Xref: utzoo comp.protocols.tcp-ip:5187 comp.unix.wizards:12176 Path: utzoo!utgpu!attcan!uunet!pyrdc!pyrnj!rutgers!orstcs!beasley!chend From: chend@beasley.CS.ORST.EDU (Donald Chen - Microbiology) Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards Subject: Re: Implications of recent virus (Trojan Horse) attack Summary: So what do we do now? Keywords: virus security Message-ID: <7218@orstcs.CS.ORST.EDU> Date: 7 Nov 88 02:02:16 GMT References: <1698@cadre.dsl.PITTSBURGH.EDU> Sender: usenet@orstcs.CS.ORST.EDU Reply-To: chend@bionette.ucs.orst.edu (Donald Chen - Microbiology) Distribution: na Organization: Oregon State University -- UCS Lines: 72 In article <1698@cadre.dsl.PITTSBURGH.EDU> sean@cadre.dsl.PITTSBURGH.EDU (Sean McLinden) writes: >Now that the crime of the century has been solved and all of the >bows have been taken it is, perhaps, time to reflect a little more >on the implications of what has happened. > text deleted > >Let's look, for a moment, at the effects of this system (whether >intended or otherwise). First, it satisfied a public desire for news >and, one might argue, served as a reassurance to the many technophobes >out there that our systems are as vulnerable as error prone as they, >all along, have been arguing. If you don't think that this might have >social consequences you need only look at things like community bans >on genetic research have resulted from social policy implemented as >a result of public distrust. When I was interviewed by a local news Are you suggesting that the "public" does not have an interest and responsibility to ask for suitable safeguards from what "they" consider to be either dangerous or incompletely thought out? Although people like Jeremy Rifkin have been nuisances to the practical application of bio-engineered tools, they have also caused investigators to more completely think out their studies, AND have forced scientists to explain and defend their approaches and tools to the people who ultimately fund their research. >Second, there is an economic conseqence. Since we were unable to >determine the extent of the programs activities we were forced to >commit programmers time to installing kernel fixes, rebuilding systems, >checking user data files, and checking for other damage. That was >the direct cost. The indirect cost comes from the delay in other Perhaps I am foolish, but I feel some of the responsibility goes to whoever left the debug option in sendmail, and to those who allow promiscuous permissions in their systems. > >If we tolerate those who view the network as a playground where >anyhting goes, we are going to be faced with serious consequences. But >the answer is not to change the character of the network (by increasing >restrictions and decreasing freedom of access), but to promote a sense >of character among the members of the community who work and experiment >in this network. This puts the burden on us to remember that there >is a need for us to encourage, teach, and provide examples of the >kind of behaviors that we need to preserve in order to preserve the >network. > You talk of personal responsibility -to oneself, to one's colleagues, to one's community - and I heartily agree; however, you also talk of the burden we all have to somehow teach and instill in others that sense of rightness which makes the net possible. This does not insure that those whom we teach will listen, and even if they do, that they will do it right away. Perhaps there is an analogy to children who, though they have been told to "do right", test the limits of their freedom, test the extent of their personal strengths. We hope that through time and experience these children will grow to become an integral part of their communities - but it takes time. I do not wish to condone the actions of anyone who disrupts the net or rips out pages from library books or trashes the environment in which we all live. Although our site has not seen evidence for this particular virus, it will, no doubt, be the victim of others. In that vein, we need to protect our site from the thrashings of either childish behaviour or cynical attacks. This means we treat our sites more protectively - viz. the family heirloom - yet no so much that growth and evolution of the system is stifled. I suspect that part of the openess and collegiality which we would like pays its price in these attacks. We can only muted the number and intensity of them Don Chen Dept of Microbiology Oregon State University