ts@uwasa.fi (Timo Salmi LASK) (08/13/90)
We recently placed (/pc/virus/)scanv66.zip for anonymous ftp download from chyde.uwasa.fi, Vaasa, Finland, 128.214.12.3. McAfee has benefited the PC community with excellent virus checking facilities, but the new scanv66.zip includes a potentially dangerous and controversial feature. To quote: "This version of SCAN has added an option to transparently attach a CRC validation code to all of your executable files, your boot sector and your partition table. This will help protect your system in case a virus unknown to SCAN is encountered. SCAN will check these validation codes if requested and will alert the user to any files or system areas that have changed." Now there are two problems with this approach. On the practical side this method destroys a program's own virus selftest, if it has one inbuilt based on checksums. I may have made mistakes, but when I tried scan /av out on two selftesting programs, the code that scan attached naturally caused an alarm. But what is really alarming is that when I told scan to remove its code, the selftest failed even after that. This means that unless I made an error, scan could not restore the files to their exact original state! The option /rv did not work in my tests. The second problem is one of principle, and is best left for legally minded persons to work out, but let me point out the dilemma. What McAfee's scan does is that it certifiably adds code to the host program, if the user so chooses. Now this is tantamount to patching, and very strictly speaking pacthing (at least copyrighted commercial) programs may involve problems of legality. I think that this is something McAfee should have cleared very carefully before releasing this potentially compromising method. Having such a good reputation, McAfee has at least taken a public risk here. I really do not know, but be that as may, the method has too much virus-resemblance for comfort. .................................................................. Prof. Timo Salmi (Moderating at anon. ftp site 128.214.12.3) School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun
pjc@sirius.melb.bull.oz.au (Paul Carapetis) (08/20/90)
Prof. Timo Salmi states the following: > We recently placed (/pc/virus/)scanv66.zip for anonymous ftp > download from chyde.uwasa.fi, Vaasa, Finland, 128.214.12.3. > McAfee has benefited the PC community with excellent virus > checking facilities, but the new scanv66.zip includes a potentially > dangerous and controversial feature. To quote: > > "This version of SCAN has added an option to > transparently attach a CRC validation code to all of > your executable files, your boot sector and your > partition table. This will help protect your system in > case a virus unknown to SCAN is encountered. SCAN will > check these validation codes if requested and will > alert the user to any files or system areas that have > changed." > > Now there are two problems with this approach. On the practical > ..etc etc > The second problem is one of principle, and is best left for > legally minded persons to work out, but let me point out the dilemma. > What McAfee's scan does is that it certifiably adds code to the host > program, if the user so chooses. Now this is tantamount to patching, > and very strictly speaking pacthing (at least copyrighted commercial) > programs may involve problems of legality. I think that this is > something McAfee should have cleared very carefully before releasing > this potentially compromising method. Having such a good reputation, > McAfee has at least taken a public risk here. I really do not know, > but be that as may, the method has too much virus-resemblance for > comfort. McAfee has no legal obligation in this case. His program is "capable" of modifying files as are many other programs. The legal onus is upon the end user to check on licensing agreements that they have accepted when they bought and commenced using the software. If the license agreement explicitly states that the software is not to be modified by the user in any way, then the user must make the decision as whether to ignore this in order to provide better protection against "vandalware". I would suggest that software manufacturers worth their salt are currently implementing self-checking facilities for future releases of software and these companies would be extremely narrow minded to object to modification of current unchecked versions for this type of protection. | Paul Carapetis, Software Advisor (Unix, DOS) | Phone: 61 3 4200944 | | Melbourne Development Centre | Fax: 61 3 4200445 | | Bull HN Information Systems Australia Pty Ltd |-------------------------| | ACSnet : pjc@bull.oz | What's said here is my | | Internet: pjc@melb.bull.oz.au | opinion (and its right!)|