Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!biar!trebor
From: trebor@biar.UUCP (Robert J Woodhead)
Newsgroups: comp.sys.atari.st
Subject: Re: Virus 101: Chapter 3
Message-ID: <386@biar.UUCP>
Date: 16 Mar 89 14:26:08 GMT
References: <4035@ttidca.TTI.COM> <11179@ut-emx.UUCP> <72298@ti-csl.csc.ti.com>
Reply-To: trebor@biar.UUCP (Robert J Woodhead)
Organization: Biar Games, Inc.
Lines: 54

In article <72298@ti-csl.csc.ti.com> holland@m2.UUCP (Fred Hollander) writes:
>Not that I've read it but, you've just supplied an excellent example of how
>distributing information can be helpful for the *good* people.  Probably the
>best way to learn how to protect yourself from burglars is to learn how they
>work.  A good burglar makes a good security consultant.

The real criterion for publishing potentially damaging information should
be "Will it do more harm than good?"  I freely share information about
viruses on a 1-1 basis, where I can have the opportunity to make a judgement
about the person I am imparting the information to.  But I would never do
it in a news posting, because in that venue, I have no ability to judge
the motivation of individual readers.

The problem with Virus 101 postings is that they went into a level of
detail greater than required by the average reader.  So the audience
consisted of three groups (in order of size).

* casual readers, who might like to know, but are not going to use
  the information.
* people who already knew most or all of this stuff anyway.
* people who might potentially misuse it.
* people who have a legitimate need for this information.

The real target for the in-depth info in the postings was the last one.
The question is, was "broadcasting" the way to get this information
to them, given the potentially larger group of misusers?

>By publishing known methods used by computer viruses, people can write
>software to detect, kill or prevent viruses.  Software can be designed
>to protect itself from infection.  I think if you could keep everyone
>in the dark, we would all be much more vulnerable to infection and
>less equipped to combat an infection.

Everyone needs to know about Viruses.  They need to know how, _in_general_,
viruses work.  They _dont_ need to know about the cute infection vector
used by the XYZ virus.

People already have written tools to detect, kill and prevent viruses (I
being one of those people).  Anyone interested in learning how to do this
can get the technical information required quite easily through non
"publishing" channels.

Anyone writing software can _detect_ that they have been infected in about
20 lines of code (on the Mac, at least).  Just keep a record of the size
and contents (simple checksum) of each of your code bearing segments (CODE,
INIT, etc).  Check them each time you boot; if they have changed, or a new
resource has appeared, warn the user that a virus is in his program.

See - I just disseminated some information responsibly.  ;^)

-- 
* Robert J Woodhead * The true meaning of life is cunningly encrypted and *
* uunet!biar!trebor * hidden somewhere in this signature...               *
* Biar Games, Inc.  *                       ...no, go back and look again *