greenber@utoday.UU.NET (Ross M. Greenberg) (01/06/90)
> I now come to Ross Greenberg's posting in Issue 266. > ...But Ross implies that users will always prefer a >"good enough" fast checker like that of FluShot+ over a slow sophisti- >cated one. But can we be so sure that FluShot+ is really good enough? Well, I didn't mean to imply that the method used in my own code was sophisticated at all. However, to date, it seems to be good enough: no virus infection on a checksummed program has gotten through (to my users knowledge, naturally) without detection. I can only assume that lack of reporting can be equated to lack of infection -- I know that such thinking leads to strange numbers coming from strange organizations and (as such) can just ask you to prefix everything below with an "I think" or an "I feel". Anyway, that's what I mean by "good enough". For those users really worried over things, two checkers would be a good idea. >How many of its users have the slightest idea how its security com- >pares with that of other programs? The users have to trust the program author of any security product. As such, they have to trust that, if a virus were to infect files with a "zero differential" on the checksumming method I use, that I'd change the checksuming method. Yes, there has to be a trust in your vendor. The real world and the theoretical world do not always agree.... > I don't know whether his algorithm >satisfies condition (B) above, but it certainly does not satisfy (A), >i.e. for any given file all users will get the same checksum, and >that's a potential security hole, at least in the "limited environment" >situation mentioned at the end of (3) above. But since this hole can >be plugged very simply and at no cost in speed, why not do so, Ross? Easy to code - murder to support! I have about 15,000 registered users. They call me with the slightest problem - as they should, and as they're entitled to. If they ask me: "Is my COMMAND.COM file infected?", I need simply ask them what the checksum is. From that I know the answer. If I used some method to generate unique checksums for each user, I'd still have to have some means to get back to the "real" checksum. If I could do that, so could a bad guy, rendering inconvienence only to the bad guy, and potentially to thousands of users (I average about 50 tech support calls per day on a $14 product!) Please understand that I certainly can appreciate the limitations of using a less sophisticated algorithm within my code as versus something wonderfully complex. But, as with any security product, I had to weigh off security versus convienience considerations. I like to think I did an ok job of it: those in doubt need simply use *any* other checksumming type program in combination with my own to see if I'm right! Ross M. Greenberg Author, FLU_SHOT+