Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!uw-beaver!tikal!sigma!roman
From: roman@sigma.UUCP
Newsgroups: comp.sys.ibm.pc
Subject: Re: Stopping Trojans
Message-ID: <1148@sigma.UUCP>
Date: Fri, 17-Apr-87 15:10:49 EST
Article-I.D.: sigma.1148
Posted: Fri Apr 17 15:10:49 1987
Date-Received: Sat, 18-Apr-87 09:07:33 EST
References: <537@faline.bellcore.com> <1007@ubc-cs.UUCP>
Reply-To: roman@sigma.UUCP (Bill Roman)
Organization: Summation, Inc., Kirkland, WA
Lines: 22
Summary: post the sources

In article <1007@ubc-cs.UUCP> andrews@ubc-cs.UUCP (Jamie Andrews) writes:

>     karn@faline's idea was to publish checksums of popular shareware
>programs.  Unfortunately, this means that anyone who wants to post
>"popular shareware program X, with my nifty modifications" is under
>suspicion.

If the program has "nifty modifications" doesn't this imply that the
person posting has source?  Post the sources.

>     Surely the best way for users to detect trojan horses is via
>a program which would convert code to a format with the crucial
>system calls replaced by non-destructive ones, for testing
>purposes.

This will cause software guerillas to avoid system calls and find
non-obvious ways to implement their attacks.

The best way for users to detect trojan horses is to carefully peruse
and understand the source code prior to compiling it themselves.

Post the sources.  Free Software Forever!