Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!apple!oliveb!ames!haven!uvaarpa!hudson!bessel.acc.Virginia.EDU!gl8f From: gl8f@bessel.acc.Virginia.EDU (Greg Lindahl) Newsgroups: comp.sys.atari.st Subject: Re: Right of reply, virus- public, private- a thin line Message-ID: <1200@hudson.acc.virginia.edu> Date: 28 Feb 89 02:52:18 GMT References: <699@orbit.UUCP> <15139@cup.portal.com> Sender: news@hudson.acc.virginia.edu Reply-To: gl8f@bessel.acc.Virginia.EDU (Greg Lindahl) Organization: Dept. of Astronomy, University of Virginia Lines: 52 In article <15139@cup.portal.com> Bob_BobR_Retelle@cup.portal.com writes: > >I disagree that *specifics* of viruses, either source code, or *descriptions* >of how viruses work, can do anything other than guarantee their spread. [ I stopped cross-posting this, since this discussion is ST-specific. ] Um, I wrote a boot-virus-detecting desk accessory based on information posted here. The *specifics* of the virus (that it lived in boot sectors of floppies) were necessary for me to write the detection program and to write documentation detailing how to use the detection program and how to kill these boot viruses. Now say instead someone had posted, "I've seen this virus but I won't tell you how it works. You'll just have to quiver in your boots. But I'll tell Programmer X how it works and he'll provide a cure." Well, that's responsible, right? Except I'm not Programmer X, I don't know Programmer X, and I have no way to prove to the poster that I also deserve the information. So I have to wait 2 weeks for Programmer X to write some virus detection program which may or may not work, or could be a Trojan Horse? And what if I don't like Programmer X's program because it's hard to use, ugly, and wastes disk space? Why, I'm out of luck. Instead, by posting enough specifics for anyone to write a detection program, we get several detection programs in different styles which can be compared to each other. This is the (I hesitate to say it) free market of public domain software, eh? I would like to thank George Woodside for his nice anti-viral programs. But I actually don't use them -- I use my virus-detecting desk accessory, which is only a couple of kbytes and can always be called up at a moment's notice. I don't think that virus source code should be posted to this group. But details should be, because without them we can't get anti-viral programs written, because you never know who to trust with the information. Finally, I'd like to note with some amusement that the "details" about many viruses can easily be gleaned from the instructions on what their effects are and how to kill them. So there is no way to restrict this information anyway. In the case of the boot virus, the first mention of "this virus infects your machine if you boot from an infected floppy" sent me to my BIOS listing, where I found the bootblock checksum routine and wrote my detection .acc in under an hour. [ This .acc is on CI$ and (I think) in the PC7 archives, I think. It's ugly but it's small and works. ] ------ Greg Lindahl | Graduate School: gl8f@virginia.{edu,bitnet} | It's not just a job, ...!uunet!virginia!gl8f | It's an indenture.