Xref: utzoo comp.sys.atari.st:14705 comp.sys.apple:11075 comp.sys.mac:28545 comp.sys.ibm.pc:26207 Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cwjcc!hal!nic.MR.NET!umn-cs!bungia!orbit!pnet51!shawn From: shawn@pnet51.cts.com (Shawn Stanley) Newsgroups: comp.sys.atari.st,comp.sys.apple,comp.sys.mac,comp.sys.ibm.pc Subject: Re: Virus 101: Chapter 3 Message-ID: <768@orbit.UUCP> Date: 16 Mar 89 22:25:10 GMT Sender: root@orbit.UUCP Organization: People-Net [pnet51], Minneapolis, MN. Lines: 51 holland@m2.csc.ti.com (Fred Hollander) writes: >In article <11179@ut-emx.UUCP> osmigo@emx.UUCP (Ron Morgan) writes: >>[George Woodside posts a continuation of "Virus 101"] >> >>You mentioned 1 out of 4 e-mail respondents falling in the "you idiot!" >>category. Count me, too, you idiot...|-:} > >[stuff deleted] > >>Your articles remind me of a Reader's Digest article I saw some time back >>on "How to Protect Your House From Burglars." It was the best article on >>"How to burglarize a house" I'd ever seen. >> >>Ron > >Not that I've read it but, you've just supplied an excellent example of how >distributing information can be helpful for the *good* people. Probably the >best way to learn how to protect yourself from burglars is to learn how they >work. A good burglar makes a good security consultant. > >By publishing known methods used by computer viruses, people can write >software to detect, kill or prevent viruses. Software can be designed >to protect itself from infection. I think if you could keep everyone >in the dark, we would all be much more vulnerable to infection and >less equipped to combat an infection. I think that compares more with police vs. burglars, or security systems vs. burglars. It only takes one programmer with virus code to mess up many users, and there are many more users than programmers. Tell me how unreasonable this is. Someone publishes virus code. Some programmers take up the code, mutate it a bit, and distribute the mutant virus(es). Other programmers realize what has happened (after the fact), and produce code to protect against those strains. The virus-writers produce code to avoid the protection. And so on. I'm told this is already happening. Now I ask, if virus code is published, and this is the result, then why spread more virus code? It leaves the users in the middle of efforts on both sides of the problem. The problem can only be solved after damage is done. It's a sticky problem, no? Knowledge is protection, to a point. And if anyone wishes to have that knowledge, I'm not against them having it. I don't think it should be kept from those who want it, but I do think that there are those that, if the code wasn't put into their hands without them having asked for it, might not have written viruses. To want to do something generally invokes more of a sense of responsibility. To do something "just because it's there" requires much less... UUCP: {uunet!rosevax, amdahl!bungia, chinet, killer}!orbit!pnet51!shawn INET: shawn@pnet51.cts.com