rouaix@inria.UUCP (Francois Rouaix) (01/06/88)
Some guys here suggest that the viruses may come from some PD program and not from a bootable disk. Let think about it: In every FISH disk I have, there is a file README.listnumber. In this file I can find the description of the programs and the NAME OF THE AUTHOR !!!. Most of them (including me) are sending regularly programs on the net or to Fred Fish. Same for programs in comp.binaries.amiga. You know their origin. (We suppose here the net is quite safe, since the moderators send Acknowledge message, so the origin adress may not be counterfeited). Do you really believe that the people who wrote dangerous Viruses would give their name and take the risk of being spotted ? I'd rather believe that PD writers are honest programmers !-- *- Francois Rouaix // When the going gets tough, * *- rouaix@inria.inria.fr \X/ the guru goes meditating... * *- SYSOP of Sgt. Flam's Lonely Amigas Club. (33) (1) 39-55-84-59 (Videotext) *
lupin3@UCSCB.UCSC.EDU (-=/ Larry Hastings /=-) (01/08/88)
+-In article <602@inria.UUCP>, rouaix@inria.UUCP (Francois Rouaix) wrote:- +---------- | | | Some guys here suggest that the viruses may come from some PD program and | not from a bootable disk. | Let think about it: | In every FISH disk I have, there is a file README.listnumber. | In this file I can find the description of the programs and the NAME OF THE | AUTHOR !!!. Most of them (including me) are sending regularly programs | on the net or to Fred Fish. True. If there was ONLY a binary on the disk, and you got it from a GOOD solid source, and it was a trojan horse, THEN I would say hunt them down like dogs. BUT.... first of all, if they pass along the source with the binary, some devious little devil could add his virus in to a copy of the source, re-compile it, and put their version on the Fish disk, passing this along to their friends (who, eventually, give it to your friends). Second of all, haven't you ever gotten something PD that was NOT on a Fish disk? Like the game Gravattack ^^^^big plug for a great game by a UCSC guy (shareware?!?) | Same for programs in comp.binaries.amiga. You know their origin. (We suppose | here the net is quite safe, since the moderators send Acknowledge message, so | the origin adress may not be counterfeited). True. PD Binaries from the net are almost definitely on the up-and-up. | | Do you really believe that the people who wrote dangerous Viruses would | give their name and take the risk of being spotted ? | I'd rather believe that PD writers are honest programmers !-- | +---------- Correct me if I'm wrong, but I think all the viruses so far were placed in the public domain... -- .. . . . . . . . . . . . .. . . . . . . . . . . . | _ _ _ _ |_| _ _ |_ -__ _ _ ARPA: lupin3@ucscb.ucsc.EDU L_ (_\( ( (_/ | |(_\_\ (_ || )(_)_\ UUCP: ...!ucbvax!ucscc!ucscb!lupin3 larry / hastings _/ BITNET: lupin3@ucscb@ucscc.BITNET ^v^v^vBoy, I'm glad I don't live in an alternate universe!^v^v^v Disclaimer: All original text above was pointless & random, & it makes me proud. . . . . . . . . . . . .. . . . . . . . . . . . ..
haitex@pnet01.cts.com (Wade Bickel) (01/09/88)
rouaix@inria.UUCP (Francois Rouaix) writes: >Some guys here suggest that the viruses may come from some PD program and >not from a bootable disk. >Let think about it: > In every FISH disk I have, there is a file README.listnumber. >In this file I can find the description of the programs and the NAME OF THE >AUTHOR !!!. Most of them (including me) are sending regularly programs >on the net or to Fred Fish. >Same for programs in comp.binaries.amiga. You know their origin. (We suppose >here the net is quite safe, since the moderators send Acknowledge message, so >the origin adress may not be counterfeited). > >Do you really believe that the people who wrote dangerous Viruses would >give their name and take the risk of being spotted ? >I'd rather believe that PD writers are honest programmers !-- Sure, if you get your PD stuff directly from a reliable source, you might be safe from such a thing. But the nature of PD stuff is that it gets spread around. Suppose the virus writer were to alter the original authors binary, and set it up so that a generation count were maintained and no hostile action were taken in the first few generations. By the time it starts to strike it would be nearly impossible to track it (it would be if done correctly, but I'm not going to elaborate!). Suggested solution: a monitoring program, lets call it Vcheck3.0, might maintain a list of programs and relative checksums. This program would confirm the checksum of a program before running it and ALERT when spores are found. Of course this assumes the list is correct, but would protect the user from spores. If an "VInstall" program were written, users could add any program they wished to the executable list. If an infectious program were