In This Issue:
Navrhar Virus. The virus writers are getting more and more creative as time goes on. A fairly new type of virus has been spotted; but not in the wild due to bugs in the virus. The problem is that this type of virus could spread once the bugs are worked out.
The virus is called Navrhar and infects both Word documents and Windows 95 VxD files; in both directions. Data Fellows, the makers of F-Prot have a complete description on their web site (http://www.datafellows.fi) if you are interested in the details of this virus; but basically, in its Word form it extracts a portion of the macro file, saves it to disk and then uses system commands to insert that into memory and then place it into a VxD file that infects the system the next time Windows 95 starts. In its VxD form the virus looks for Word DOC files and infects them.
Keep your anti-virus software up to date! It’s important.
General Security
Lie detection software. Just when you thought you were safe, Truster is about to be introduced (December in Israel, 1Q98 in the USA). The software analyses speech on a PC and, based on this analysis attempts to determine if the speaker is being complete truthful or not. The news release on C|Net did not say how this was done, but machines that have been on the market for some time now analyze micro tremors in the voice. It’s likely the software attempts to do the same thing.
Initial tests are supposed to have been performed on Middle-East politician Netanuahu and Arafat. As you might guess, the politician was being political.
It’s easy to imagine many uses for this software; some not altogether “right.” But, it’s also important to recognize that the maker claims 85% accuracy and you all know how accurate manufacturer claims are! Assuming a very clear audio signal and a complete analysis, the micro tremor analysis technique is not completely accurate. If you are analyzing a poor phone connection where most of the higher frequencies have been filtered out or are obscured by noise, who knows what kind of accuracy there will be.
Regardless, a good New Year resolution would be to tell the truth.
Pentium bug. Much ado has been made recently of a “new” Pentium bug, termed the Pentium F0 bug. The bug is real and confirmed by Intel. The bug involves a particular Pentium command that never appears in commercial software. It is a single instruction that freezes the processor and requires a hard reset (Control-Alt-Delete will not clear it). Just because the instruction does not appear in commercial software does not mean you don’t have to worry, however. If you run a network and allow dial-in users to run programs of their own design; any such user could construct a program with the instruction, upload it, and run it on the server; locking the server for everyone.
Intel stated the following about the bug:
The ‘F0’ bug affects the Pentium processor, Pentium processor with MMX technology, Pentium OverDrive Processor and Pentium OverDrive processors with MMX technology.
It does not affect the Pentium Pro processor, Pentium II processor and i486 and earlier processors.
This invalid instruction is not in commercial software.
We have identified a workaround that prevents the system from being ‘frozen’ by this invalid instruction and allows it to continue normal operation. The workaround modifies the execution flow to avoid the system hang after the invalid instruction is received. The workaround can be implemented through the operating system software.
If affected, you should keep in touch with your operating system maker (likely Microsoft or IBM) and look for a patch. Both vendors are working on appropriate patches for their operating systems.
Push revisited. We’ve talked about the security implications of push technology (Issue 01-08) but one other aspect of push technology was discussed at the recent COMDEX show in Las Vegas: privacy. In order to get specific information sent to you, you have to make known what specific information you want sent. Sounds logical, but this is often overlooked when people sign up for various push services.
As one example, consider the automatic display of stock quotes. In order to get the quotes you want you have to identify yourself and the stocks to the company providing the quotes. Over time, if you ask for more and more information from that company they can build a fairly substantial portfolio of information about you.
Providing that information is, of course, necessary if you want the information; just be aware when you provide it that it can be collected and just adds to the accumulation of such information in company databases around the world.
Information of Interest
I’ve added a new section to this newsletter. It will appear now and again as information that interests me appears. Generally, it will highlight new technology you might expect to see in the market (a fascination of mine).
Flat Panel Display Technology. One of the Holy Grails of computing is a flat panel display that responds quickly, is low power, and can be manufactured easily with few rejects. We’re still a distance from meeting all those goals, but close to some new breakthroughs.
Perhaps the most interesting technology is Light Emitting Polymer (LEP). This is a class of semiconductor that is essentially a plastic that emits light when stimulated with an electrical charge. Current LCD displays require a light source and the LCD then acts like an on/off shutter. With LEP technology the light source and shutter are combined into a single element. Even better, an LEP display would be easy to make, with low-cost materials and require less power than an LCD display of the same size. Finally, LEP displays are up to a third thinner than LCD displays because they only require a single sheet of glass instead of the glass-LCD-glass sandwich currently in use.
Until the LEP becomes a commercial reality, another new technology called Low-Temperature PolySilicon (LTPS) will soon show up in notebook computers in place of active-matrix displays. LTPS screens use smaller circuits. As you might imagine, smaller circuits lead to more circuits and, therefore, higher resolution in any given display size. LTPS screens are lighter but are more difficult to manufacture. But, the higher resolution will likely drive the market to replace active-matrix displays with LTPS displays in the not-too-distant future.
In closing: Happy Thanksgiving to one and all who celebrate this holiday at this time of the year.
