Xref: utzoo comp.misc:2154 comp.sys.ibm.pc:13640 misc.legal:4331 Path: utzoo!mnetor!uunet!pwcmrd!skipnyc!atpal!tneff From: tneff@atpal.UUCP (Tom Neff) Newsgroups: comp.misc,comp.sys.ibm.pc,misc.legal Subject: Re: Commercial liability for distributing a virus Message-ID: <111@atpal.UUCP> Date: 24 Mar 88 19:09:16 GMT References: <500@xios.XIOS.UUCP> Reply-To: tneff@atpal.UUCP (Tom Neff) Organization: Rational Technologies, Inc. Lines: 44 Keywords: virus trojan macmag security Summary: There are a _few_ things you can do... How do we protect ourselves against viruses? [1] PHYSICALLY limit access to the computer, where practicable. Don't let the kids play on it. Don't let your secretary's PC "guru" friend come in and "optimize" her system without your prior approval and direct oversight. Don't let your employees bring in their favorite utilities and editors and chess games and whatnot "from home" or "from the club" and install them on the company's computer. These things may sound like a severe case of "oh, you're no fun anymore," but you do not want to have to explain to the board of directors that you lost a month's worth of revenues because your girlfriend likes to play Asteroids. [2] BACK UP your damn system! Regularly, fully, with verify turned on. I ought to be able to walk into your office with a 15-pound sledge hammer, reduce your workstation to smoldering ruins with a few mighty swings, and cost you no more than a day's work as a result. You know this; everybody knows it. Most people observe it in the breach. 'Nuff said. [3] RUN HIGH TECH vaccines, trojan finders and bug sniffers if you want, but don't rely on them. They will fail you when you need them, I guarantee you. Use this rule of thumb: If your electronic guard dogs successfully detect one virus a month, you will probably be safe for a FQ at a time. If you never see any viruses at all, WATCH OUT because you have *no* idea whether you even *can* detect them! "All quiet" is not reassuring in this game. [4] PLAY WITH YOUR CALENDAR when you install a new package. The MacMag virus, and presumably others written or as yet unwritten, wait for some indeterminate expiration date before they pounce. The easiest, cheapest way to predict whether your current software set will still be running normally next November is to fool your computer into thinking it IS November for a while! There are several loopholes in this approach, but it is still worth trying. One of the high tech sniffers that doesnt exist yet, but should (I hope someone writes it), would change your computer's clock tick rate so that time "flashes by" radically quickly! Let your PC or Mac sit there and experience a year's worth of "time" a la H.G.Wells, while you watch. If there is a time bomb buries inside, it may well go off on cue. These are a few thoughts. Others include avoiding self-extracting archives (pace Phil K.) and README.COM type things - use LIST and ARCE, much safer. I welcome other suggestions. TMN -- Tom Neff