Path: utzoo!mnetor!uunet!husc6!tut.cis.ohio-state.edu!bloom-beacon!bu-cs!bucsb!brianb From: brianb@bucsb.UUCP (Brian Bresnahan) Newsgroups: comp.misc Subject: Re: Commercial liability for distributing a virus Message-ID: <1535@bucsb.UUCP> Date: 25 Mar 88 23:13:53 GMT References: <500@xios.XIOS.UUCP> Reply-To: brianb@bucsb.bu.edu (Brian Bresnahan) Followup-To: comp.misc Distribution: na Organization: Boston Univ Comp. Sci. Lines: 87 In article <500@xios.XIOS.UUCP> dont@xios.XIOS.UUCP (Don Taylor) writes: I have seen several message asking what a virus is, so I will attempt to describe it: A virus is a self propagating program, that as part of its execution, it places a copy of itself somewhere. The virus type that we are discusing here are frequenlty attached to part of the operating system or placed on the boot sector of a disk. The act of booting the machine or acessing a disk will spread the virus, it will spread very rapidly through a set of disks. These programs have varied effects some of them damage the drive information. Some just display messages, some of the more complex ones use time bombs so the virus will spread as far as possible before it goes off. > >[text deleted] >I thought at the time that this made (a sad sort of) sense, but an >article in this morning's Toronto Globe and Mail has started me thinking >that ANY sort of binary is a risk. Apparantly, a Montreal magazine (MacMag) >released a virus that simply (we hope) displayed a pop-up message of peace. >This virus has travelled the world and infected many sites, including a >system at Aldus Corp. It has appeared in software sold by Aldus. This is >really scary stuff. If this had been a malicious virus, then Aldus would >have distributed it on to their customers. > There is no reason why this won't happen more often in the future also, there are some very inidious creations out there and one day a deadly virus may get on the disks for a major software release. An update disk would be most dangerous as it woul propagate much faster. It may show itself in the stores with a new product. >How can we be protected against this? Can software manufacturers be held >responsible for the 'cleanliness' of their distributions? If my disk gets >wiped by a virus distributed with a piece of software that I have paid >hundreds of dollars for, then I am going to want somebody's head, and >I am sure that I would not be alone. My confidence in the big manufacturers >quality control on this sort of thing is pretty low since the day I did >a 'strings' on MS Word (version 2 I think) and I saw a chilling message >that said something to the effect: 'the fruits of evil are bitter, wiping >your hard disk now...'. Bill Gates was questioned about this at the time >and claimed that MS did not authorize the insertion of this message, that >it was done by a co-op student whose intentions were good, but misguided. >Apparantly, this message would be triggered if a copied version of Word >is used without the key disk that was required at that time. It did not >actually wipe your hard disk, just scare you a little. What bothered me >most at the time was that MS let something like this slip by them, this >was something that could have been caught by simply reading the code. How >much more likely is it that somebody will let a much more difficult to spot >virus through? Shudder... > Remember when Ashton-tate threatend to use the worm protection scheme with dBase III, this woul have been wonderful, a glitch on your boot disk and all your data would have been erased,but public relation made them decide against it. One of the problems is that the virus may have been introduced at the production stage and this would be tough to trace liability here. Also current PC software is mostly distributed with 'as is' licenses, that a program works properly is not guaranteed so where would virus invasion fall into that area. What kind of damages could you get even if you won? >Don Taylor ...!uunet!mnetor!dciem!nrcaer!xios!dont > >54, Chimo Drive, >Kanata, >Ontario, >Canada, K2L 1Y9 > >(613-) 592-3894 __________________________ Brian Bresnahan brianb@bucsb.bu.edu