Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!ukma!tut.cis.ohio-state.edu!triceratops.cis.ohio-state.edu!karl
From: karl@triceratops.cis.ohio-state.edu (Karl Kleinpaste)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Implications of recent virus (Trojan Horse) attack
Message-ID: <27064@tut.cis.ohio-state.edu>
Date: 9 Nov 88 14:41:05 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <101070001@hpcvlx.HP.COM>
Sender: news@tut.cis.ohio-state.edu
Lines: 16
In-reply-to: everett@hpcvlx.HP.COM's message of 8 Nov 88 18:11:34 GMT

If you want to suggest ongoing testing of small viruses in order to be
prepared for the big, dangerous ones, that's fine.  One might even
call it noble.  But such testing should be done on ISOLATED networks
in order to preclude the little jewels from going where they're not
intended.  I don't yet accept the idea that the latest worm was
released `by accident'; but even if so, it was grossly careless.

Once you have a physically isolated network, there is of course no
reason to make the test viruses and worms non-destructive, aside from
the time you'll cost yourself in restoring your system following each
local simulated attack.  But knowledge of that restoral cost would be
useful data to have, perhaps as a function of the virulence of the attack.

I would be very angry with anyone deciding to arrogate to themselves
the position of "official network virus tester," and thereby give
themselves permission to abuse my systems from Far Away.