Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!mstar!mstar.morningstar.com!bob From: bob@MorningStar.Com (Bob Sutterfield) Newsgroups: comp.windows.x Subject: Re: HP server binary viruses? Message-ID: Date: 17 Jan 90 15:31:17 GMT References: <90004@elsie.UUCP> <100920150@hpcvlx.cv.hp.com> Sender: news@MorningStar.COM (USENET Administrator) Reply-To: bob@MorningStar.Com (Bob Sutterfield) Organization: Morning Star Technologies Lines: 33 In-reply-to: harry@hpcvlx.cv.hp.com's message of 16 Jan 90 18:32:45 GMT In article <100920150@hpcvlx.cv.hp.com> harry@hpcvlx.cv.hp.com (Harry Phinney) writes: > Has anyone checked the HP server binaries for viruses, worms, et al.? > Arthur David Olson ado@alw.nih.gov ADO is a trademark of Ampex. While there certainly may be ordinary bugs in them, I assure you there is no insidious worm or virus embedded there. These binaries are supplied by the Hewlett-Packard Company, and were done by the same people who produce the HP product server (myself included). There is no more chance of a worm in these binaries than in any other program within HP-UX. You sound very certain of the security of your distribution mechanism, and I believe you to be sincere in your assertions. There's no reason to believe that the binaries you placed there are anything other than as you describe, and the Hewlett-Packard Company name is certainly venerable and worthy of confidence. The very fact that they are willing to distribute the sweat of their brow for free speaks well of them. However: Are you sure that the binaries that are there now are the same ones you put there? Please, distribute either source or a checksum on the files. Alas, neither mail nor news are secure, nor would a CHECKSUM file (found in the directory beside the files of interest) be immune to tampering. If you were to call me on the telephone and personally read me the checksum numbers, I would have no way to verify that you are who you claim to be. Personally, I wouldn't use binaries found lying about hither and yon. If I don't get it on a tape of known origin, or build it from sources, I don't run it. While HP's intent is laudable, their implementation is impractical.