Columbus Day Virus: Press Release (21) FOR IMMEDIATE RELEASE: Jan Kosko Sept. 22, 1989 301/975-2762 TN-XXXX COMPUTER SECURITY EXPERTS ADVISE STEPS TO REDUCE THE RISK OF VIRUS ATTACKS To reduce the risk of damage from potentially serious computer viruses, including one called "Columbus Day," experts at the National Institute of Standards and Technology (NIST), the National Computer Security Center (NCSC), and the Software Engineering Institute (SEI) are recommending several measures plus commonsense computing practices. "This advice is being offered to encourage effective yet calm response to recent reports of a new variety of computer virus," says Dennis Steinauer, manager of the computer security management and evaluation group at NIST. While incidents of malicious software attacks are relatively few, they have been increasing. Most recently, a potentially serious personal computer virus has been reported. The virus is known by several names, including "Columbus Day," Datacrime and "Friday the 13th." In infected machines it is designed to attack the hard-disk data-storage devices of IBM-compatible personal computers on or after October 13. The virus is designed to destroy disk file directory information, making the disk's contents inaccessible. (A fact sheet on this virus is attached and includes precautionary measures to help prevent damage.) While the Columbus Day virus has been identified in both the United States and Europe, there is no evidence that it has spread extensively in this country or that it is inherently any more threatening than other viruses, say the computer security experts. "Computer virus" is a term often used to indicate any self- replicating software that can, under certain circumstances, destroy information in computers or disrupt networks. Other examples of malicious software are "Trojan horses" and "network worms." Viruses can spread quickly and can cause extensive damage. They pose a larger risk for personal computers which tend to have fewer protection features and are often used by non- technically-oriented people. Viruses often are written to masquerade as useful programs so that users are duped into copying them and sharing them with friends and work colleagues. Routinely using good computing practices can reduce the likelihood of contracting and spreading any virus and can minimize its effects if one does strike. Advice from the experts includes: * Make frequent backups of your data, and keep several versions. * Use only software obtained from reputable and reliable sources. Be very cautious of software from public sources, such as software bulletin boards, or sent across personal computer networks. * Don't let others use your computer without your consent. * Use care when exchanging software between computers at work or between your home computer and your office computer. * Back up new software immediately after installation and use the backup copy whenever you need to restore. Retain original distribution diskettes in a safe location. * Learn about your computer and the software you use and be able to distinguish between normal and abnormal system activity. * If you suspect your system contains a virus, stop using it and get assistance from a knowledgeable individual. In general, educating users is one of the best, most cost- effective steps to take, says Steinauer. Users should know about malicious software in general and the risks that it poses, how to use technical controls, monitor their systems and software for abnormal activity, and what to do to contain a problem or recover from an attack. "An educated user is the best defense most organizations have," he says. A number of commercial organizations sell software or services that may help detect or remove some types of viruses, including the Columbus Day virus. But, says Steinauer, there are many types of viruses, and new ones can appear at any time. "No product can guarantee to identify all viruses," he adds. To help deal with various types of computer security threats, including malicious software, NIST and others are forming a network of computer security response and information centers. These centers are being modeled after the SEI's Computer Emergency Response Team Coordination Center, often called CERT, established by the Defense Advanced Research Projects Agency (DARPA). The centers will serve as sources of information and guidance on viruses and related threats and will respond to computer security incidents. In addition, NIST recently has issued guidelines for controlling viruses in various computer environments including personal computers and networks. NIST develops security standards for federal agencies and security guidelines for unclassified computer systems. NCSC, a component of the National Security Agency, develops guidelines for protecting classified (national security) systems. SEI, a research organization funded by DARPA, is located at Carnegie Mellon University in Pittsburgh. NOTE: Computer Viruses and Related Threats: A Management Guide (NIST Special Publication 500-166) is available from Superintendent of Documents, U.S. Government Printing Office, Washington, D.C. 20402. Order by stock no. 003-003-02955-6 for $2.50 prepaid. Editors and reporters can get a copy from the NIST Public Information Division, 301/975-2762.