Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!ucbvax!hplabs!hp-pcd!hpcvlx!everett From: everett@hpcvlx.HP.COM (Everett Kaser) Newsgroups: comp.protocols.tcp-ip Subject: Re: Implications of recent virus (Trojan Horse) attack Message-ID: <101070001@hpcvlx.HP.COM> Date: 8 Nov 88 18:11:34 GMT References: <1698@cadre.dsl.PITTSBURGH.EDU> Organization: Hewlett-Packard Co., Corvallis, OR, USA Lines: 36 I would propose that there is a place (in our computer-network-society) for persons attempting to write (non-destructive!) viruses. There is no better means of protecting ourselves from destructive viruses than to be constantly testing ourselves with non-destructive ones. Of course, there's two small holes in this logic: 1) there may be a bug in your non-destructive virus which turns it destructive, accidentally; and 2) non-destructive viruses may not find all of the possible holes in the system, ie. a destructive virus may get into the system in a destructive way, which a non-destructive virus would never find. I feel that the risk of hole number 1 is worth the benefits. If a few 100 people KNEW about these holes in the system that were exploited by the recent virus, WHY WEREN'T THEY FIXED? Making a "game" out of non-destructive viruses would have an anology to the military's "war games"; try testing your strategies and tactics in a non-destructive way BEFORE getting into a destructive situation, and hopefully, in that way, cut your losses. Perhaps a university or some other organization could be set up as a "clearing house" for virus tests. Something along the line of: 1) John Doe thinks he sees a hole in the security system. 2) John creates a program to exploit that hole (in a non-destructive way). 3) John takes that program (along with appropriate documentation, to the "clearing house". 4) The "clearing house" would review it for possible destructive behaviour. (This would not be 100% proof that destruction wouldn't occur, but would make the likelihood of it much lower, and provides a means of "licensing" the virus author to do the test without alerting the defenders (sys-admins) that the test is going to be run.) 5) The test is run, and if successful, all systems will be tightened to avoid future use of the hole. Remember, appealing to peoples sense of "morality" doesn't work. There are always terrorists and anti-social people who will behave amorally. Either we can strengthen our own defense, or wait for the terrorists to force us to do it. Everett Kaser !hplabs!hp-pcd!everett