Xref: utzoo comp.unix.wizards:11852 comp.misc:3883 comp.sys.amiga:24262 Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!uflorida!haven!ncifcrf!nlm-mcs!vax2.nlm.nih.gov!mjr From: mjr@vax2.nlm.nih.gov.nlm.nih.gov (Marcus J. Ranum) Newsgroups: comp.unix.wizards,comp.misc,comp.sys.amiga Subject: Re: The Usenet Virus: a case history. Keywords: Orson Welles Message-ID: <8286@nlm-mcs.arpa> Date: 21 Oct 88 19:18:07 GMT References: <2836@sugar.uu.net> Sender: nobody@nlm-mcs.arpa Reply-To: mjr@vax2.nlm.nih.gov (Marcus J. Ranum) Organization: Institute For Felinographical Studies Lines: 37 In article <2836@sugar.uu.net> peter@sugar.uu.net (Peter da Silva) writes: > > The Usenet virus: a case history. > (A cautionary tale). Actually, calling them 'virus'ses is a beautiful description - and just like virusses that infect humans 90% of the defense is common sense. It's just like getting a venereal disease: if you play around with code that is not from reputable sources, or if you don't exercise caution, you may have a problem. I mean, compiling some sleazy public domain deamon as "root" and doing a "make install start" is the same level of thoughtlessness as doing intravenous drugs with someone you just met in a bar :-) -and when something goes wrong, you deserve as much pity. I use lots of the code that I see on the net. My defense seems to be pretty good, since I am so busy that I almost never even unshar a file until I have forgotten about it for at least a week. That greatly increases the chance that someone else will have already looked at it. And, of course, if it isn't source code, you bet I'm not going to run it on my machine unless it comes from a reputable source (someone I know personally who WROTE it, or a big company that has too much to lose to play games). There are also some "names" on the net you learn you can trust. Sure, someone could hack something into the diffs for "perl", but I expect that someone would notice. Of course you're NOT going to protect yourself from EVERYTHING by just showing common sense, but it really helps. I've found that thinking of virusses as "cybernetic VD" makes it pretty easy to know how to react when someone gives me a floppy disk of PD utilities, sans source. It's not a "paranoid" attitude - it's not a "don't use anything you didn't BUY" attitude, it's just that mommy always used to tell me: "Don't put that in your mouth if you don't know where it's *BEEN*". And if you don't have backups, you're so stupid you should give me a call and buy this 900Gb write only memory I'm selling. --mjr();