Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!asuvax!ncar!tank!cps3xx!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: haydon@nevada.edu (James P. Willey) Newsgroups: comp.virus Subject: Re: Some more thoughts on shrink-wrapped software... Message-ID: <0004.9001181613.AA20449@ge.sei.cmu.edu> Date: 17 Jan 90 22:30:12 GMT Sender: Virus Discussion List Lines: 40 Approved: krvw@sei.cmu.edu dmg@retina.mitre.org (David Gursky) writes: >What is really most amazing about the problem of a potential vandal infecting >a commercial application, and returning it to an unsuspecting vendor is the >ease with which the vendor can detect the problem. Consider the following >scenario: I work at a small software store, and I noticed several problems with this scenario. >1 -- An application is returned to a vendor. Yes, unfortunately this does happen frequently. >2 -- Proof of purchase is produced, vendor agrees to accept product, but does > not yet refund purchase price. > >3 -- A second copy of the shrink-wrapped application is removed from the > shelf. Assuming, of course, that the store has another copy on the shelf. This would also waste a lot of time reshrink wrapping software. >4 -- The disk(s) from the returned copy are then byte-by-byte compared against > the disk(s) in the shelf copy from step 3. Assuming, of course, that the store has the computer that the software is for. At the store I work at, we carry IBM, Mac, and Apple, but we only have an IBM computer. Also, the store may only have 5.25 drives and the software in question is on 3.5 disks. The computers are also used for demo software in case someone wants to see it run before they but it. Checking every disk I agree that something should be done, but this isn't the answer for everyone. - ------------------------------------------------------------------------------- James P. Willey willey@arrakis.NEVADA.EDU Disclaimer: I'm now employed, but I'm responsible for my employers opinions, not vice versa.