the media with sensational leaks about cyberdoom.

It was a good strategy because it gave reporters plenty of hooks to write about without giving them the means to determine if they were being fed a load of phlogiston.

USA Today's Mike Zuckerman covered the event closely and published a number of the Marsh commission's claims. One that immediately stuck out was a baldly exaggerated claim about the nature of computer virus infections.

"Five hundred new computer viruses evolve every month . . . and three thousand are active at any one time," claimed a commissioner.

As most who've read the Crypt Newsletter for an extended period of time know, these numbers are complete fabulation.

Crypt News queried Mike Zuckerman and the USA Today reporter replied that he was skeptical of the numbers, too, but that the commission had fended him off without providing sources.

Zuckerman added, in retrospect, that he wished he had pressed the commission harder.

In any case, the day after the report's release, the commission's figurehead, Robert T. Marsh, appeared on CNBC briefly in the afternoon. While he would not respond to specific questions posed by the interviewer, he did take the time to essentially declare U.S. "teenagers" a menace to the nation's security because of the availability of hacker tools on the Internet, and in his estimation, the certain will to employ them. This startlingly paranoid claim was quickly buried by the brevity of the interview and the news that the Department of Justice was taking on Microsoft, an event which eclipsed most of what the commission had to say to the mainstream media the same week.

Prior to the release of the report, Marsh had been busy delivering speeches at computer security conventions -- actually one speech, repeated over and over, later amended to address the recommendations the commission was preparing. Through the first part of the summer, Marsh gave an identical speech to numerous audiences. By fall, the speech had been changed slightly in content. For those who are wondering about the nature of it, Marsh's speech follows the format: First he tells you about the reason for his commission, then he tells you about the commission -- and then he tells you how extensively the commission worked with our national community to assess the cyberthreat. In the fall, the speech was changed to include the commissions' recommendations, which were provided on a press release to the media at the time Marsh handed over the report to the President. (Don't take Crypt Newsletter's word for it. The President's Commission archives all of Marshes speeches on its Website -- http://www.pccip.gov.)

While on the surface this appeared to be a legitimate effort at community outreach, it should be noted that a great many of Marsh's speaking engagements were at computer security industry conventions were the price of admission averaged into the hundreds of dollars. A case in point is Oceana Publications' "Financial Crimes and Information Warfare" conferences in Washington, D.C. and New York. The asking door price is about $1,200 to get a crack at hearing Robert T. Marsh.

The overly cynical may note that Robert T. Marsh -- figuring as prominently as he does in the advertising brochures for various conference -- has become a celebrity draw and cash cow for the vendors.


CALLING VICTOR VON DOOM

If you scratch some information warriors deeply enough, you often find a fanatic adherent to the weird stories surrounding inventor Nikola Tesla.

Such was the case with an entertaining paper presented by electromagnetic pulse gun enthusiast, Victor von Doom of Queensland University in Brisbane, Australia. (Not his real name, but Crypt Newsletter has used it in the past as a handy alias for those who spread unusual tales of these chupacabras of cyberspace.)

Delivering a paper at a recent National Computer Security Association conference on information warfare, von Doom invoked Tesla's alleged "death rays" as viable electromagnetic pulse weapons.

"Nikola Tesla, aged 78, in 1934 released details of a death-beam, an invention powerful enough to destroy 10,000 planes 250 miles away; to kill without a trace," von Doom breathlessly writes in "The Emerging Technologies Driving Information Warfare Globally."

Cattle prods are also tools of the well-equipped info warrior. "CATTLE PRODS . . . are high-voltage devices used to prod, help along, slow cattle. These devices generate a high-voltage across two metal probes which are held on the back of the cow. When you push the prod onto the animal's back it activates a switch allowing a high-voltage discharge to be transmitted to the animal giving it a jolt," continues von Doom.

Also, for those building ion-drive space-craft in their basement: "If we consider what has been developed in other disciplines of science we find that there is open-source literature that describes how to build ion-engines and thrusters to be used as engines for space probes . . . By now you should be aware that some of the different aspects associated with these devices are damaging to computers/information systems . . ."

