dmg@retina.mitre.org (David Gursky) (09/26/89)
A good virus is an oxymoron. All a potential attacker would do is take the infector code and transplant a logic-bomb or time-bomb code to it. This does raise an interesting question though for health checks. Suppose a company has stringent rules about protecting desktop computers from viruses. How do you go about ensuring the rules are being followed? One thought I had was the user of "Tiger Teams". What this Tiger Team would do is work at night and attempt to infect some of the corporation's desktop computers with a "benign" virus (one that produces a warning message, but takes no malicous action, akin to the MacMag virus). The Tiger Team would operate under strict supervision, and a computer that was successfully penetrated would be "quarantined" until the following day. The next day, the user would get a visit from the Computer Center folks and get a nice (or not so nice; depending on how often in the past the user had been successfully "attacked" by the Tiger Team) lecture on anti-virus methods. Obviously, the virus would have to be carefully controlled. The disks would have to be kept under lock and key when not in use, and under supervision when in use. Comments? David Gursky Member of the Technical Staff, W-143 Special Projects Department The MITRE Corporation