spaf@cs.purdue.edu (Gene Spafford) (12/22/89)
I've been reading a lot of the traffic about the AIDS trojan disk.
I've noticed that a number of places are claiming they have programs
that "fix" your disks and/or watch for reinfection.
I don't mean to impugn any of those efforts, but let me sound a few notes
of caution about these, as with any security software you are offered:
1) How do you know they work?
2) How do you know they don't have bugs that might trash your system?
3) How do you know that they aren't introducing some other trojan or
virus into your system while cleaning up something else?
In particular, #3 concerns me. Suppose the authors of the AIDS trojan
are out there, and have created a "fixer" program that cleans up the
AIDS problem but plants a new and far more damaging trojan on the
victim's disk. Just think -- everyone is in a panic about the AIDS
bit, so they jump at the opportunity to get a fix. Just think how
much more wide-spread the result might be than the original AIDS
problem. Furthermore, since a fix might have to write to system files
and do special operations, warning messages from virus monitors like
FluShot+ might be ignored by users as these fixes are run.
Of course, #2 is a problem, too. Buggy software is all too common,
especially when it is written under pressure.
Be very sure you know what you're running. If you don't get source
code and build it yourself, be sure to ask yourself how you know it is
doing what you think it is.
- --
Gene Spafford
NSF/Purdue/U of Florida Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf