Path: utzoo!utgpu!water!watmath!clyde!rutgers!sri-spam!ames!ll-xn!oberon!pollux.usc.edu!papa
From: papa@pollux.usc.edu (Marco Papa)
Newsgroups: comp.sys.amiga
Subject: Re: Guidelines for virus authors
Message-ID: <6832@oberon.USC.EDU>
Date: 9 Feb 88 02:56:11 GMT
References: <8802072054.AA03747@jade.berkeley.edu> <8261@g.ms.uky.edu> <17301@glacier.STANFORD.EDU>
Sender: nobody@oberon.USC.EDU
Reply-To: papa@pollux.usc.edu (Marco Papa)
Organization: Felsina Software, Los Angeles, CA
Lines: 45

In article <17301@glacier.STANFORD.EDU> jbn@glacier.UUCP (John B. Nagle) writes:
>In article <8261@g.ms.uky.edu> sean@ms.uky.edu (Sean Casey) writes:
>>I have never ever known of a major security bug that lasted long after
>>it's (sic) operation was widely publicized.
>
>      I think he's right.  

I thank that, too.

>     OS/2 is already virus-resistant to some degree, being a protected-mode
>operating system.  When the Mac line gets memory-management
>units (there's a socket in the Mac II) Apple intends to go to a protected
>mode operating system (ref. interview with John Sculley, Computer Currents,
>Dec. 87.).  Sun machines are already reasonably tight, running under UNIX
                                      ^^^^^^^^^^ ^^^^^                ^^^^
>in protected mode.  DEC's VAXstations also have protection.  In each
>case, the protection isn't perfect, but the essential parts are there and
                                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>with some tightening up, each of these systems should be able to resist
>virus programs effectively.

You seem to make the equation:

OS with protected mode == OS protected from viruses

That is unfortunately not so.  And even more with UNIX, which has been shown to
be one of the WORST Operating Systems with respect to protection against 
viruses.  Fred Cohen's "controlled virus experiments" at USC were done on
UNIX systems.  Fred, a PhD graduate of USC and now with the University of
Cincinnati, was prominently featured last week in multi-page articles
in both the Los Angeles Times and the New York Times.  In his thesis he shows
that even the Bell-LaPadula Secure systems are vulnerable to viruses.  UNIX
does not even comes close to that, and its "setuid" and UUCP features make it 
one of the least secure systems.  Bill Landreth's viruses over the ARPAnet a
few years back were done mostly on UNIX systems, connected over ARPA and LANs.

NONE of the systems you have mentioned has the "essential parts" that make
it secure, and NONE of them is "able to resist viruses effectively".  If you 
need references, I'll be happy to e-mail them.

-- Marco

P.S.:
Yes, I was part of Len Adleman's "USC seminar" mentioned in the LA and NY 
Times articles that spent a semester to show how easy is to break into systems.