Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!apple!agate!shelby!msi.umn.edu!cs.umn.edu!aslakson
From: aslakson@cs.umn.edu (Brian Aslakson)
Newsgroups: comp.sys.mac.misc
Subject: Re: computer security
Message-ID: <1990Nov26.020754.20743@cs.umn.edu>
Date: 26 Nov 90 02:07:54 GMT
References: <9779@jarthur.Claremont.EDU> <1990Nov23.054029.2419@midway.uchicago.edu> <1990Nov25.102627.17830@world.std.com> <1990Nov25.224403.2384@midway.uchicago.edu>
Organization: University of Minnesota, Minneapolis, CSci dept.
Lines: 41

francis@magrathea.uchicago.edu (Francis Stracke) writes:
>the software they install.  They don't want to let their employees
>be responsible, since it's their own jobs on the line.
Not necessarily, in fact, doubtful.  I'm not going to lose my job because
someone downloads a trojan horse.  It is my job to keep up on what is going
on with viruses et al, to install anti-viruses and system protection, and to
educate the users.

>NONE of these things is perfect! An INIT installed before all the protection
>schemes could patch SetTrapAddress to prevent them from being able to
That is why some protection packages come with leading spaces...To be the
first loaded.  And I'll bet you Disinfectant's init is smart enough to know
if it has been modified.
And if you know a good way to mess with anti-viral software, fine, don't tell
us, but do tell John Norstad and Chris Johnson (Disinfectant and Gatekeeper,
respectively).

>HOWEVER, the managers that killed this software definitely had the
>right, even the duty, to make that decision.
If they have a problem with something someone has on their computer, they
should take it up with that person first and not sneak in after hours.
I try to work with my users.  Recently some other people in the CSci dept.
here tried to impose changes without asking any users.  You should have heard
the screaming, especially from the faculty!  Of course now there is going
to be a committee and user input but now people are adversarial.  

>security.  Security always involves a measure of paranoia.
                                       ^^^^^^^--> Yes, a MEASURE.
>Remember: there are two types of paranoia: total and insufficient!
Wrong wrong wrong wrong!!!  Being too paranoid is just as bad as not worrying
at all, maybe worse!  Look under every stone alone the way and you'll never 
get to where you're going.
Remember:  paranoia is:  "a tendency on the part of an individual or group
toward excessive or irrational suspiciousness and distrustfulness of others".
N.B. excessive or irrational.

-- 
Brian Aslakson

aslakson@cs.umn.edu
mac-admin@cs.umn.edu  <-= Macintosh related