Path: utzoo!utgpu!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!purdue!haven!adm!smoke!gwyn From: gwyn@smoke.BRL.MIL (Doug Gwyn ) Newsgroups: comp.unix.wizards Subject: Re: Implications of recent virus (Trojan Horse) attack Keywords: virus security Message-ID: <8844@smoke.BRL.MIL> Date: 10 Nov 88 02:07:54 GMT References: <1698@cadre.dsl.PITTSBURGH.EDU> Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) Distribution: na Organization: Ballistic Research Lab (BRL), APG, MD. Lines: 37 In article <1698@cadre.dsl.PITTSBURGH.EDU> sean@cadre.dsl.PITTSBURGH.EDU (Sean McLinden) writes: >(In spite of reassurances from here and CMU, the local media still >insisted on the headline "Defense Computers invaded by virus.") The media was right. For example, VGR.BRL.MIL was inoperative for days while we studied the virus here (since that system had already been infected). VGR.BRL.MIL plays a key role in several projects that are important to the national defense. Other military sites are known to have been affected. Fortunately we have been able to characterize the behavior of the virus and now know that it did not alter critical databases (for example). >Second, there is an economic conseqence. Since we were unable to >determine the extent of the programs activities we were forced to >commit programmers time to installing kernel fixes, rebuilding systems, >checking user data files, and checking for other damage. We spent our time instead determining the exact extent of the virus's abilities. As a result we found that we did not need to worry about the effects of Trojan horses, etc. (which could well have been part of what the virus/worm did, although we were lucky this time). >"virus" (which is really more of a Trojan Horse), ... It could be considered a "worm" but not meaningfully a Trojan horse. It had the opportunity to install Trojan horses but didn't do so. >low level of ethical maturity. So where is the student to learn better? The current culture is founded more on the philosophy of pragmatism than anything else, and accordingly the student is encouraged in his belief that nearly anything is okay so long as he doesn't get caught. If you want to establish rational values as the norm, you have your work cut out for you. It's a worthwhile goal, but won't be accomplished quickly.