76476.337@CompuServe.COM (Robert McClenon) (12/24/90)
A point seems to be being overlooked in the recent discussion of the vulnerability of Unix to viruses. It was overlooked in the past discussions of the vulnerability of mainframes to viruses. It isn't necessary for a virus to infect or subvert the operating system to cause damage. A Unix virus only needs to infect applications to which the user has the Write privilege. A VM virus only needs to infect applications on the user's read-write minidisks. It is true that most MS-DOS and Macintosh viruses subvert the operating system or operating system software somehow: the System file, the boot sector, the Desktop, COMMAND.COM. But that is not an essential characteristic of viruses or the virus threat. The general threat is still present even if the threat to the operating system is absent. And if there are vulnerabilities in various versions of Unix to a gradual escalation of the privileges of the virus code, as one correspondent said, the threat is greater. Robert McClenon (Neither my employer nor anyone else paid me to write this.)