"CAUTION! - THE INFORMATION IS OUT THERE!" von Doom balefully warns his readers.

It's true. Information on Tesla "death rays" and related topics is out there. Despite formidable contributions to science, Telsa was also prone to making wild and fabulous claims to journalists. Today, he is accidentally known as something of a patron saint for all crackpot scientists. Indeed, if one conducts makes a few searches on the Internet it is simple to produce a wealth of crazy stories about Tesla attributing to him everything from the Tunguska blast (it was a result of his death ray experiments) to patents that have enabled the U.S. government to construct secret orbital space fortresses equipped with gamma ray lasers.


ADDITIONS TO THE JOSEPH K GUIDE TO TECH TERMINOLOGY: Another brief in a very popular Crypt Newsletter continuing feature.

commerce: something indeterminate that's always booming on the Internet, although no one you know has ever seen or benefited from it.

Usage: Representatives of a grotesquely hyped Internet start-up asserted that its commerce was tripling monthly in cyberspace even as the firm surreptitiously filed for protection from creditors under Chapter 11.


expert: instrument of journalists deployed to burnish whatever received wisdom is being passed on as news; or, instrument of journalists used to furnish stock criticisms for heretical or unpopular findings; or, someone frequently counted on by hack journalists to provide Delphic wisdom on a subject or subjects the expert knows little about.

Usage: The think tank expert was often asked for her comments on computer viruses and information warfare even though it had been shown she was computer illiterate.


hardware glitch: The cause of all human errors and oversights leading to down time and lost e-mail at national Internet Service Providers or Online Services.

Usage: America On-Line mouthpiece Tatiana Gau insisted a hardware glitch was responsible for the system-wide failure.


Road Ahead, The: a book for those who despise books, credited to a man who also despises books.

Usage: Unable to unload the excessive printing of "The Road Ahead" in the continental United States, Bill Gates came up with the novel idea of arm-twisting Russian paupers wishful for his beneficence into purchasing copies for about 9 dollars, cash U.S.

Yes, you can -- like others who wish not to be named -- contribute to the Joseph K Guide without fear of professional retribution or stain upon your reputation. Send your suggestions, definitions or usages to Crypt Newsletter!

THUNDERBYTE ANTIVIRUS FOR WIN95

by Stephen Poole

The oddest praise that one can give Franz Veldman's Thunderbyte anti-virus software is that the virus writers regard it highly. Many, many reams of electronic text have been wasted trying to generate a variety of dodges for it. The great majority remain curiosities. And a handful of computer viruses have been written specifically to attack a portion of the program no longer supported by Veldman. Only one, to my knowledge, ever spread widely. (If you want the full details, read "The Virus Creation Labs.")

TBAV pioneered "heuristic detection," or the ability to examine a file for suspicious-looking code. TBAV was also one of the first systems to read the hard drive directly to avoid being fooled by a resident virus.

But TBAV's hallmark is, and always has been, near-perfect detection rates coupled with blazing speed. I tested version 8.02 for Windows 95, and it impeccably sorted out over 2,000 files in less than a minute, detecting every virus on my system with ease. Macro viruses, classic file infectors, boot infectors on diskettes, it didn't matter; TBAV nailed 'em.

Having said that, I'll leave TBAV's detection performance with a resounding "well-done." I'd rather take a look at how it acts on a typical Windows 95 system, because that's where its strengths and weaknesses become apparent.

The installation program is simple enough; you select "Setup", and the program does the rest. There's also an Uninstaller, should you choose to remove the program later.

TBAV uses the "scan target" approach -- i.e., it scans preconfigured lists of drives and subdirectories. The installer creates a few default targets, including "Scan All Hard Drives." To do more specific scans, you can create other targets by simply clicking a few buttons.

To scan, you select a target and click the "Scan" button. I did, and encountered my first surprise: TBAV version 8.02 was unable to scan a FAT32 boot sector. It scanned the MBR of the hard drive just fine; but returned "Access denied" on the operating system sector.

