Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!bloom-beacon!ALDERAAN.SCRC.SYMBOLICS.COM!Ed From: Ed@ALDERAAN.SCRC.SYMBOLICS.COM (Ed Schwalenberg) Newsgroups: comp.windows.x Subject: Re: HP server binary viruses? Message-ID: <19900117175820.0.ED@PEREGRINE.SCRC.Symbolics.COM> Date: 17 Jan 90 17:58:00 GMT References: Sender: root@athena.mit.edu (Wizard A. Root) Organization: The Internet Lines: 26 Date: 17 Jan 90 15:31:17 GMT From: mstar!mstar.morningstar.com!bob@ohio-state.arpa (Bob Sutterfield) Personally, I wouldn't use binaries found lying about hither and yon. If I don't get it on a tape of known origin, or build it from sources, I don't run it. But how do you know the sources don't have viruses or whatever? Even assuming you read every line of the 69 Megabytes of source for the software you use before you run it, it's easy enough for a malicious hacker to disguise his work in source code. It is computationally impossible to verify C programs. Without a computational solution, we're left with legal remedies and hope. If the legal remedies are effective, litigation arising from a "successful" virus could bankrupt even a large company like HP. That leaves hope. The only thing today's software user can do to protect himself is exercise reasonable judgement in selecting software (I don't presume to say whether using HP's binaries or MIT's sources is reasonable or not) and HOPE that there's no malicious code secreted within. The emperor is naked. If you look hard, you can see it for yourself.