Path: utzoo!utgpu!attcan!uunet!husc6!uwvax!tank!nucsrl!gore From: gore@eecs.nwu.edu (Jacob Gore) Newsgroups: news.sysadmin Subject: Re: Using part of the virus Message-ID: <3790001@eecs.nwu.edu> Date: 7 Nov 88 18:00:17 GMT References: <535@dutrun.UUCP> Organization: Northwestern U, Evanston IL, USA Lines: 35 / news.sysadmin / spaf@cs.purdue.edu (Gene Spafford) / Nov 7, 1988 / >In article <11581@bellcore.bellcore.com> karn@jupiter.UUCP (Phil R. Karn) writes: >>It sure would be nice if Morris (or someone at Cornell with access to his >>files) were to release the complete, original source for the object portion >>of the virus. > >Good heavens, no! At least, it shouldn't be widely published! >[reasonable reasons for not doing it.] Fine. There is another way. There ARE many people who are still uneasy about this (I should know, I'm one of them). After all, this person made an important tradeoff decision: by making the main body of the worm object-code only, he had to limit its distribution to machines of only two architecutes. If he had nothing to hide, why not distribute it in source form instead? It would spread much farther that way. That's the main reason that I spent all those ours worrying about the damned thing -- I could not be sure it was malignant, and I had a very strong suspicion that the author had something to hide. I'm sure many other people who worked on it have the same views. I WOULD be much more comfortable if the complete, original source was submitted to Berkeley (or any other place we can trust), and they compiled it and compared it with the worm's binaries. That way, the source would not have to be published, so fewer people would try to exploit it (it's extremely naive to think that GOOD crackers can't figure out enough of what the worm did without seeing the source). I guess I'm not that comfortable with the idea of reliably uncompiling C code. True, I know nothing about that. But come on, guys, humor us. After what we've all been through, the least Morris can do is help as all gain some peace of mind. Jacob Gore Gore@EECS.NWU.Edu Northwestern Univ., EECS Dept. {oddjob,gargoyle,att}!nucsrl!gore