To be fair, the Windows 95 OSR2 release with FAT32 caught many AV and utilities vendors by surprise, and I expect that Thunderbyte will address this in a later release. It's still a bit surprising, given Thunderbyte's reputation, and the fact that the problem has been known for some time.

TBAV also includes the "TBSetup" program, which can be used to create Anti-Vir.Dat files containing validation information for the files in each subdirectory. If a virus changes a program and it's listed in these files, TBAV will throw up a warning on any subsequent scan.

Now we get to the heuristics. I first tried this feature under DOS many years ago, and found it to be just too blame paranoid. It warned of even the most innocuous oddities in a file.

The heuristics are retained in Version 8.02 for Windows 95. I was amused to learn that TBAV will warn of the presence of a Windows file header. If you do a scan and create a log file to catch all warnings, the result will essentially be a directory listing of all Windows files on the system!

To get around this, if you're going to use the heuristics, TBAV has a Setup module to create the validation files first. You create them, then scan. If you get false alarms on known good files, you select "validate" to add them to the Anti-Vir.dat file. This suppresses future warning, or false-alarms in this case.

Still, the average user will probably be terrified by heuristics. They'll see the "infected by an unknown virus" warning and be needlessly concerned. Joe Average User should probably just switch the heuristics to LOW sensitivity, as I did. Frans Veldman made his name on this feature and it's very powerful in the hands of someone who knows enough about anti-virus software and computer viruses to use it effectively. Veldman must certainly feel his philosophy on detecting unknown viruses has been vindicated since most other vendors have imitated this feature in one way or another in 1997.

With the concerns about receiving infected files, most anti-virus packages have some form of resident protection. This package includes a VxD that permits TBAV to run in the background, checking every file opened on the system automatically.

One of my tests was to copy a few infected files to another drive. Sure enough, TBAV instantly hollered. A message box popped up with a warning on virus-infected code.

But then I copied a file from one folder to another on the same drive and nothing happened. I was confused until I read the included "FAQ" file in the package. In general, TBAV uses an intelligent method to determine when and what to scan.

For example, TBAV won't scan inside ZIP files, nor will it immediately scan a downloaded file. But it will scan as soon as the file is unzipped, executed, or used in any other way, so the protection is there. By doing it this way, Thunderbyte improves performance noticeably. Some competitors give users the option to examine anything that moves through the system. It's an effective approach, too, but it comes with a performance penalty.

The resident monitor has some other nice features one of which is the ability to configure the software to check drive A: for a diskette at shutdown. If the user pays attention, it goes a long way toward preventing an infection of the hard disk created by someone carelessly leaving an infected diskette in the drive and starting the machine without removing it.

You can also configure TBAV to automatically do a "Background Scan" at specified intervals. I tried it with a setting of 30 minutes, and sure enough, every half-hour, it would start scanning. More impressive was the fact that it hardly impaired performance. On my 586/133, it was barely noticeable.

There are a few minor irritations. For example, while the user interface works fine, it gives the appearance of having been thrown together at the last minute. It flickers and redraws itself a few times when you reactivate it from a minimized icon.

If you want proof that DOS is dying, TBAV doesn't even include a DOS scanner in the package. I can understand that the average user wouldn't use it anyway, but for some reason, its omission disturbs me. [TBAV still maintains a DOS version of the program. -- Editor.]

Finally, I'm a programmer and I do crazy things to my system for a living. I experienced some conflicts while I was working. The worst was an occasional General Protection Fault while compiling. I had to disable the resident part of the program to continue but to be fair, I doubt the average user would have a problem like this.

In sum, TBAV for Windows 95 is nicely done. Thunderbyte needs to add support for OSR2 FAT32 boot records but its most outstanding features are accuracy, reliability, and speed. At $99.00 for the Professional single-user version, it's a good deal.

Send a comment to Stephen Poole: Feedback


-------------------------------------------------------------
George Smith, Ph.D., edits the Crypt Newsletter from Pasadena,
CA.

copyright 1997 Crypt Newsletter. All rights reserved.


This issue's relevant links: