Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: okay@tafs.mitre.org (Okay S J) Newsgroups: comp.virus Subject: Tiger Teams Message-ID: <0003.8910041115.AA07054@ge.sei.cmu.edu> Date: 3 Oct 89 07:03:00 GMT Sender: Virus Discussion List Lines: 41 Approved: krvw@sei.cmu.edu In VIRUS-L V2NO208 "Thomas B. Collins, Jr." writes: >Say I get my new system, put all the software on >it, and run a few virus scanners that turn up nothing. I then run all >applications from my hard drive, and don't use any floppy disks. It >wouldn't make sense for me to check my hard drive every day for viruses, >because they don't just pop up from nowhere. You're discounting the fact that your machine could be on a network. Having an infected machine on a network where one transfers files between machines can be just as bad as sticking a floppy in the machine. One shot does not cure all >If I did add software to my system, I would check it for viruses before >adding it. I think it would make more sense for the Tiger Teams to come >in in the middle of the day, ask you to please save your work, and then >run a virus checker on your system. It would cause too much of a loss of productivity and interruption of the work routine. Night is better if you're going to do it. Plus the public embarrasment of having ones machine checked. Seriously, its kind of like any test for drugs or AIDS or anything like that. Its not so much as to whether you are infected, but just the idea that it was done. After all, why have a test done if there isn't some suspicion...This at least would be the view of most people around those who had their machines tested. 'Did you hear George got busted by the Tiger Team last week?---They didn't find anything, but you never know....' >If anything is found, you are "cited" as letting a virus into your system. >If you're clean, you go back to work, and the Tiger Team moves on. What exactly does 'cited' mean? Disciplined?, public marked as a electronic leper in the company? fired? --Now that we've established how they would operate, what should be the penalties for those 'caught'? Stephen Okay Technical Aide, The MITRE Corporation x6737 OKAY@TAFS.MITRE.ORG/m20836@mwvm.mitre.org 'Geez...I actually have to use a disclaimer now, I must be getting important!' Disclaimer:Its mine, mine, mine, mine, mine !!!!!!!!!!!!!!