daveb@geac.UUCP (David Collier-Brown) (03/18/88)
In article <650011@vx2.GBA.NYU.EDU> spector@vx2.GBA.NYU.EDU (David HM Spector) writes: > The distribution of ANY virus sources, benign or otherwise would be > a very VERY bad thing. It has now been shown through the experience > with Mattias Urlichs demonstration virus exactly what happens when > such sources are distributed. They generate more viruses. > > PLEASE DO _NOT_ POST SOURCES OR OBJECTS FOR VIRUS PROGRAMS OR TROJANS! > Not posting sources will not stop them. It WILL make it difficult for systems administrators to verify the usefullness and benign nature of antiviruses. Virii will not go away if you don't publish them or attempt to obfusticate them. It only makes you **feel** better knowing that you aren't contributing to the problem. (This is a non-trivial improvement, however: I'm reluctant to discuss them save by mail). A virus is like a land-mine: you check for them with a mine detector and shoot anyone you find planting them. You don't keep their construction a secret unless you want to see the bomb-disposal chap disappear in a loud puff of smoke. --dave c-b -- David Collier-Brown. {mnetor yunexus utgpu}!geac!daveb Geac Computers International Inc., | Computer Science loses its 350 Steelcase Road,Markham, Ontario, | memory (if not its mind) CANADA, L3R 1B3 (416) 475-0525 x3279 | every 6 months.
spector@vx2.GBA.NYU.EDU (David HM Spector) (03/20/88)
Disclaimer: This is _NOT_ a flame...
As I said in the note you quoted, viruses are easy to write -- just think
about it for a minute and you've probably got it right. There, big deal
you know how to write a virus...
...gellignite is about as easy, but you don't go posting recipes for it do you?
[but they did tell you how to make it in The Terminator, right?]
Also, I didn't say "don't post anti-viruses or anti-virus sources", just don't
give people inclined to write viruses a head-start.
It is interesting to note that most of the viruses currently making Macintoshes
sick are direct rip-offs of either the Brandow or Urlichs strains. Amazing
what you can do with a half-way decent disassembler, no? But lets not make it
any easier than it has to be, OK?
In fact another _great_ reason not to post the sources (or binaries) to viruses
is that they get out very easily. And, once they're out,.. well..
you get the idea.
What has to happen is a general change of attitude about computers and
information and their roles as property (intellectual or otherwise).
I make my living with my MacintoshII, I develop software, I am also (in
my copious spare time :-) a consultant, and I depend on this machine, and the
information contain within it. Mr. Brandow and his ilk seriously threaten my
living by letting these electronic bio-hazards out into the world where they
threaten my Macintosh, my clients confidence in my software and the consumers
confidence in commercial software. (Case in point: Aldus' Freehand)
Unfortunately most people (suprisingly, even "well educated computer
professionals") don't take this stuff seriously enough. Some people think this
stuff is "cute" or "harmless". Viruses, trojans, and kids breaking into NASA's
computers et al, are neither "cute" nor "harmless".
Just listen to NPR, Charles Osgood's "The Osgood File" (CBS Radio), or read
some of the discussions on CompuServe, and you'll see how lightly
people take these things... they even tend to make Brandow and company out to
be crusading good-guys who have done a public service by spreading a virus
and bringing people's attention to them (and put down people like me, Don Brown
and others who contend that people like Brandow are criminals.)!
Until there are severe penalties for electronic terrorism, this will continue
unabated. Programs like Donald Brown's "Vaccine" will stop simple-minded
viruses, but there will be more, "better engineered", and smarter viruses.
Sorry if this seems a bit "heavy" I didn't intend it to be... but someone's
gotta say these things.... :-)
David
-------------------------------------------------------------------------------
David HM Spector New York University
Senior Systems Programmer Graduate School of Business
Arpa: SPECTOR@GBA.NYU.EDU Academic Computing Center
UUCP:...!{allegra,rocky,harvard}!cmcl2!spector 90 Trinity Place, Rm C-4
MCIMail: DSpector New York, New York 10006
AppleLink: D1161 CompuServe: 71260,1410 (212) 285-6080
"SJM 25, 'real nice guy' seeks SJF... What? This ISN'T The Voice personals?!"woody@tybalt.caltech.edu (William Edward Woody) (03/20/88)
I'll be frank about it: I'm scared sh*tless of the little buggers.
I'm a part time student and a full time employee of Visual Information, Inc.,
the makers of Dimensions.
Much of my work (for both a student and an employee) is done on my MacII.
If my disk got infected, it could set me months behind in both classwork
and programming for VII. If it was the MacMag variety of nVIR virus,
my work could be fried. And as I swap disks regularly with the other
employees of this company, my fellow workers could be infected and have
their MacII hard disks destroyed.
With our target machine being the MacII, if the software we sell gets
infected, it could (and probably would) wipe us out. We're competing
in a tight portion of the Macintosh market, and the loss to our
reputation would send us into Bankrupcy.
Where the h*ll would MacMag be then?
I'm p*ssed at the arrogance of anyone who would let a (potentially)
destructive program out, and say that it was "a harmless little message."
Unless the virus was thoroughly beta-tested on all machines (including
XL, 128K Macs), someone could get hurt. And the chance does exist
that a couple of small companies are going to have their name destroyed,
their business ruined, their pocketbook drained. I'm scared because
I want to eat. I don't want to suddenly find myself out of a job because
of someone who just couldn't resist a prank.
Yes, there IS a legal case against MacMag. The only problem is suing
across national boundaries is a painfull process, and I remember reading
here that MacMag was in Canada.
Can we boycot them instead?
This is very serious; after all, I'd bet anything that the majority of us
make our living and pay our bills by what we do on these cute little
machines. And for someone who we don't even know to let out a program
that could wipe out our hard work, that's scary.
- William Edward Woody
woody@tybalt.caltech.edu (Mac>][n&&/|\)&&(MacII>AT)
Disclamer: I haven't the foggiest idea what I'm talking about...