Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) Newsgroups: comp.virus Subject: re: FSP and sales figures (was: Into the 1990s) Message-ID: <0004.9106031950.AA02037@ubu.cert.sei.cmu.edu> Date: 31 May 91 16:03:05 GMT Sender: Virus Discussion List Lines: 43 Approved: krvw@sei.cmu.edu >From: microsoft!c-rossgr@uunet.uu.net >If the seed is entered by the user, then there might well be problems >of getting "pre-installed" copies within an organization that al share >the same seed. Ross: we seem to be cross communicating. In our shop we do not use "pre- installed" copies, no two machines are alike anyway & we are running everything from DOS 2.0 up. On installation, the package we use takes 3-5 minutes to take a "snapshot" of the PC and record every executable on it during installation. >And if they have the seed stored on the system anywhere -- sorta >required in order for it to work! -- then the bad guy can find it just >as easily as my own code can. Only if the "bad guy" knows where it is stored and if the offsets are the same on every machine - one of the drawbacks to "pre-installation". If you cannot ensure the physical integrity of the machine all bets are off. It would take a complex and specifically targetted piece of software to be able to determin that you were there (and not some other routine) and bypass it - not for an amateur. One of the problems is that at present there is a single criteria for judging PC protection programs: the number of viruses it detects. In actuality, this is one of the lesser threats that a full package should take care of. >If you want RACF on a PC, you'll have to change operating system, I >think. It looks like you're speaking of authenticity and access >control -- these must be considered important *parts* of an anti-viral >package. But not the whole thing. a) RACF is the only product that I have seen that will tell a user where its holes are (LISTDSD command). b) I am but authentication of the system/programs, not of the user. c) Thats what I said - see multilayer "model" of a few months ago. The points made should still be targets, possible but not necessarily easy. BTW all my cars are Pontiacs. Warmly, Padgett