Path: utzoo!utgpu!attcan!uunet!steinmetz!armstrong!elliott
From: elliott@armstrong.steinmetz
Newsgroups: comp.sys.apple
Subject: Re: Z-Link and virus checking
Message-ID: <11700@steinmetz.ge.com>
Date: 2 Aug 88 13:43:02 GMT
References: <24705@think.UUCP>
Sender: news@steinmetz.ge.com
Reply-To: elliott@armstrong.steinmetz.ge.com ()
Organization: General Electric CRD, Schenectady, NY
Lines: 36

In article <24705@think.UUCP> whitney@think.UUCP (David Whitney) writes:
>... I also just added some simple presence-of-virus code. This code will
>detect if Z-Link has been infected by the execution of another virus. It is
>highly unlikely that somebody with malicious intent would be unable to get
>around this protection and install a virus into Z-Link.
>... I'll be adding something much more sophisticated at a later
>date.
>David Whitney, MIT '90                   DISCLAIMER: Nobody knows what I'm up
>{out there}!harvard!think!whitney         to. Don't blame them for my actions
>whitney@think.com                         nor me for theirs.

I think this is a very good idea, and am playing with ideas about how
to do a similar kind of thing with ATP.

You are quite right in your assessment of the problem with this kind of
defense: Anyone who gets their hands on a copy of the "protected"
Z-Link and has malicious intent will probably find it quite fun and
challenging to defeat the virus detector and infect it.

It's possible to make a program quite virus-savvy and tricky in
detecting and warning about infection... But it quickly becomes a game
much like copy protectors versus copy programs, a vicious circle of
increasing sophistication.

For this reason, I think it might be a good idea to talk as little as
possible about whatever virus protections we install in our programs.
Let them exist there silently until their alarms go off and they
protect a user. If we can avoid getting the virus writers interested
in and challenged by our programs, we'll be better off.
 .     .    .    .   .  . ... .  .   .    .    .     .    .   .   .  . ... . .

 Jim Elliott                       /    ...!seismo!uunet!steinmetz!crd!elliott
                                  /            userE2U7@rpitsmts.BITNET
 "Don't look, son, it's          /      Jim_Elliott%mts@itsgw.rpi.edu [school]
  a secular humanist!"          /  (or)     elliott@ge-crd.arpa       [work]
 .     .    .    .   .  . ... .  .   .    .    .     .    .   .   .  . ... . .