Xref: utzoo comp.sys.atari.st:14720 comp.sys.apple:11092 comp.sys.mac:28589 comp.sys.ibm.pc:26230
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!husc6!cs.utexas.edu!ut-emx!osmigo
From: osmigo@ut-emx.UUCP
Newsgroups: comp.sys.atari.st,comp.sys.apple,comp.sys.mac,comp.sys.ibm.pc
Subject: Re: Virus 101: Chapter 3
Message-ID: <11270@ut-emx.UUCP>
Date: 17 Mar 89 14:20:03 GMT
References: <4035@ttidca.TTI.COM> <11179@ut-emx.UUCP> <7494@boulder.Colorado.EDU>
Reply-To: osmigo@emx.UUCP (Ron Morgan)
Organization: Speech Communication UT Austin
Lines: 32

In article <7494@boulder.Colorado.EDU> fozzard@boulder.Colorado.EDU (Richard Fozzard) writes:
>These points are well taken
>"An effective way to correct known security flaws is to publish descriptions
>of the flaws so that they may be corrected.  We therefore view the efforts to
>conceal technical descriptions of the recent virus as shortsighted."

I agree totally with this statement, despite my alarm at the publication
of "Virus 101." My main, basic objection, really, is that comp.sys.mac
is too widely distributed to carry this kind of information. Perhaps a better
approach would have been to ask for correspondence (i.e., e-mail) with those
who were involved in writing antiviral code, and then furnishing them with
the articles. This would have blocked access by users who read comp.sys.mac
via BBS's, read-only setups, etc. Yes, I remember how back in the "good old
days," the net was populated mostly with AT&T techies, researchers and the
like, but let me make it clear that that is not, repeat NOT the case now.

I understand how the information in the article would be useful for virus
fighters, and priceless to a virus author. My analogy to a Reader's Digest
article, where I compared the article to one on "How to Protect Your Home
From Burglars," really isn't a good one. Burglaries are individual, isolated
acts. Viruses are different. It only takes ONE person writing ONE piece of
code to cause utter devastation on a global scale. Would anyone care to wager
that somewhere out there, somebody's not playing with some code, with this
article at his side? That's all it takes. Just one. I hope I'm wrong.

Ron

 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 >  Ron Morgan    {ames, utah-cs, uunet, gatech}!cs.utexas.edu!ut-emx!osmigo  <
 >  Univ. of Texas  {harvard, pyramid, sequent}!cs.utexas.edu!ut-emx!osmigo   <
 >  Austin, Texas        osmigo@ut-emx.UUCP       osmigo@emx.utexas.edu       <
 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+