Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!mit-eddie!uw-beaver!ubc-vision!ubc-cs!andrews
From: andrews@ubc-cs.UUCP (Jamie Andrews)
Newsgroups: comp.sys.ibm.pc,sci.crypt
Subject: Re: Stopping Trojans
Message-ID: <1007@ubc-cs.UUCP>
Date: Tue, 14-Apr-87 13:13:34 EST
Article-I.D.: ubc-cs.1007
Posted: Tue Apr 14 13:13:34 1987
Date-Received: Sun, 19-Apr-87 10:44:26 EST
References: <537@faline.bellcore.com>
Reply-To: andrews@ubc-cs.UUCP (Jamie Andrews)
Organization: UBC Department of Computer Science, Vancouver, B.C., Canada
Lines: 22
Xref: mnetor comp.sys.ibm.pc:3373 sci.crypt:339


     karn@faline's idea was to publish checksums of popular shareware
programs.  Unfortunately, this means that anyone who wants to post
"popular shareware program X, with my nifty modifications" is under
suspicion.  It would mean that an inferior program could become the
standard due simply to having been listed in journal Y -- which may
well be what some very cautious users want, but may not ultimately
be good for the user community.

     Surely the best way for users to detect trojan horses is via
a program which would convert code to a format with the crucial
system calls replaced by non-destructive ones, for testing
purposes.  This may not be easy to do with current machine and
OS architectures; I would suggest that the computer and OS
developers should make it easy.  Unfortunately, this sounds like
a job for the Free Software Foundation, as developers have no
interest in producing products that will make it safer for users
to use PD software.

--Jamie.
...!seismo!ubc-vision!ubc-cs!andrews
"We have to touch people" --J.Bronowski