whitney@think.COM (David Whitney) (08/01/88)
OK, for starters, I'm pretty upset by this whole virus deal, and I'm
in the process of doing something about it. The guy who wrote CyberAIDS
is going to get caught and prosecuted. I won't stop until I'm satisfied.
Now, onto the matter at hand. I've been twiddling Z-Link, and I fixed a couple
things. I also just added some simple presence-of-virus code. This code will
detect if Z-Link has been infected by the execution of another virus. It is
highly unlikely that somebody with malicious intent would be unable to get
around this protection and install a virus into Z-Link. I therefore present
this warning: DO NOT ACCEPT ANYTHING WITH THE NAME Z-LINK OR ANY VARIATION OF
THE NAME Z-LINK UNLESS YOU CAN BE CERTAIN OF TRACING THE SOURCE OF THE FILE
BACK TO ME.
That means anyone who grabs it off this distribution (comp.binaries.apple2
or Apple2-L) is safe. Anyone who grabs it off of GEnie should take note that
it was put there either by Rich Jordan or Dave Lyons. Nobody else has been
authorized by me to put it there. If you don't see a sharware notice, or the
mail address is NOT
David Whitney
450 Memorial Drive
Cambridge MA 02139
then it is a false copy. Delete the file and check your disks to be sure
everything is ok. I'll be adding something much more sophisticated at a later
date. If the mail address is not as above, and you possibly sent money,
then you've been suckered. Sorry. If this is the case, by all means get that
address to me and I'll do something.
I won't be posting tonight, as I have to update the doc file to reflect the
minor changes I've made. Expect it before mid-week.
David Whitney, MIT '90 DISCLAIMER: Nobody knows what I'm up
{out there}!harvard!think!whitney to. Don't blame them for my actions
whitney@think.com nor me for theirs.
^^^^^ will be changing before 1989 is here. Don't depend on it after 1/1/89.elliott@armstrong.steinmetz (08/02/88)
In article <24705@think.UUCP> whitney@think.UUCP (David Whitney) writes: >... I also just added some simple presence-of-virus code. This code will >detect if Z-Link has been infected by the execution of another virus. It is >highly unlikely that somebody with malicious intent would be unable to get >around this protection and install a virus into Z-Link. >... I'll be adding something much more sophisticated at a later >date. >David Whitney, MIT '90 DISCLAIMER: Nobody knows what I'm up >{out there}!harvard!think!whitney to. Don't blame them for my actions >whitney@think.com nor me for theirs. I think this is a very good idea, and am playing with ideas about how to do a similar kind of thing with ATP. You are quite right in your assessment of the problem with this kind of defense: Anyone who gets their hands on a copy of the "protected" Z-Link and has malicious intent will probably find it quite fun and challenging to defeat the virus detector and infect it. It's possible to make a program quite virus-savvy and tricky in detecting and warning about infection... But it quickly becomes a game much like copy protectors versus copy programs, a vicious circle of increasing sophistication. For this reason, I think it might be a good idea to talk as little as possible about whatever virus protections we install in our programs. Let them exist there silently until their alarms go off and they protect a user. If we can avoid getting the virus writers interested in and challenged by our programs, we'll be better off. . . . . . . ... . . . . . . . . . . ... . . Jim Elliott / ...!seismo!uunet!steinmetz!crd!elliott / userE2U7@rpitsmts.BITNET "Don't look, son, it's / Jim_Elliott%mts@itsgw.rpi.edu [school] a secular humanist!" / (or) elliott@ge-crd.arpa [work] . . . . . . ... . . . . . . . . . . ... . .
whitney@think.COM (David Whitney) (08/03/88)
In article <11700@steinmetz.ge.com> elliott@armstrong.steinmetz.ge.com () writes: > >For this reason, I think it might be a good idea to talk as little as >possible about whatever virus protections we install in our programs. >Let them exist there silently until their alarms go off and they >protect a user. If we can avoid getting the virus writers interested >in and challenged by our programs, we'll be better off. Quite the reason why I don't mention quite *how* I'm checking or what the future method will be. I am told that the method I'll be using later will report without a doubt if a program is infected and make it pretty hard for malicous-types to get around. David Whitney, MIT '90 DISCLAIMER: Nobody knows what I'm up {out there}!harvard!think!whitney to. Don't blame them for my actions whitney@think.com nor me for theirs. ^^^^^ will be changing before 1989 is here. Don't depend on it after 1/1/89.