David.M..Chess.CHESS@YKTVMV (10/02/89)
Hm. You seem to be assuming, among other things, that:
- If a virus can't talk directly to the hardware or to files
belonging to other folks, it can't do any serious harm, and
- UNIX programs are exchanged only as source, not as binaries.
I'd disagree with both of those claims; the Jerusalem virus, one of
the most widespread and troublesome in the PC world, doesn't talk
directly to the hardware, and doesn't rely on being able to write out
of the user's own space. I imagine everyone on the list can think of
a number of nasty/destructive/confusing things that a virus could do
even if it only had access to the user's own data files, and couldn't
write direct to hardware (I won't list any here, hehe!).
As UNIX and UNIX-derived systems continue to spread beyond the
programmer community, program exchange among groups using the same
hardware will tend, I would expect, to include more exchange of
binaries. I wouldn't expect to see a virus that could infect more
than one or two hardware platforms in the near future (cross fingers),
but a virus that could spread to any machine in one of the more
popular UNIX hardware categories would be quite enough to cause
problems for lots of folks!
While I don't know of any UNIX viruses at the moment, I would disagree
with the suggestion that UNIX is inherently virus-resistant enough to
make it worthwhile switching OS's in hopes of being able to forget
about virus protection! The same applies to any other general-purpose
OS around; viruses *don't* need insecure systems to spread and do Bad
Things. That's the whole point...
DC
IBM T. J. Watson Research Center
UNIX is a trademark of AT&T (or Bellcore, or someone like that)peter@uunet.uu.net (10/02/89)
Rather than go through all this trouble to keep viruses out of Macs and IBM-PCs, why not abandon the unprotected operating systems wherever possible and switch to UNIX? If you need to run DOS or MacOS software, there are ways of running it under UNIX in both cases: A/UX supports Macintosh software, and the various 80386 versions of UNIX have two DOS emulators that run in the virtual 8086 emulation mode. With no direct access to the hardware possible, and with multiuser security preventing writes to files (at least in the 80386 case), the worst the virus could do would be to infect user-written programs. When they attempted to format the hard disk, or infect installed software, they would simply trap and abort the virtual DOS image. UNIX-based software is extremely unlikely to be infected, since a UNIX virus would have to infect source code to transfer out of a machine. To defuse arguments about the Internet Worm, let us note that this program was restricted to two brands of computer: VAXes and 68000-based Suns. And it infected a network that was deliberately designed to be insecure. No, UNIX is not immune to trojan horses and viruses, but by and large this sort of program is kept uninfectious and benign by the nature of the system. [Ed. I hope that you're wearing asbestos skivvies... :-) ]
time@oxtrap.aa.ox.com (Tim Endres) (10/05/89)
Better than changing OS to get better virus "resistance", why not encourage the systems designers at Apple and IBM to implement protection in their respective operating systems? An entire document dedicated to stopping virus acitivity at the OS level was mailed to John Sculley at Apple. Yet, to this day, even with an entire new OS release, not one of the suggestions given has been implemented! I am sure that there are many complex issues facing a company such as Apple, with regards to this problem, and changes at the OS level to deal with viruses will, and probably should, be slow. Further, I must give Apple credit for the action they did take when Macintosh viruses first surfaced. In some cases, they sent their own engineers to infected sites for investigation and assistance. They were the first to engage in "Virus Awareness" campaigns. Unfortunately, we have seen no work at the OS level. What users should be doing, is overtly pressuring computer manufacturers to address this need at the OS level, and start buying equipment from vendors who move in that direction.
peter@uunet.uu.net (10/06/89)
time@oxtrap.aa.ox.com (Tim Endres) writes: > Better than changing OS to get better virus "resistance", why not > encourage the systems designers at Apple and IBM to implement > protection in their respective operating systems? I don't know about the Mac... its system software is a lot cleaner than Messy-DOS, albeit rather unconventional. But this is pretty much impossible with MS-DOS. I suspect you would have to write a complete new operating system with an MS-DOS emulator. The reason for this is that the original MS-DOS was so incompetant (for example, the serial driver code never worked right for anything better than dumping to a printer, and it's never been fixed) that any decent program was forced to go direct to the hardware. And of course if you're going to go to a new O/S, why not use an off-the-shelf one that's already achieved wide acceptance? I once sat down and tried to write a terminal emulator that was entirely well-behaved. I was able to keep up with 1200 baud using the XT bios to put stuff on the screen, by heavy use of curses-style heuristics, but I broke down and went straight to the serial port. Of course, OS/2 is supposed to fix all this. For some bizzarre reason, though, it's still got no security features. Anyway, the reason Apple and IBM aren't doing anything is because there's no great call from the user community to do anything, and nobody's willing to consider a better alternative if it means risking their cherished soft- ware investment. Which is only reasonable, but there's no reason new installations can't be based on something like UNIX. - --- Peter da Silva, *NIX support guy @ Ferranti International Controls Corporation. Biz: peter@ficc.uu.net, +1 713 274 5180. Fun:peter@sugar.hackercorp.com. `-_-' ``I feel that any [environment] with users in it is "adverse".''