RADAI@HUJIVMS.BITNET (Y. Radai) (05/22/91)
Among Ross Greenberg's points in his reply last week to Padgett Peterson was the following: >You mentioned a few products and their methods, so its obvious that >this integrity checking *IS* being done (FLU_SHOT+ has had integrity >checking on program run for about three years, I guess). Now, is this >integrity checking being done *properly*? Interesting question and >one that only the marketplace can answer by what they select for their >purchase (or freeware usage). Sorry, but I just can't pass over that without comment. Whether integrity checking or any other software function is being done properly is not a question which can be settled by asking the marketplace. If it were, we could completely dispense with all the quality comparisons that are continually being made in the literature and simply quote sales figures. Because of many other factors such as marketing skill, luck, etc., the correlation coefficient between pro- duct quality and volume of sales, in computer software as in other products, may be closer to 0 than to 1, even if we consider only pro- ducts in the same price range. (Some cynics claim that this coeffi- cient is negative. I'm not sure that they're far off.) (No offense meant, Ross, but I'm sure it won't come as a surprise to you if I mention that in my opinion, a good example of poor product quality despite presumably good sales figures is the integrity-check- ing feature of FLU_SHOT+. But since I've discussed FSP enough in the past, I won't repeat my arguments unless someone asks.) >Resident integrity checking, and access control, is a worthy goal of >any of the anti-virus products. However, remember that it can and >*will* be circumvented the first time somebody boots off a floppy. That does not have to be true; details in a couple of weeks. Y. Radai Hebrew Univ. of Jerusalem, Israel RADAI@HUJIVMS.BITNET RADAI@VMS.HUJI.AC.IL
padgett%tccslr.dnet@mmc.com (Padgett Peterson) (05/23/91)
>From: Y. Radai <RADAI@HUJIVMS.BITNET> >>Resident integrity checking, and access control, is a worthy goal of >>any of the anti-virus products. However, remember that it can and >>*will* be circumvented the first time somebody boots off a floppy. > That does not have to be true; details in a couple of weeks. Also agree with Mr. Radai. Hardware can block completely & software can detect (but not necessarily block) a cold floppy boot & changes. Both can control hot boots - <cntrl><alt><del>. Both the hardware and the software exist but apparantly lack proper marketing (in defernce to Mr. Walker, development funds are finite & can be spent on marketing or development. Rarely is it split 50-50 [more like 100-0]). Will state again: Effective systems MUST start before DOS loads & do not have to be intrusive. Warmly, Padgett
c-rossgr@uunet.uu.net (05/23/91)
>From: Y. Radai <RADAI@HUJIVMS.BITNET> > > Among Ross Greenberg's points in his reply last week to Padgett >Peterson was the following: >>...[my discussion on FLU_SHOT+'s integrity checking] > Sorry, but I just can't pass over that without comment. Oh. It's *you* again. <grin> Just when I thought it was safe to go back into the water. <theme music to _Jaws_ in the background> > (No offense meant, Ross, but I'm sure it won't come as a surprise to >you if I mention that in my opinion, a good example of poor product >quality despite presumably good sales figures is the integrity-check- >ing feature of FLU_SHOT+. But since I've discussed FSP enough in the >past, I won't repeat my arguments unless someone asks.) To paraphrase your past arguments for the readership, I believe you commented that FSP's installation was such a pain in the butt that few people used the integrity checking feature FSP includes. You're probably right there, by the way. I would hope that *quality* of the product is not an issue. We might have some disagreements as to whether "fast 'checksumming'" is better or worse than "complex 'checksumming'", but that's a good debate to have in September during the Virus Bulletin's Seminar -- over a coupla beers, I hope. (Hey! Could you bring me a bottle of Macabee? Love it, can't get it here. Bring one for Ken, too!) Quality is an issue that the market does decide, I think. Effectiveness is something that may or may not be related to marketshare. But the market does not buy low-quality products (unless it comes from my competetion, of course. :-) ). They may end up buying slicker *quality* products than less slick quality products, though. >>Resident integrity checking, and access control, is a worthy goal of >>any of the anti-virus products. However, remember that it can and >>*will* be circumvented the first time somebody boots off a floppy. > > That does not have to be true; details in a couple of weeks. This I look forward to hearing more about. Typical security that would prevent this would be either a)playing with the partition record, easily circumvented by a decent disk editor or b)encryption of the disk to prevent circumvention of a). I thought about crypting the disk and realized that I couldn;t afford the liability insurance..... Another option would be in hardware, one I'm starting to think more and more carefully about... L'itrot Ross