Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!mips!pacbell.com!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: lev@slced1.Nswses.Navy.Mil (Lloyd E Vancil) Newsgroups: comp.virus Subject: Re: Unix viruses and damaging programs (UNIX) Message-ID: <0007.9104101503.AA06496@ubu.cert.sei.cmu.edu> Date: 8 Apr 91 20:22:43 GMT Sender: Virus Discussion List Lines: 29 Approved: krvw@sei.cmu.edu VALDIS@VTVM1.CC.VT.EDU (Valdis Kletnieks) writes: to vancleef@iastate.edu (Van Cleef Henry H) >"Testing can show the presence of bugs, but not their absence." > >So if you DONT find anything, that does NOT prove your system is >clean, it only means that it's *either* clean *or* the intruder is a >step ahead of you. > >computer criminal. The best is so good that we'll never catch him. >If your system check (whatever its form) actually *finds* anything, >then it won't be an undetected breach anymore. A very scary thought when you consider that the bad guy in "The Cookoo's egg" was caught because of a billing error and the tenacity of one individual. The insights that book offers into the foilables of the typical system manager and the attitudes towards this type of thing are interesting. Would it be better to take for granted that your security has been breached and operate based on that? If you did make that assumption, what would you do to make a first level check? Trust.... - -- * suned1!lev@elroy.JPL.Nasa.Gov sun!suntzu!suned1!lev . lev@suned1.nswses.navy.mil + . + * S.T.A.R.S.! The revolution has begun! * - ----------------- My employer has no opinions. These are mine! --------------- - -