Path: utzoo!attcan!uunet!wuarchive!mit-eddie!bloom-beacon!eru!hagbard!sunic!news.funet.fi!uwasa.fi!ts From: ts@uwasa.fi (Timo Salmi) Newsgroups: comp.binaries.ibm.pc.d Subject: Re: viral risk of shareware/PD Message-ID: <1990Oct26.193015.1141@uwasa.fi> Date: 26 Oct 90 19:30:15 GMT References: <6868@castle.ed.ac.uk> Organization: University of Vaasa Lines: 58 In article <6868@castle.ed.ac.uk> own@castle.ed.ac.uk (O Morgan) writes: > I'd like to know peoples opinions about how 'hygienic' it is to > download files from c.b.i.p. (and Ftp sites such as Simtel & chyde.fi). I'll give some information on this from a moderator's point of view. The official stand is the following directly from one of our file lists: No liability is accepted for the consequences of using, or the inability to use, any of these files. No absolute guarantees are given that these programs are clean from nasties, although none have been in evidence. Please duly observe shareware rules wherever indicated. > This is mainly due to colleagues feeeling uneasy at the ammount > of external programs I am downloading for evaluation, and I would like > to know if there is justification for quaranteening my machine. There are no absolute guarantees _whatever_ your sources are. There have even been cases of contaminated commercial products. So your colleagues' safety will never be a 100 per cent whether you keep on downloading or not. At worst you can even catch a virus if you buy a new machine (this has been known to happen). On the other hand, the scare should not be exaggerated. But there is NO damage done if you separate your machine from the rest and having two or three good virus testers. I have one small additional trick up in my sleeve. Put my dtetimal.exe in your autoexec.bat. If dtetimal gets contaminated, it will loudly inform you of the fact. Dtetimal is part of my /pc/ts/tsutil30.arc package at uwasa.fi archives. Also use /pc/pd2/chksum.zip to always check at least your io.sys, msdos.sys, and command.com at boot time. You have a better chance of being alerted if you use these measures. > My feeling is that since these programs are tested and moderated, then > any virus/trojans will have manifested itself before being posted, > (unless it's a delayed action one, using a mechanism that is not catered > for by the antiviral programs?). Not quite. Your picture is a too complacent. We try to test (both the programs per se and their cleanness), but not each and every program is tested individually without fail. > Also, for shareware, since the developper has to identify himself in > order to receive subscriptions, it would seem illogical to include > programs with harmful side effects - then again you never know. This is a slightly different subject. Here we should talk separately of viruses, trojans, and unintentional harmful programming errors, but that would go better under the moderated comp.virus newsgroup. P.S. Damn, I think I'm catching a virus in the original sense of the word. ..... Sneeze! Where the heck are my tissues? :-( ................................................................... Prof. Timo Salmi (Moderating at anon. ftp site 128.214.12.3) School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun