A Macintosh virus has infiltrated a system on which SecureWare’s Compartmented Mode Workstation software was co-resident. The SecureWare system, developed and up for B1 evaluation on an Apple Computer Inc Macintosh, is the technology the Open Software Foundation is using to secure its OSF/1 operating system. It is also a part of a consortium bid to secure a system for use by the UK Ministry of Defence. The nVir virus, described by SecureWare as a benign replicator, was discovered on a SecureWare demonstration unit at Mitre Corp, the civilian contractor that wrote the Compartmented Mode Workstation specification. Mitre is part of the team evaluating SecureWare’s implementation for B1 authorisation along with the Defense Intelligence Agency and the National Computer Security Center, the US government arm charged with Orange Book ratings. SecureWare president Michael McChesney told our sister paper Unigram he had not isolated the original source of the infection, but thought he could trace it to one of two, which he did not identify. Mitre got the infected software from a SecureWare employee who informally sent Mitre a copy of the SecureWare software running on his own machine, which was subsequently found to be harbouring the virus. McChesney was not sure how far the virus had spread. SecureWare, he said, has 10 or 12 of the Compartmented Mode Workstation units in the field. Letters were sent out to all the field sites about two weeks ago telling them to check their systems. McChesney, who has been on vacation, did not know whether any other sites reported the virus infection. He claimed the virus had nothing to do with his Compartmented technology, which remains uncompromised.

Partitioned

The virus, he said, was found only in the MacOS portion of the software which was partitioned from A/UX and hence did not infect the Compartmented Mode Workstation. Other security experts, however, maintain that the virus could have infected the CMW file system. It is trivial, they said, for a virus to cross a partition, particularly on a Mac, one of the most virus-prone platforms, and in this case could have modified CMW code, passwords and data structures. Orange Book specifications mandate no anti-viral or anti-worm safeguards. However McChesney maintained his software would be relatively proof against infection once a formal release was arrived at because it would be delivered to users via an external trusted distribution path, simply a controlled shipping procedure which tracks how the software gets to its destination, and also by an internal system of least privilege. SecureWare’s technology, whose design was frozen in January, will only begin formal B1 evaluation procedures in the next couple of weeks, delayed, McChesney said, by additional operational charges the Defense Intelligence Agency wanted. Mitre intelligence information systems department head John Woodward corroborated McChesney’s claim that the virus never escaped the partition and pooh-poohed its existance on the Macintosh partition as irrelevant to whether SecureWare’s CMW+ software meets the Defense Agency or Orange Book requirements.