Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) Newsgroups: comp.virus Subject: Re: other ways for viral injection ? Message-ID: <0004.9008081811.AA05229@ubu.cert.sei.cmu.edu> Date: 4 Aug 90 17:58:51 GMT Sender: Virus Discussion List Lines: 33 Approved: krvw@sei.cmu.edu lath@geocub.greco-prog.fr (Laurent Lathieyre) writes: > Alike, did some Trojan horses be discovered in some >operating systems ? I wonder if operating systems shouldn't >preferably be delivered in source form rather than in >compiled form... A nice thought, but very impratical for the following reasons: 1) Many users of PC level products just want to load their systems and go. To require them to compile and build their O/S would effectively eleminate their ability to install the systems themselve. Thus a PC "expert" would come in and do it. This could also lead to even more problems since this person COULD insert whatever was desired and the user would probable not know the difference. 2) The amount of time and effort to build an O/S cna be very long, especially when one moves into the mini and mainframe arena. It takes almost 24 hours of wall time to build OS-1100 for Unisys machines. I don't even want to think how long it would take to compile and build MVS from source. 3) When you release source and the tools to build the O/S, local code WILL creep into the O/S. Maintenance and upgrades become a royal pain, especially when no one documents what they did. ["I know I will remember what I did two years from now and why when we have to upgrade"]. 4) O/S source is a trade secret for many vendors. (As one vendor found out going against IBM) - -- Richard H. Miller Email: rick@bcm.tmc.edu Asst. Dir. for Technical Support Voice: (713)798-3532 Baylor College of Medicine US Mail: One Baylor Plaza, 302H Houston, Texas 77030