Xref: utzoo comp.sys.atari.st:14736 comp.sys.apple:11119 comp.sys.mac:28613 comp.sys.ibm.pc:26252
Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!cornell!biar!trebor
From: trebor@biar.UUCP (Robert J Woodhead)
Newsgroups: comp.sys.atari.st,comp.sys.apple,comp.sys.mac,comp.sys.ibm.pc
Subject: Re: Virus 101: Chapter 3
Message-ID: <389@biar.UUCP>
Date: 17 Mar 89 15:54:49 GMT
References: <4035@ttidca.TTI.COM> <11179@ut-emx.UUCP> <7494@boulder.Colorado.EDU>
Reply-To: trebor@biar.UUCP (Robert J Woodhead)
Followup-To: comp.sys.atari.st
Organization: Biar Games, Inc.
Lines: 26

In article <7494@boulder.Colorado.EDU> fozzard@boulder.Colorado.EDU (Richard Fozzard) writes:
>
>These points are well taken, but just to stimulate the debate, this is from 
>the official statement by Computer Professionals for Social Responsibility
>(CPSR) on the Internet virus :
>
>"An effective way to correct known security flaws is to publish descriptions
>of the flaws so that they may be corrected.  We therefore view the efforts to
>conceal technical descriptions of the recent virus as shortsighted."
>
>from the Winter 89 CPSR Newsletter
>

Ah, "technical descriptions" is one thing, "source code" is another.  Also,
the Internet virus exploited security flaws that were within the power of
system administrators to change.  Macintosh viruses use published features
of the OS that are not likely to change anytime soon (such as the resource
manager).  Publishing a description of "this is what Virus X does; you
can detect is by looking for Y;the following procedure Z will remove it"
is appropriate and laudable.  Publishing "Here is the MPW source code of
the new "Trash your Hard Disk" virus" is an invitation for misbehavior.

-- 
* Robert J Woodhead * The true meaning of life is cunningly encrypted and *
* uunet!biar!trebor * hidden somewhere in this signature...               *
* Biar Games, Inc.  *                       ...no, go back and look again *