Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!agate!garnet!weemba From: weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) Newsgroups: news.sysadmin Subject: Re: Virus in the future? Message-ID: <16919@agate.BERKELEY.EDU> Date: 13 Nov 88 00:23:16 GMT References: <74@dsoft.UUCP> <6470@galbp.LBP.HARRIS.COM> <16720@agate.BERKELEY.EDU> <1988Nov10.165136.25593@utzoo.uucp> Sender: usenet@agate.BERKELEY.EDU Reply-To: weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) Organization: Brahms Gang Posting Central Lines: 68 In-reply-to: henry@utzoo.uucp (Henry Spencer) >>> ... all the more reason to roast this guy over slow coals. If >>>others see him get away with it (and probably end up with a good job >>>in computer security to boot) they will definitely get the idea that >>>this is the "in" thing to do... [someone] >> [my comments] >I don't see anybody suggesting that the legal system is going to be our >sole protection, even if we crucify Morris Jr. [Henry] That's how I interpret comments like >>> above. I simply do not expect Morris to get much in the way of punishment, and so statements that em- phasize the important of such punishment strike me as so much ostrich thinking. > Of course there is always >going to be the occasional bozo. But we can never have perfect security. >The most we can do is stack the deck in our favor IN AS MANY WAYS AS WE CAN. >The number of successful penetrations is the product of two numbers: the >number of attempts and the probability of success. To reduce that product >to the smallest number possible, we have to reduce *both* factors. I believe that the best way to reduce the former number is by making the latter much smaller. We've all gotten so lackadaisical about UNIX and net security that we just take it for granted that the first number is embar- rassingly large. Knock down the second number a serious amount, and the number of attempts will go way down when the new very large failure rate becomes generally known. The point is, while perfect security is a chimera, security against all but the most determined foe seems a reasonable goal to aim for. But you know what? People don't want to even do that! For example: Karl has cited the anon ftp bug getting fixed in secret as being proof that the system works. Utter hah. A friend who likes this sort of scuttlebutt has told me that the fix simply hasn't been put in at numerous sites that still offer anon ftp. So what happens when Worm version 2 comes around using the FTPD bug (and probably 80% of the pass- words that Worm version 1 gleened on its first trip around, assuming that RTM saved them somewhere and someone else has filched them to a safe spot)? Another round of screaming how DARE so-and-so? Dare or not simply seems mighty irrelevant to me: if your machine is important to you, you'll be ready for it. And if everyone took the attitude that their machine was important, then the charm of writing Morris worms will wear off. Which is just as effective as a massive raising in cracker ethics. > So we >reduce the probability of success by tightening up our systems, AND we >reduce the number of attempts by making it clear that success brings >punishment, not reward. The two approaches are not mutually incompatible! No. As I said, I just don't believe the second will occur. And acting as if it will is thus dangerous (in my eyes). Defining things like viruses and worms and no doubt illegal computer access in general requires one to solve the halting problem. (Eg, is a program that loops until it finds a counterexample to Fermat's Last Theorem, at which point it invades other machines, a worm or not?) Will *any* attempt at legislation here be thrown out on constitutional grounds as too vague? Not a pleasant thought, but one that must be faced. Especially because the relevant laws are too vague RIGHT NOW: they have to go throw actual court cases and appeals and so on before their scare value can be estimated, let alone relied on. Aiyiyi. To me, the only hope is a widespread realization the we can only reduce the number of attempts by making it clear that success is damned unlikely. ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720