padgett%tccslr.dnet@mmc.com (Padgett Peterson) (05/22/91)
>From: microsoft!c-rossgr@uunet.uu.net >With all due respect, everybody has always been taught that if an >ounce of prevention is worth a pound of cure, then two ounces of >prevention must be even better. (Philosophy) The way I always heard it was "If enough is good, too much is better". Unfortunately, today we have to live with finite resources - this places increasing reliance on intelligent thought rather than blind acceptance. Old standbys like "sound as the dollar" & "no one ever got fired for buying IBM" just cannot be accepted anymore. The design of a sound digital system requires careful planning and intelligent trades between to provide confidentiality, availability, and integrity. Just to make matters worse, disciplines are becoming so specialized as to be completely "magic" to an outsider, even one who must rely on them. Consequently, today most computer security is based on trust: trust in the machines, trust in the users, and trust in the salesmen/vendors. It has to be since for the millions of personal computers existant today, judging from the limited sampling I see, the number of people actually capable of designing good protection is probably on the order of a thousand. (and I may be high). For basic protection, almost all of the anti-viral software on the market is adequate, just like few people take more than basic protection from being stung by a wasp. More is considered contra-productive & is an accepted risk in working in a garden. When it happens, it is annoying but remedies are at hand. Others though have allergic reactions & a sting could be fatal & much more stringent precautions are taken. Computer viruses come under the same heading with one major difference: we have not lived side by side with them for thousands of years & most people have no idea what the risks are. Consequently, they have no concept of what is "enough" & for the most part, we are not doing a good job of educating them. To me, seven people stand out in this area: Ross Greenberg, Fridrik Skulasson, John McAfee, John Norstad, Andy Hopkins/Pam Kane, and Bob Bosen not because they are necessarily wonderful people, meetings can be explosive, but because they have made available to the public information and programs specificaly designed to combat viruses as shareware/freeware, not the best way to squeeze the last dollar out of the public. Back to Reality Along these lines, DISKSECURE v.95 BIOS level protection is now out that checks for disk controllers that write to the MBR (I haven't seen one but have been told that they exist so in went some code - had to simulate it with CODEVIEW though). (.94 was a special private version) Unless something unusual pops up, this will probably be the last "beta" version (besides am running out of numbers under the dread 1.00). Meanwhile, Back at Ross... >If my code merely did integrity checks, instead of doing integrity >checks *and* known signature scanning, I'd lose out to somebody who >offers both. That is why I would suggest two packages: the integrity check routine on the bulk of the machines (remember, I am talking the corporate/ government/educational environment), and the signature check (or combo) for the technicians and machines used for scanning new software. In large groups, this would be around 1 per 1000 PCs. This is why many anti-viral programs are now offered on service licenses (tied to physical copies, not #s of PCs). The best word processors stopped being single programs some time ago and installations typically ask just which features you wish to install with descriptions of the assets/liabilities of each >That honesty is costing marketshare, I bet. Possibly temporarily but builds trust in the long run. In any complex technology (e.g. magic) trust in the practitioner is the most important element. >I agree...to a point. I would think that updating 5000 PC's for a new >scanner that differs from the previous one in a bunch of new viral >strings for a bunch of "research only" viruses is a waste of time. That is why we do not. However our "virus response team" and screening labs get every update that comes out while the integrity management programs we use have not needed any updates since the attack of the Zenith Boot Records. These flag difficulties promptly and then we bring out the big guns. >I can't simply say "Yo! *NOBODY* gets the Whale Virus, so why do you care?" I've seen two reports this month (may or may not be true) but the WHALE is an excellent case of a virus that is trivial to detect on a PC. It is the identification of what the infection is that can be difficult, not the fact that a machine is infected. The problem with a one part solution reminds me of the saying "Jack of all trades, master of none" (of course "knowing more and more about less and less until you know everything about nothing" comes to mind also). "Moderation in everything" is my motto, this is why I favor a layered approach so strongly. The most important first step is to determine that SOMETHING has happened. WHAT & HOW TO RECOVER come later. My body usually warns me when a cold is coming on. Zink and massive vitamin C can work wonders so long as I pay attention & react immediately.
c-rossgr@uunet.uu.net (05/23/91)
>From: Padgett Peterson <padgett%tccslr.dnet@mmc.com> >For basic protection, almost all of the anti-viral software on the >market is adequate, just like few people take more than basic >protection from being stung by a wasp. More is considered >contra-productive & is an accepted risk in working in a garden. When >it happens, it is annoying but remedies are at hand. If everybody made backups, I'd be out of business. >To me, seven people stand out in this area ... >... not because they are necessarily wonderful people, meetings can >be explosive, but because they have made available to the public >information and programs specificaly designed to combat viruses as >shareware/freeware, not the best way to squeeze the last dollar out of >the public. Hey, I *am* a wonderful person, too! Now, I'm currently trying to squeeze as much money from the public as possible. Fortuneately, I code better than I market... Ross