Xref: utzoo comp.misc:2141 comp.sys.ibm.pc:13519 misc.legal:4284 Path: utzoo!dciem!nrcaer!xios!dont From: dont@xios.XIOS.UUCP (Don Taylor) Newsgroups: comp.misc,comp.sys.ibm.pc,misc.legal Subject: Commercial liability for distributing a virus Message-ID: <500@xios.XIOS.UUCP> Date: 17 Mar 88 20:01:29 GMT Article-I.D.: xios.500 Posted: Thu Mar 17 15:01:29 1988 Organization: XIOS Systems Corporation, Ottawa, Ontario, Canada Lines: 66 There has been much talk of virus programs lately. Recently somebody posted the advice that s/he would only aquire binaries from a known source, presumably a software manufacturer, that 'free' software without sources is just too risky to use. I thought at the time that this made (a sad sort of) sense, but an article in this morning's Toronto Globe and Mail has started me thinking that ANY sort of binary is a risk. Apparantly, a Montreal magazine (MacMag) released a virus that simply (we hope) displayed a pop-up message of peace. This virus has travelled the world and infected many sites, including a system at Aldus Corp. It has appeared in software sold by Aldus. This is really scary stuff. If this had been a malicious virus, then Aldus would have distributed it on to their customers. How can we be protected against this? Can software manufacturers be held responsible for the 'cleanliness' of their distributions? If my disk gets wiped by a virus distributed with a piece of software that I have paid hundreds of dollars for, then I am going to want somebody's head, and I am sure that I would not be alone. My confidence in the big manufacturers quality control on this sort of thing is pretty low since the day I did a 'strings' on MS Word (version 2 I think) and I saw a chilling message that said something to the effect: 'the fruits of evil are bitter, wiping your hard disk now...'. Bill Gates was questioned about this at the time and claimed that MS did not authorize the insertion of this message, that it was done by a co-op student whose intentions were good, but misguided. Apparantly, this message would be triggered if a copied version of Word is used without the key disk that was required at that time. It did not actually wipe your hard disk, just scare you a little. What bothered me most at the time was that MS let something like this slip by them, this was something that could have been caught by simply reading the code. How much more likely is it that somebody will let a much more difficult to spot virus through? Shudder... I think that this stuff is really serious. Unless some sort of protection against these viruses (virii?) can be devised, then I can't see how public domain and shareware software can continue. I feel that it is now just a matter of time before a major software manufacturer re-distributes a deadly virus with their software with widespread disastrous consequences. Even if the manufacturer could not be held legally liable for the consequences of its negligence, then surely it would go out of business through lack of consumer confidence. Finally, let us not forget that PC software is used in many applications besides the office (clinical, manufacturing, ...). I sure hope that someone can give me some good reasons for not being so pessimistic about this issue. Don. PS. I just heard about a virus generator called OSIRIS. (Cute etymology). Now you don't have to be even moderately competent technically to create and distribute a new virus, anybody with a PC and a modem can start an infection. I should be interested to hear anything about this program. I should like to have my hands around the neck of jerk who wrote it... -- Don Taylor ...!uunet!mnetor!dciem!nrcaer!xios!dont 54, Chimo Drive, Kanata, Ontario, Canada, K2L 1Y9 (613-) 592-3894