Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!usc!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: V2002A@TEMPLEVM.BITNET (Andy Wing) Newsgroups: comp.virus Subject: Tiger Teams (General) Message-ID: <0007.8910062006.AA22699@ge.sei.cmu.edu> Date: 6 Oct 89 12:18:43 GMT Sender: Virus Discussion List Lines: 29 Approved: krvw@sei.cmu.edu Hi, I think that your average non-sophisticated user would be offended by computer support personnel checking their personal machine for "infection". An alternative would be to have the Tiger Teams simply state that they are doing "regular preventative maintenance". People shouldn't have problems with that. The end user doesn't need to know the gruesome details of a PM call. Actually Tiger Team duties should be assigned to a companys regular maintenance people (with a software expert supervising them of course). I guess the best anti-virus protection is one that is both transparent to the end user and in the hands of a well trained support staff. The original Tiger Team idea would work best if slightly modified. Every football team has both an offence and a defense. Right now the anti-viral defense really has no one to practice against. I think what we need is a group of developers that will try to "bust" Gatekeeper/Flushot/etc. These people would be in close contact with the anti-viral developers. The Tiger Team would document their methods and only use benign infections. I guess my real concern is that anti-virus developers take a reactive stance instead of an active one. If I were a anti-virus developer, I would want to encounter a new infection method under controlled, documented conditions. This way anti-viral SW would be guarded against bypass methods already thought up by the Tiger Teams. Also, do any anti-viral programs use the 'bad block' method to protect themselves? I think that idea holds some promise. Andy Wing V2002A@TEMPLEVM.BITNET