Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!world!boris From: boris@world.std.com (Boris Levitin) Newsgroups: comp.sys.mac.misc Subject: Re: computer security Message-ID: <1990Nov25.102627.17830@world.std.com> Date: 25 Nov 90 10:26:27 GMT References: <1990Nov21.190134.19749@uncecs.edu> <36149@cup.portal.com> <9779@jarthur.Claremont.EDU> <1990Nov23.054029.2419@midway.uchicago.edu> Distribution: na Organization: The World @ Software Tool & Die Lines: 46 francis@magrathea.uchicago.edu (Francis Stracke) writes: >Look, everybody seems to be assuming that the worst that >could happen as a result of keeping the software would be >legal problems. This is simply not so! If it's all public >domain stuff, taken off the Net, then there is little or >no guarantee that the programs themselves are not dangerous! >Does Sumex scan posted software for viruses before making it >available? Okay, probably--but what about a brand-new virus? >The posted application could be a Trojan Horse. Or the program >could have something seriously wrong with it. Or the author >may have had some sort of a grudge against somebody, and >written a check to do damage to that person in particular, so >that Sumex wouldn't find anything wrong, but the victim (& >those who resembled the victim--possibly an *enormous* >group) would be hurt, and badly. On private machines, we >take our own chances with this sort of thing; but it's >unreasonable to ask the employer to accept that risk. If you are going to be that paranoid, have you considered the possibility of a massively-destructive Trojan horse masquerading as a popular software package, complete with icon, file size and perhaps even a rudimentary interface similar to the original? What about a virus propagated by a perfectly legitimate, legally-purchased and corporate-approved application (a real possibility)? Come on. Viruses and Trojan horses are an unfortunate reality, and users - both corporate and individual - have a variety of means at their disposal to combat these phenomena: antivirus software, INITs that guard against new viruses by demanding user verification of attempts to modify resources (Vaccine, GateKeeper), password-protection of file deletion, file resurrection software (Complete Undelete, Norton UnErase, SUM II Shield), and finally the most foolproof method -- regular backups. It would be understandable and justifiable if a corporate Systems department forced its users to practice safe computing. Arbitrarily deleting from people's systems anything not on the "approved" list, however, just embitters them needlessly and stifles any attempt to make more use of the computer, as well as creative, exploratory and self-reliant tendencies (which, as you might recall, are what has made this country great). Boris Levitin ---------------------------------------------------------------------------- WGBH Public Broadcasting, Boston boris@world.std.com Audience & Marketing Research wgbx!boris_levitin@athena.mit.edu ---------------------------------------------------------------------------- (The opinions expressed herein are my own and do not necessarily coincide with those of my employer or anyone else. The WGBH tag is for ID only.)