Path: utzoo!mnetor!uunet!husc6!bu-cs!madd From: madd@bu-cs.BU.EDU (Jim Frost) Newsgroups: comp.sys.ibm.pc Subject: Re: PLANETS.COM Message-ID: <20072@bu-cs.BU.EDU> Date: 21 Feb 88 18:12:38 GMT References: <4435@watdcsu.waterloo.edu> <628@csm9a.UUCP> Reply-To: madd@bu-it.bu.edu (Jim Frost) Followup-To: comp.sys.ibm.pc Distribution: comp.sys.ibm.pc Organization: Boston University Distributed Systems Group Lines: 45 In article <628@csm9a.UUCP> japplega@csm9a.UUCP (Joe Applegate) writes: >in 5 years of telecomputing >and PC support I have NEVER found a bonified trojan!!! Only users who don't >know what their doing! This is a bad stance to take. I've been working with PC's for quite some time and have come across several real trojans. A good case point was the posting of ARC 5.13, which scared a lot of people since genuine ARC utilities are so useful and widespread. If you haven't seen a trojan in 5 years of telecomputing, I'd say that you didn't look too hard. Getting bitten by a trojan has nothing to do with experience; if you don't take proper precautions and you download software from BBS's, you're bound to get hit eventually. Even when you DO take proper precautions, there are a variety of ways that trojans can get around software anti-trojan techniques. Solution: There really isn't one for MS-DOS. I'd suggest using several of the available anti-trojan programs around to inspect programs for trojans, and also to take a backup before using programs that you download. Several people have advocated source-only postings as a method of cutting down on trojans. Several people have commented that source is useless to many users, and that it's relatively easy to hide trojans in source anyway. Source-only postings won't help. As always, take care when dealing with things that you didn't write. Even innocent programs can be dangerous. >I suggest that since most programs contain a copyright for the libraries of the >compilers they were written in that Mr. Widall sell his computer since to him >all programs must be altered trojans (except for those few written in >assembler). I think you should be slower in chastising those who are wrong. We learn from trial and error. I've posted opinions that have been incorrect and have been duly corrected. In the future I try not to make the same mistake again. Mr. Widall may not be as experienced as you -- this is no reason to tear him apart; merely correct him. Happy hacking, jim frost madd@bu-it.bu.edu