Path: utzoo!mnetor!uunet!steinmetz!davidsen
From: davidsen@steinmetz.steinmetz.UUCP (William E. Davidsen Jr)
Newsgroups: comp.sys.ibm.pc
Subject: Re: SUGGESTIONS....
Message-ID: <9571@steinmetz.steinmetz.UUCP>
Date: 16 Feb 88 20:24:40 GMT
References: <495@psu-cs.UUCP>
Reply-To: davidsen@kbsvax.steinmetz.UUCP (William E. Davidsen Jr)
Distribution: na
Organization: General Electric CRD, Schenectady, NY
Lines: 31

In article <495@psu-cs.UUCP> alexc@psu-cs.UUCP (Alex M. Chan.) writes:
>Hello,
>
>	Since that there is a few VIRUS programs being posted on the net
>and they all would do damages to you work. I would suggested that in the
>futher if anyone wanted to post any programs on the net, only post the
>the SOURCE code and all the necessary infomation to compile the programs.

  You are missing two points. Programs are written using at least three
C compilers, two versions of Pascal, and assembler, not to mention
things written on Xenix and cross compiled using tools not available in
DOS. A user could spend thousands of dollars buying the compilers, and
hundreds of hours reading the source code.

  Second, many of the readers of this group are not hackers in all
languages, and wouldn't know what int's did what. If a comment said
"turn on the speaker," they wouldn't realize that it was a disk
controller interrupt. Not *all* trojans are written with comments which
say "no trash the hard disk."

  Finally, I think I could write a program which would take *hours* of
time to locate the trojan, even in source. Give me the executables,
please. I would like the mailing address of the author, but realize that
unless you have a bunch of time you can't write and ship disks for
nothing. It becomes a question of "when is it cheaper to take a chance
than to spend a lot of time protecting myself," it's in the field of
risk analysis. Buy commercial software if you wish.
-- 
	bill davidsen		(wedu@ge-crd.arpa)
  {uunet | philabs | seismo}!steinmetz!crdos1!davidsen
"Stupidity, like virtue, is its own reward" -me