Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!snorkelwacker!bloom-beacon!morningstar.COM!bob From: bob@morningstar.COM Newsgroups: comp.windows.x Subject: HP server binary viruses? Message-ID: <9001171946.AA00865@volitans.MorningStar.Com> Date: 17 Jan 90 19:46:40 GMT References: <19900117180540.2.ED@PEREGRINE.SCRC.Symbolics.COM> Sender: root@athena.mit.edu (Wizard A. Root) Reply-To: bob@morningstar.com (Bob Sutterfield) Organization: The Internet Lines: 38 Date: Wed, 17 Jan 90 13:05 EST From: Ed Schwalenberg Date: 17 Jan 90 15:31:17 GMT From: mstar!mstar.morningstar.com!bob@ohio-state.arpa (Bob Sutterfield) (Hmmm... I wonder how that "ohio-state.arpa" snuck in there? That name was retired several years ago when we unplugged our VAX!) But how do you know the sources don't have viruses or whatever? Even assuming you read every line of the 69 Megabytes of source for the software you use before you run it, it's easy enough for a malicious hacker to disguise his work in source code. True enough. I don't read all the code I run. But in a community of software sharers, if the code can be read there's a higher probability that someone (me or someone else) will find it someday. That makes the malicious person's job *much* more difficult than just diddling with binaries. I don't want to read all that source; I just want to be able to. If the legal remedies are effective, litigation arising from a "successful" virus could bankrupt even a large company like HP. But since nobody can prove that HP stuck the virus into the binary, nobody can pick their pockets. Their lawyers would just need to find someone even moderately knowledgeable (heck, even *I* thought of it!) to stand up in court and rattle off a half-dozen ways that the binaries *could* have been molested. The only thing today's software user can do to protect himself is exercise reasonable judgement in selecting software and HOPE that there's no malicious code secreted within. That's why I'd rather use programs for which the source is freely available and in regular use by a community of talented people sharing their work. It improves my odds.