Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: microsoft!c-rossgr@uunet.uu.net Newsgroups: comp.virus Subject: re: FSP and sales figures (was: Into the 1990s) Message-ID: <0004.9106201437.AA20289@ubu.cert.sei.cmu.edu> Date: 18 Jun 91 17:24:44 GMT Sender: Virus Discussion List Lines: 50 Approved: krvw@sei.cmu.edu >From: padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) (Sorry for the delay...off line for a while) >Ross: we seem to be cross communicating. In our shop we do not use "pre- >installed" copies, no two machines are alike anyway & we are running >everything from DOS 2.0 up. On installation, the package we use takes >3-5 minutes to take a "snapshot" of the PC and record every executable >on it during installation. So, then, you have to install the program on each machine. Taking that "snapshot" is a good idea, but still has problems if you use a)a new seed on each machine and b) store that seed someplace where it can be seen by "the bad guy". If someone is going to subvert the code, they're gonna subvert the code and there's nothing we can do about it. It's not as if DOS were a real operating system -- it provides no real protection and simply putting more and more layers of "feel-good-and-warm-and-fuzzy" dressing on DOS simply makes a person *feel* better, but provides them with nothing. If somebody wanted to mcreate a virus that gets around my stuff and the code of everybody else out there, they probably could. Targetting my code is sorta silly: it's too easy to simply go right out to the disk controller if you really needed to. >Only if the "bad guy" knows where it is stored and if the offsets are >the same on every machine - one of the drawbacks to >"pre-installation". If you cannot ensure the physical integrity of the >machine all bets are off. It would take a complex and specifically >targetted piece of software to be able to determin that you were there >(and not some other routine) and bypass it - not for an amateur. Right. So, if they're targetting my code, no protection will suffice, if they are not targetting my code, why bother making things more complex. Your mileage may, of course, vary. > One >of the problems is that at present there is a single criteria for >judging PC protection programs: the number of viruses it detects. In >actuality, this is one of the lesser threats that a full package >should take care of. Well, the efficiency of a package in stopping viral infections has yet to have any scale to measure it by. When such a scale exists, all the vendors will be climbing to the top of that heap, too. Ross (My views, not Microsoft's)