AWCTTYPA@UIAMVS.BITNET ("David A. Lyons") (01/12/88)
>Date: Tue, 12 Jan 88 02:50:00 EST >From: TMPLee@DOCKMASTER.arpa >Subject: infected programs >can someone tell us what kind of assurance there is that >programs contributed to, and downloaded from Apple-2L and Compuserve >etc. do not contain viruses? There is very little assurance of anything. I can give you my assurance that my software does not contain any viruses, etc., when it leaves my possession. But what if somebody fiddles with it before uploading it someplace? It's up to users to be very careful if they are not sure of the source. If you are paranoid/careful, you will test newly-downloaded software on a scratch disk, with no other disks online & with any hard drives turned OFF. When finished testing the new software, you will do a power-down reboot of the system. This sort of "being careful" could be a real pain for battery-backed RAMdisk users. Users with the appropriate skills & plenty of time to waste can examine the program for suspicious looking things. The trouble is that anybody clever and deranged enough to put nastiness into a piece of software is NOT going to be stupid enough to make it obvious. CompuServe--There is a 1 or 2 day delay on CompuServe (or in the APPLE forums, at least) between when someone uploads something & when it becomes available for downloading. I *hope* that one of the Sysops is taking that time to try out the program look for nasty stuff. -- I will ask. --David A. Lyons a.k.a. DAL Systems PO Box 287 | North Liberty, IA 52317 BITNET: AWCTTYPA@UIAMVS CI$: 72177,3233
gwyn@brl-smoke.ARPA (Doug Gwyn ) (01/13/88)
In article <8801120436.aa15889@SMOKE.BRL.ARPA> AWCTTYPA@UIAMVS.BITNET ("David A. Lyons") writes: >Users with the appropriate skills & plenty of time to waste can examine the >program for suspicious looking things. Except for commercial software, where it is unlikely for a virus or Trojan horse and where I have obvious legal recourse if one turns up, I simply don't run any imported binaries. I insist on source code, and I check it to make sure I understand it and that there are no mystery features that might cause problems. This may seem overkill, but when there are too many assholes in the world, one has to take pains to protect oneself and one's property.
kamath@reed.UUCP (Sean Kamath) (01/14/88)
In article <8801120436.aa15889@SMOKE.BRL.ARPA> AWCTTYPA@UIAMVS.BITNET ("David A. Lyons") writes: > >There is very little assurance of anything. I can give you my assurance that >my software does not contain any viruses, etc., when it leaves my possession. >But what if somebody fiddles with it before uploading it someplace? It's up >to users to be very careful if they are not sure of the source. Let the buyer (or hacker?) beware! >If you are paranoid/careful, you will test newly-downloaded software on a >scratch disk, with no other disks online & with any hard drives turned OFF. >When finished testing the new software, you will do a power-down reboot of >the system. This is the *only* way to go in the IBM world! And not a bad idea *at all* for us. >This sort of "being careful" could be a real pain for battery-backed RAMdisk >users. Another reason why people really ought to use hard disks with intellegent disk caching! :-) >Users with the appropriate skills & plenty of time to waste can examine the >program for suspicious looking things. The trouble is that anybody clever >and deranged enough to put nastiness into a piece of software is NOT going to >be stupid enough to make it obvious. However, the majority of "viruses" are undetectable, by there vary nature. Most of the "reformatting hard disk, sucker!" ones are not very well hidden at all, and thus it's a good idea to scan the disk file with a disk editor to look for such messages. . . >CompuServe--There is a 1 or 2 day delay on CompuServe (or in the APPLE forums, >at least) between when someone uploads something & when it becomes available >for downloading. I *hope* that one of the Sysops is taking that time to try >out the program look for nasty stuff. -- I will ask. Many realiable BBS's do indeed do just that, but some cannot, for it would mean going offline for every test. >--David A. Lyons a.k.a. DAL Systems > PO Box 287 | North Liberty, IA 52317 > BITNET: AWCTTYPA@UIAMVS > CI$: 72177,3233 Hay, Dave;s a great guy, went to highschool with him, and worked with him after I graduated. Buy his stuff! He's a good tech support person also! Sean Kamath -- UUCP: {decvax allegra ucbcad ucbvax hplabs ihnp4}!tektronix!reed!kamath CSNET: reed!kamath@Tektronix.CSNET || BITNET: reed!kamath@Berkeley.BITNET ARPA: tektronix!reed!kamath@Berkeley <or> reed!kamath@hplabs US Snail: 3934 SE Boise, Portland, OR 97202 (I hate 4 line .sigs!)