WHMurray@DOCKMASTER.ARPA (12/23/89)
In general, I agree with theorems 1, 2, and 3. I think that those that deal with the future, are speculative. However, in the same spirit and along the same lines, I offer the following: 1. The amount of damage to data and availability done by viruses to date has been less than users do to themselves by error every day. 2. The press speculation about the DATACRIME virus was much more damaging than the virus. 3. The amount of damage that has been done to trust within the community is orders of magnitude worse. 4. Viruses and rumors of viruses have the potential to destroy society's already fragile trust in our ability to get computers to do that which we intend while avoiding unintended adverse consequences. 5. We learn from the biological analogy that viruses are self-limiting. Clinically, if you catch a cold, you will either get over it, or you will die. Epidemiologically, a virus in a limited population will either make its hosts immune, or destroy the population. Even in open population, a virus must have a long incubation period and slow replication in order to be successful (that is, replicate and spread). 6. The current vector for viruses is floppy disks and diskettes, not programs. That is to say, it is the media, rather than the programs, that are moving and being shared. A virus that is stored on such media will be very persistent. One infected diskette pulled from a drawer may began a new cycle. On the other hand, diskettes as media have a limited life expectancy. Punched paper lasted just a century; 8.5" floppies only a decade. The life of such media is a function of a number of complex factors. The success of the current technology augers for a long life, while the pace of technology suggests that it will be short. 7. AIDS not withstanding, terrorists have more effective and efficient mechanisms at hand. Amateurs have a very high vested interest in a community in which programs can be relied upon to do only what they advertise. It is to be hoped that they can be socialized not "to soil their own sandpiles." Season's Greetings. William Hugh Murray, Fellow, Information System Security, Ernst & Young 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
SPBK09@SDNET.BITNET (Brian Piersel) (01/03/90)
On Fri, 22 Dec 89 12:28:00 -0500 <WHMurray@DOCKMASTER.ARPA> said: >6. The current vector for viruses is floppy disks and diskettes, not >programs. That is to say, it is the media, rather than the programs, >that are moving and being shared. What about infected programs uploaded to a BBS? If someone else downloads that program and uses it, their system will be infected with the same virus. In this case, the media has _not_ moved, which would indicate that programs are also a vector for viruses. Of course, in some cases, such as viruses that infect boot sectors, etc., the disk itself must be shared, but in others, it is only the program that must move. +----------------------------------------------+ | Brian Piersel | +----------------------------------------------+ | BITNET: SPBK09@SDNET | | INTERNET: SPBK09%SDNET.BITNET@VM1.NoDak.EDU | +----------------------------------------------+ | IBM = Itty Bitty Machine | +----------------------------------------------+
soup@penrij.LS.COM (John Campbell) (01/05/90)
WHMurray@DOCKMASTER.ARPA writes: > 1. The amount of damage to data and availability done by viruses to date > has been less than users do to themselves by error every day. OK, OK. True enough, though we don't often like to be reminded of this. > 4. Viruses and rumors of viruses have the potential to destroy society's > already fragile trust in our ability to get computers to do that which > we intend while avoiding unintended adverse consequences. This is the most worrying aspect of virus/trojan/worm infections. We have a population which has no intrinsic immune system which leaves itself open to such attack. Vectors now consist of communications networks (BBS and other means) as well as physical media. Since we are moving towards a networked future we will need immune systems in our computers- society (all of us) are currently subject to these terrorist acts (like the tylenol scare). Remember- any linchpin/choke point in technology, be it transportation, food delivery, water supply, communications is subject to interruption by killers. Set some of these loose in a Hospital and the virus writer is _at least_ as dangerous as the individual who slips cyanide into food and drug products. > 5. We learn from the biological analogy that viruses are self-limiting. We also learn that when the population is large enough for the entity to take advantage of, an entity will attempt to take hold. Once we had standard PC's (and Macs, Amigas, etc) we then had a "fixed" cellular mechanism to subvert. S-100 systems which lacked such standardization were not subject; even the "standard" S-100 systems did not constitute a large enough population to invite attack... > Clinically, if you catch a cold, you will either get over it, or you > will die. Epidemiologically, a virus in a limited population > will either make its hosts immune, or destroy the population. Even in > open population, a virus must have a long incubation period and slow > replication in order to be successful (that is, replicate and spread). Point taken. A virus, since it _does_ act in the system as non-invasively as possible (beyond spreading its "genetic code" wherever possible) will be fairly successful. Subtlety pays off. Of course, these viruses are much like the HIV will eventually kill the host... - -- John R. Campbell ...!uunet!lgnp1!penrij!soup (soup@penrij.LS.COM) "In /dev/null no one can hear you scream"