Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!psuvax1!hsdndev!spdcc!rbraun
From: rbraun@spdcc.COM (Rich Braun)
Newsgroups: comp.unix.admin
Subject: Re: Questions about UNIX viruses
Message-ID: <7151@spdcc.SPDCC.COM>
Date: 2 Apr 91 17:38:39 GMT
References: <1991Apr01.203128.13427@esleng.ocunix.on.ca> <1177@cthulhuControl.COM>
Organization: Kronos Inc., Waltham, Mass.
Lines: 20

I have the same problem.  Our company is adding a number of Unix systems to
a large, existing network of DOS systems.  A recent problem with a DOS virus
has some of our management edgy, to the point of asking "why shouldn't we
just isolate the engineering department entirely?"  I do not post directly
from my company, as we have no Internet connection and none is likely unless
I can (a) cost-justify it and (b) come up with solid arguments as to how
I can guarantee system integrity and file security.

If there are any published accounts (books, papers, magazine articles)
available on this subject, I'd love to have them in order to present
better arguments.  Detailed descriptions of past security problems (with
things like TCP/IP, uucp, SCO Unix, ISC, AIX) and how they were resolved
would be real useful.  I personally know that the class of problems under
Unix is vastly different from the "virus" concept of personal computers,
but it's hard to explain to those who aren't familiar with Unix.

A free flow of information is what every engineer wants, and what every
executive fears.

-rich