Home
Skip to main content
a technical website in support of
Link to CyberSoft.com
CyberSoft News Virus Alerts White Papers Training & Support Downloads

CyberSoft White Papers

Article 12 in series. The split network architecture part deux

Notice: Copyright May 31, 1995 by Peter V. Radatti, All rights reserved.

Welcome back.. Last month we spoke about how CyberSoft split its LAN into three LANS the Internet Enabled Network (IEN), Intranet Internal Network (IIN) and the Email Network (EN). There is no connection between the IEN and the IIN so even if a hacker broke into our Internet site, they would never be able to access any of our business or development systems. The IEN is also regularly backed up onto 8mm tape so if the entire system was destroyed for any reason, we could be back up and running as fast as Federal Express could deliver a new system.

We, at CyberSoft, are also experimenting with a security project we dubbed Black Ice after the security program mentioned in the book Necromancer. The Black Ice project is almost complete. Black Ice is security hardware and has its own processor. There is no way for a hacker who does not have physical access to control it. There is no software interface, only hardware switches. The Black Ice system protects files. If anyone attempts to modify a file protected by Black Ice, the UNIX system automatically ignores the attempt and reboots. Attempting perpetrators should become tired of waiting for the reboot after a few attempts and go away. Some people may object to the fact that it reboots the system, but remember that if the attacker is attempting to modify a protected system file, they have already broken in. This system is being used by one of our customers who is an Internet Service Provider and it worked well for them. We have no plans for marketing Black Ice. It is just a research project but we will eventually publish the results on our web site at URL http:\\www.cyber.com. Look for the paper sometime this coming winter and you will be able to implement Black Ice at your site.

A second research project that is almost complete is Big Crunch. Big Crunch is implemented on a Sun Sparcstation 2 running Solaris. Big Crunch is an artificial intelligence program that processes MS-DOS computer viruses for use in anti-virus programs. This is a job that is normally done by hand but is tedious, requires lots of training, and is hard to get applicants for. We decided to attempt to automating as much of this process as possible so that only the really hard viruses had to be done by hand. We provide Big Crunch a list of hundreds of computer viruses. It sets up a PC simulator using Sun-PC and injects the virus into the simulator. The virus is then exercised using a stimulator program. Once the stimulator is completed, the Big Crunch program examines the remains of the simulator. Every file that is modified is copied to a holding tank and the simulator is reset for the next sample. The holding tanks are processed by a difference engine. Every file is compared to it's original unmodified state and the differences are saved. This can produce hundreds of hex string samples, one for every file tested. Due to the way viruses work each hex string sample may not completely agree with each other. Since it is necessary to be able to identify the virus in all files and not just in some files, a second process then compares all of the hex strings to each other and reports on the common areas within them. Unless the virus is armored, this final value will be located in all of the samples. If it is not, then it is rejected for human analysis. This is a lot more difficult than it sounds and our tolerances for final results are high since we use the results commercially in a product called VFind. This type of program would not be possible in any environment but UNIX, and the existence of Sun-PC helped us in implementing it. You can play with this process yourself by running a virus under Sun-PC and then using the UNIX "diff" command to see which files were modified. You can even use the UNIX "od" command in conjunction with "diff" to create hex strings for your own use. If you are not as adventurous, then you can always send the virus to me and I will put it in Big Crunch for you. You can get my email address below.

Enjoy the summer. Pete

Pete Radatti is the founder and CEO of CyberSoft, Inc. CyberSoft manufactures VFind the antivirus software product that executes under UNIX and simultaneously scans for UNIX, MS-DOS, Macintosh, Amiga, NT and Macro destructive software while providing cryptographic integrity to your file system. You can reach Pete at radatti@cyber.com, URL http:\\www.cyber.com. or call 610/825-4748 (9:00 AM to 5:00 PM Eastern Time). These articles are dedicated to Chrissy.

Back

© 2007 CyberSoft, Inc. All rights reserved.
Questions or comments? Please email the webmaster.