AWCTTYPA@UIAMVS.BITNET ("David A. Lyons") (03/03/89)
>Date: Sat, 25 Feb 89 16:16:08 PST >From: Carl Macdonald <cdm@PRO-FREEDOM.CTS.COM> >Subject: Viruses > >I've noticed a lot of talk on the net lately about viruses and >concern over suppressing information about how they work. This is a >very l[e]gitamate concern, however, a virus program is one of the >easiest pieceses of software to write, and really doesn't involve >much sophistication. > >Carl MacDonald, programmer >Central Point Software Information about how viruses work should not be surpressed, period. There was an excellent piece about this in the RISKS Digest a few months ago, consisting mainly of a quote from a 19th-century (I think) document about whether information about locks (door locks, etc) should be surpressed. The answers are the same: people who want to pick locks or write viruses can get the information in any case, and most likely they have had it for a long time. On the other hand, the potential victims (people who could have their houses broken into or their data destroyed) need to know what risks are involved in trusting their locks or their computer software. Now, I don't advocate that source code for viruses be posted, but explanations of how viruses (in general and in particular) work _should_ be. The same goes for virus _detectors_. If users don't understand how viruses spread and how virus detectors attempt to stop them, how can we expect the general public to see viruses as anything but completely mysterious, random things to be paranoid about? Whenever the smallest thing goes wrong these days, people start yelling "Virus!" People needlessly waste time downloading programs to floppies when they might as well download to a hard drive (copying it to a floppy later and _running_ it with the hard drive turned off is all that's necessary if you don't trust a piece of software you've downloaded). > UUCP: crash!pnet01!pro-freedom!cdm > ProLine: cdm@pro-freedom > ARPANet: crash!pnet01!pro-freedom!cdm@nosc.mil >InterNet: cdm@pro-freedom.cts.com --David A. Lyons bitnet: awcttypa@uiamvs DAL Systems CompuServe: 72177,3233 P.O. Box 287 GEnie mail: D.LYONS2 North Liberty, IA 52317 AppleLinkPE: Dave Lyons
gwyn@smoke.BRL.MIL (Doug Gwyn ) (03/03/89)
In article <8903022303.aa13084@SMOKE.BRL.MIL> AWCTTYPA@UIAMVS.BITNET ("David A. Lyons") writes: >Information about how viruses work should not be surpressed, period. >There was an excellent piece about this in the RISKS Digest a few >months ago, consisting mainly of a quote from a 19th-century (I >think) document about whether information about locks (door locks, >etc) should be surpressed. The answers are the same: people who >want to pick locks or write viruses can get the information in any >case, and most likely they have had it for a long time. > >On the other hand, the potential victims (people who could have their >houses broken into or their data destroyed) need to know what risks >are involved in trusting their locks or their computer software. > >Now, I don't advocate that source code for viruses be posted, but >explanations of how viruses (in general and in particular) work >_should_ be. The same goes for virus _detectors_. If users don't >understand how viruses spread and how virus detectors attempt to >stop them, how can we expect the general public to see viruses as >anything but completely mysterious, random things to be paranoid >about? Well, using your analogy with locks, the fact is that nearly any home can be surreptitiously entered in only a few seconds by anyone sufficiently clever and skillful who is also armed with the relevant knowledge about how to exploit weaknesses in locking systems. The plain truth is that "consumers" have NOT forced the market to move very far in the direction of reliable, affordable physical security. Most motion in that direction has been prompted by industrial and government-agency needs backed by pressure from those customers on the lock manufacturers. I don't think anything short of a patently out-of-control epidemic of burglary would even wake up the general public to the realization that their property is not secure, and then my estimate would be that they would clamor for the wrong kinds of "solutions" to the problem instead of demanding genuinely better security from the hardware manufacturers. That is because people who suddenly get concerned about an issue seldom invest the study necessary to arrive at valid conclusions. Obviously, under such circumstances, widespread publication of ways to open residential locks, even if not in recipe format, is not ethically justifiable. On the other hand, people in the security industry definitely DO need access to all relevant information. The difficult problem that needs to be solved is how to adequately limit entry into the profession to minimize the number of crooked people obtaining knowledge they'd use for nefarious purposes, without keeping out persons with a legitimate interest. That's a difficult issue, one that governments continually have to face with regard to classified information. These issues are probably best addressed in the mod.security newsgroup, rather than comp.sys.apple.
mdavis@pro-sol.cts.com (Morgan Davis) (03/06/89)
I agree with David Lyon's comments about the workings of a virus. While I don't think we should go about spreading source code samples, the knowledge about how a virus works (infection, propogation, destruction, etc.) is important for all computer users to know and understand. At the risk of speaking too early, as I haven't seen the final draft after it went through the editor's pens (read: carving knives), I have written an article about computer viruses which will be in next month's A+ magazine. It generally discusses what a virus is, how a typical one works, and what you can do to avoid being infected, as well as how to determine if you may have been infected. It is very generalized, as an introductory piece should be. Maybe if I were writing for Dr. Dobbs I could get a little more technical about it, but this was for A+. In any case, it should make for interesting reading. --Morgan Davis UUCP: crash!pnet01!pro-sol!mdavis ProLine: mdavis@pro-sol ARPA: crash!pnet01!pro-sol!mdavis@nosc.mil MCI Mail: 137-6036 INET: mdavis@pro-sol.cts.com APE, BIX: mdavis