Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!nstn.ns.ca!news.cs.indiana.edu!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: microsoft!c-rossgr@uunet.uu.net Newsgroups: comp.virus Subject: Re: Into the 1990s Message-ID: <0011.9105232038.AA03593@ubu.cert.sei.cmu.edu> Date: 23 May 91 16:38:42 GMT Sender: Virus Discussion List Lines: 52 Approved: krvw@sei.cmu.edu >From: Y. Radai > > Among Ross Greenberg's points in his reply last week to Padgett >Peterson was the following: >>...[my discussion on FLU_SHOT+'s integrity checking] > Sorry, but I just can't pass over that without comment. Oh. It's *you* again. Just when I thought it was safe to go back into the water. > (No offense meant, Ross, but I'm sure it won't come as a surprise to >you if I mention that in my opinion, a good example of poor product >quality despite presumably good sales figures is the integrity-check- >ing feature of FLU_SHOT+. But since I've discussed FSP enough in the >past, I won't repeat my arguments unless someone asks.) To paraphrase your past arguments for the readership, I believe you commented that FSP's installation was such a pain in the butt that few people used the integrity checking feature FSP includes. You're probably right there, by the way. I would hope that *quality* of the product is not an issue. We might have some disagreements as to whether "fast 'checksumming'" is better or worse than "complex 'checksumming'", but that's a good debate to have in September during the Virus Bulletin's Seminar -- over a coupla beers, I hope. (Hey! Could you bring me a bottle of Macabee? Love it, can't get it here. Bring one for Ken, too!) Quality is an issue that the market does decide, I think. Effectiveness is something that may or may not be related to marketshare. But the market does not buy low-quality products (unless it comes from my competetion, of course. :-) ). They may end up buying slicker *quality* products than less slick quality products, though. >>Resident integrity checking, and access control, is a worthy goal of >>any of the anti-virus products. However, remember that it can and >>*will* be circumvented the first time somebody boots off a floppy. > > That does not have to be true; details in a couple of weeks. This I look forward to hearing more about. Typical security that would prevent this would be either a)playing with the partition record, easily circumvented by a decent disk editor or b)encryption of the disk to prevent circumvention of a). I thought about crypting the disk and realized that I couldn;t afford the liability insurance..... Another option would be in hardware, one I'm starting to think more and more carefully about... L'itrot Ross