Path: utzoo!attcan!uunet!edsews!rphroy!teemc!rolls!terminus!ulysses!andante!alice!debra From: debra@alice.UUCP (Paul De Bra) Newsgroups: news.sysadmin Subject: Re: virus... Message-ID: <8408@alice.UUCP> Date: 8 Nov 88 15:21:41 GMT Reply-To: debra@alice.UUCP () Organization: AT&T, Bell Labs Lines: 35 References: From what I learned about the virus (or worm) so far, the big security hole was known for quite a long time and yet Berkeley and Sun were still shipping their OS with the hole. That's like selling houses with no lock on the back door, knowing that this is a problem, but not doing anything about it. I am not saying that everyone should have maximum security on his house, but there are certain minimal requirements (for insurance for instance). Sometimes it takes a disaster to make people realize that there is a problem. Although it is still not justified to walk into someone's home, I'd rather have the intruder just leave a note behind saying "Gee, do you know you have no lock and anyone can get in with no effort and without breaking anything and steal whatever they want?" than to find an empty house one day. The real problem in Morris' case is to decide whether what he did is comparable to leaving a note behind, or whether there are more malignant aspects to his worm. Luckily most administrators took this warning seriously and improved their security before a real malignant person walked through the open back door to copy vital information or delete everything. Remember that with Challenger there also had been warnings from experts, but it took a disaster to initiate a necessary increase in safety measurements. Fixing the security problem exposed by the worm of course cost a lot of money. But you can't hold Morris' responsible for that I think, because this fix had to be implemented anyway, and it should have been implemented a long time ago. Of course the fix would have been cheaper if it had been implemented in time... Paul. -- ------------------------------------------------------ |debra@research.att.com | uunet!research!debra | ------------------------------------------------------