Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!lll-winken!uwm.edu!bionet!apple!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: dmg@retina.mitre.org (David Gursky) Newsgroups: comp.virus Subject: Some more thoughts on shrink-wrapped software... Message-ID: <0002.9001161848.AA10905@ge.sei.cmu.edu> Date: 15 Jan 90 17:00:43 GMT Sender: Virus Discussion List Lines: 29 Approved: krvw@sei.cmu.edu What is really most amazing about the problem of a potential vandal infecting a commercial application, and returning it to an unsuspecting vendor is the ease with which the vendor can detect the problem. Consider the following scenario: 1 -- An application is returned to a vendor. 2 -- Proof of purchase is produced, vendor agrees to accept product, but does not yet refund purchase price. 3 -- A second copy of the shrink-wrapped application is removed from the shelf. 4 -- The disk(s) from the returned copy are then byte-by-byte compared against the disk(s) in the shelf copy from step 3. 5 -- If no major changes are found (some users still run the applications straight off the master disk, and some of those applications modify them- selves in some minor fashion), the consumer's money is then (and only then!) refunded. If major problems are found, perhaps only a portion of the purchase price is refunded, or none at all, depending on how the store wishes to actually implement the procedure. Likewise, an office that purchases multiple copies of an application can perform a similar function on incoming shrink-wrapped software. A direct copy (especially when done at a machine that is "clean") should be very effective at uncovering vandalized software.