added, its spores would be noticed in their first generation, and the dangerous code would (hopefully) be identifyable. If the Vcheck program intalled itself into the user's startup sequence, using one of a number of possible methods (actually utilize different methods to add confusion for a virus), using a randomly generated name (to help hide from virii), and (of course) is relocatable code (so an address cannot give it away), it would be relatively safe from infection. [Sorry for the long run-on sentance ;-) ] Of course a virus could still be snuck in, but it would be much more difficult with this kind of protection. There are a number of additional things which could be done to improve this system, and not disclosing exactly what it does would give additional protection. Have I goofed, or would this work? Would the over-head be excessive? Thanks, Wade. UUCP: {cbosgd, hplabs!hp-sdd, sdcsvax, nosc}!crash!pnet01!haitex ARPA: crash!pnet01!haitex@nosc.mil INET: haitex@pnet01.CTS.COM
bishop@skat.usc.edu (Brian Bishop) (01/10/88)
In article <2310@crash.cts.com> haitex@pnet01.cts.com (Wade Bickel) writes: >rouaix@inria.UUCP (Francois Rouaix) writes: >>Some guys here suggest that the viruses may come from some PD program and >>not from a bootable disk. >>Let think about it: .... stuff deleted about making virii tougher & fighting them.... > Suggested solution: a monitoring program, lets call it Vcheck3.0, >might maintain a list of programs and relative checksums. This program would >confirm the checksum of a program before running it and ALERT when spores are >found. Of course this assumes the list is correct, but would protect the >user from spores. If an "VInstall" program were written, users could add >any program they wished to the executable list. If an infectious program were >added, its spores would be noticed in their first generation, and the >dangerous code would (hopefully) be identifyable. ..... details omitted for brevity and to save filler lines at end ... > Of course a virus could still be snuck in, but it would be much more >difficult with this kind of protection. There are a number of additional >things which could be done to improve this system, and not disclosing exactly >what it does would give additional protection. > > Have I goofed, or would this work? Would the over-head be excessive? > I think this a good idea but that is would be bad in the long wrong. It would make it harder for Joe Blow to hack up a cheap virus, since the easy routes would be blocked, but it would make much more of a *challenge* for the good (as in 'talented') hackers. I think the end result would be fewer viruses (I don't like using 'virii', bleh.) around, but those that did emerge would be that much worse. I love the analogies to real viruses here - develop better antibiotics, and what will you get? More virulent antibiotic-resistant viruses. I wonder if you could mak a virus for the game of life that would infect self-reproducing patterns and get them to reproduce the virus? It'd have to big a BIG matrix. Could the organism eventually develop antibodies???? Wow. brian bishop ---> bishop@usc-ecl.ARPA (uscvax,sdcvdef,engvax,scgvaxd,smeagol) ---> usc-skat!bishop.UUCP "You will be required to do wrong no matter where you go. It is the basic condition of life, to be required to violate your own identity. At some time, every creature that lives must do so. It is the ultimate shadow, the defeat of creation; this is the curse at work, the curse that feeds on all life. Everywhere in the universe." - Wilbur Mercer, founder of Mercerism have a nice day fnord.
ain@s.cc.purdue.edu.UUCP (01/12/88)
In article <602@inria.UUCP> rouaix@inria.UUCP (Francois Rouaix) writes: >Same for programs in comp.binaries.amiga. You know their origin. (We suppose >here the net is quite safe, since the moderators send Acknowledge message, so >the origin adress may not be counterfeited). Not necessarily. Sometimes we get sent things that somebody downloaded from a BBS. If the author has an electronic address, we try to reach them, but, realizing that people move, this isn't always possible. Also, there are some people without electronic addresses. If I can, I will try to call them on the phone (assuming a phone number is given), but even this isn't always possible for me financialy (eg: we have a program written in France and the author dosen't have an e-mail address.. I can see my phone bill if I start calling France just to verify that a possibly old phone number is still valid -- and how do I talk to this guy when I don't even know French?) The best I can assure you is that we will make reasonable attempts to reach the origional author and make note of it if we couldn't. -- Pat White (co-moderator comp.sources/binaries.amiga) UUCP: k.cc.purdue.edu!ain BITNET: PATWHITE@PURCCVM PHONE: (317) 743-8421 U.S. Mail: 320 Brown St. apt. 406, West Lafayette, IN 47906