dmg@lid.mitre.org (David Gursky) (10/01/89)
There have been a couple messages regarding my Tiger Team suggestion, some of which have some good criticisms, others of which seem to have misread or read something into my message that wasn't there. First and foremost, I must emphasize that this would be one part of an overall anti-virus strategy, and you must take the use of Tiger Teams in a "positive manner", i.e. not to *punish* users who do not follow anti-virus procedures, but to *find* such users, and having found such users, ensure that they do follow the established anti-virus procedures in the future. Punishing users that fail to do so only gets the users mad, and mad users help no one. Second, a couple people have suggested this proposal leaves live viruses floating around desktop computers in the office, after the Tiger Team had successfully penetrated one. I believe I stated in my original proposal that the first step the Tiger Team would take is to create an *image* backup of the system they will try to infect. Regardless of the success or failure in infecting the computer, the disk would be restored from the image backup taken originally. Now should the TT successfully infect the system, the computer would be "disabled"; applying a large label over the CRT would effectively tell a user they are not to use their computer until they have gone over the anti-virus procedures with someone from the "computer services" department went over these procedures with the user. Backing away from the specific subject of Tiger Teams, I wish to emphasize the problem TTs are addressing; enactment of anti-viral procedures. As an example, it is illegal in most states to sell alcohol to adults under 21. In parts of the country which have these laws and *enforce* these laws, the ease of which an adult under 21 can purchase liquor is reduced (that is to say it is harder) over parts of the country which have the laws and do not enforce them well, or do not have the laws. It is a great first step if Acme Industries issues a set of anti-viral guidelines, but unless Acme does something to see to it the employees are following these procedures, then those policies are nothing more than pieces of paper in the users wastebaskets!