Path: utzoo!mnetor!uunet!husc6!ukma!sean From: sean@ms.uky.edu (Sean Casey) Newsgroups: comp.sys.amiga Subject: Re: The REAL virus problem Message-ID: <7977@g.ms.uky.edu> Date: 4 Jan 88 20:13:03 GMT References: <7967@g.ms.uky.edu> <265@coplex.UUCP> Reply-To: sean@ms.uky.edu (Sean Casey) Organization: The Leaning Tower of Patterson Office @ The Univ. of KY Lines: 54 In article <265@coplex.UUCP> jim@coplex.UUCP (Jim Sewell) writes: >In article <7967@g.ms.uky.edu> sean@ms.uky.edu (Sean Casey) writes: >> >>The designers at Commodore Amiga should have never made it possible to >>install a virus in such a way. One *cannot* rely on ignorance as >>protection against programmers with bad intentions. >> > Interesting how you put the blame off on the developers of the Amiga! >I am sure that if you studied aspects of development and MAINTENANCE of a >computer system I not only have studied it. It's my job. That's how I pay the rent. >you would find quite a good reason to put in the gap in the >boot sector of the disk. It has to do with improvements to the computer's >operating system without totally rewriting the whole thing. This allows us >to run 1.1 programs on our 1.2 kickstart systems. The guys did all they could >within reason and I for one think they deserve a hats-off instead of "it's all >your fault." attitudes. You missed the point entirely. The complaint was *not* about the gap in the boot sector on the disk. That really has nothing to do with it. The complaint was that they made it possible for a program to grab control of the machine after warm boot and before workbench (reread my article carefully, I *hate* being misinterpreted). I assume the point of this was to allow a hook for some kind of debugger. Now quite frankly, I like the idea. But, as I pointed out earlier, it is a horrible security bug. Commodore knew this, and elected to keep the information secret as a means of protection. My other point was that one cannot rely on secrecy as protection against malicious programmers. This was a mistake, but one that can be cleared up. Commodore could release a "more secure" kickstart that would not pass control to the hook address. If one really wanted a hook available, perhaps holding down a mouse key during reboot would enable the hook. It's really a trivial solution, but it does require a new release of Kickstart, which is a royal pain for everyone. The question is: When will the viruses become such a problem that they overshadow the difficulty involved in a new Kickstart? Finally, remember that most Amigans don't have Usenet access. Most of them probably don't even read Amiga magazines. What will they do when their disks are suddenly being erased? Sean -- -- Sean Casey sean@ms.uky.edu, sean@UKMA.BITNET -- (the Empire guy) {rutgers,uunet,cbosgd}!ukma!sean -- University of Kentucky in Lexington Kentucky, USA -- "My feet are wet."