Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!vsi1!altnet!uunet!portal!cup.portal.com!
From: dan-hankins@cup.portal.com (Daniel B Hankins)
Newsgroups: comp.sys.amiga
Subject: Re: The ultimate fix!!!
Message-ID: <10201@cup.portal.com>
Date: 19 Oct 88 22:40:29 GMT
References: <681@zehntel.UUCP> <3084@hermes.ai.mit.edu> <4197@thorin.cs.unc
Organization: The Portal System (TM)
Lines: 40

In article <729@wsccs.UUCP> terry@wsccs.UUCP (Every system needs one)
writes:

>What good is a virus people can read? (for that matter, what good is a
>virus, other than as an example of how to keep code running across a warm
>boot?).

1. In theory, a virus would be a good way to implement distributed
   processing.  However, its potential for mischief makes this much too
   dangerous a path to pursue.

2. Remember the CHRISTMA bacterium?  It was in Rexx, and it wasn't even
   compressed.  Anybody could read it, yet it managed to clog IBM's network
   in a matter of hours.  I was one of the poor suckers who looked at the
   first page of code, looked at who it was from, and concluded that it was
   okay to run it.  Boy was I wrong.

   Ever try to read a LISP program or APL program of more than fifty lines?
   Was it fun?  Most people won't bother to read source code for their
   interpreters, even the more understandable ones.


     An assumption that has permeated this entire virus discussion is that
the sole purpose of viruses is to damage as many systems as possible.  I
say that this is not the case.  Computer vandalism is simply the most
*visible* form of hostile code.

     I find it easy to imagine a thief creating a virus that does no
destruction of data;  rather it propagates till it reaches a bank system
or corporate accounting database and then proceeds to transfer funds.  Or a
spy creates one that propagates until it reaches systems on which sensitive
data are kept.  It then transmits the data to a 'drop' point.

     You are unlikely to hear reports of such programs here or on the news;
First, such viruses (if well-written) are unlikely to attract attention
until after they have completed their objectives.  Secondly, banks and the
military are loathe to admit that their system security has holes.


Dan Hankins