Path: utzoo!attcan!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!purdue!decwrl!labrea!agate!e260-4b.berkeley.edu!laba-3ar
From: laba-3ar@e260-4b.berkeley.edu (Case Larsen)
Newsgroups: comp.sys.amiga.tech
Subject: Re: IRQ virus
Message-ID: <18674@agate.BERKELEY.EDU>
Date: 2 Jan 89 22:00:28 GMT
References: <5601@cbmvax.UUCP> <5602@cbmvax.UUCP> <10788@s.ms.uky.edu> <18668@agate.BERKELEY.EDU> <3200@sugar.uu.net>
Sender: usenet@agate.BERKELEY.EDU
Organization: University of California, Berkeley
Lines: 24

In article <3200@sugar.uu.net> peter@sugar.uu.net (Peter da Silva) writes:
>In article <10788@s.ms.uky.edu> sean@ms.uky.edu (Sean Casey) writes:
>>It's going to get a whole lot worse before it gets better. The biggest
>>light at the end of the tunnel is probably a protected mode OS with
>>enforced privileges. Once debugged, at this would at least protect the
>>system files from a user running a virus.
>
>This wouldn't be enough. You would also need multiuser protection, and you
>would need the USER to have enough discipline to not just sit in root all
>the time, as home-unix folks are wont to do.
Even if the user doesn't sit in root, he could still run a trojan horse 
program that modifed all of his files (excluding protected system files.)
There is no way to prevent this short of checking each program for 
suspicious looking code before it is run.

>-- 
>Peter "Have you hugged your wolf today" da Silva  `-_-'  Hackercorp.
>...texbell!sugar!peter, or peter@sugar.uu.net      'U`


-----
Case Larsen
clarsen@garnet.berkley.edu (internet) (Best)
..!{ames|hplabs|decvax}!ucbvax.berkeley.edu!garnet!clarsen (UUCP)