0003158580@mcimail.com (William Hugh Murray) (04/24/91)
>From: dank@stealth.usc.edu (Dan King) >Viruses are a problem. A big one. Are they're going to get worse. >Come on, don't pick on the users. Attack, instead, the virus authors. The "real problem" is the success of the existing viruses. The motives of the authors are irrelevant. Attacking the authors, even they had the courage to identify themselves, would have no impact at all on the problem. If we only had to cope with Stoned and Jerusalem-B, we would still have a serious problem. The problem is independent of origin or motive. We do not know what the motives of the authors of these programs were. What we do know is that they could not have predicted the success or resulting disruption of these programs when they released them. It is likely to get much worse before it gets better. >Padgett Peterson: >The real problem is that MS-DOS, like the Mac OS, has NO integrity >checking and that viruses are remarkably easy to write. It is true that MS-DOS has no integrity checking. It is equally true that viruses are easy to write. The "real problem" is still Stoned, Jerusalem-B and a few others. Implied in Padgett's suggestion that the absence of integrity checking is the problem is an assumption that somehow or another MS-DOS is deficient because it has no such checking. While I am prepared to grant that such checking would help, I am not prepared to grant that the problem has its origin in the absence of that checking. MVS has no such checking, though it is available in add-on packages. UNIX has no such checking. Yet they are free of viruses. I am afraid that Padgett is reasoning "post hoc." Having concluded that integrity checking, pervasively applied, might help deal with the problem, he then asserts that the operating system is deficient because it is not there. Even he is willing to admit, in other contexts, that the operating system gets control too late to deal with some viruses. While I am willing to admit that architecture can contribute to the solution, only over a very long period, I am prepared to associate it with the problem only to the extent that it makes it EASY TO GET A PROGRAM EXECUTED. I was taught that that was a feature, a vulnerability, but not a flaw. I refuse to forget that we have this entire industry, with its problems, because MS-DOS would run, with an application yet, in less than 64K (yes, that is sixty-four thousand) bytes. If it had been burdened with all of the security that some of today's uses of it require and which today's gurus project on to it, it might never have been successful enough to support viruses. The PC is a target for viruses only because it is successful. If there is a "real problem," then that is it. When looking for solutions, remember Murray's first law of computer security: "Be careful what you ask for; you might get it."