Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!hplabs!hpda!hpcuhc!hpsemc!gph
From: gph@hpsemc.HP.COM (Paul Houtz)
Newsgroups: comp.sys.ibm.pc
Subject: Re: Virus 101: Chapter 3
Message-ID: <8090014@hpsemc.HP.COM>
Date: 28 Mar 89 18:20:08 GMT
References: <4035@ttidca.TTI.COM>
Organization: HP Technology Access Center, Cupertino, CA
Lines: 34

I like viruses.

So far, it has been my observation that viruses take advantage of poorly
designed or incompetently implemented systems.

For instance, the internet virus took advantage of the myriad security 
holes in UNIX, and in many Unix OS Vendors STUPIDITY in not re-compiling
the mailer programs with the debug flag turned off.

As far as I am concerned, the widespread virus attack is due to weak and
insecure systems, rather than improper dissemination of virus information.

I would like to see ALL information (including source code) for ALL viruses
disseminated as WIDELY as possible as soon as possible.  Then the
vendors of so-called operating systems like MS-DOS, and the Psuedo-developers
of UNIX would get their collective acts together and work to tighten up 
the holes.

Many parts of UNIX have been sloppily implemented, especially the areas
having to do with security of user's code and data.   As long as this 
situation exits, viruses will continue to be a problem.   The same is
true of MS-DOS.  

To me, it seems profoundly pointless to attempt to keep virus information
secret.   It won't stay secret for long, and it only delays the advent of
tighter systems.   You might as well say that you aren't going to talk 
about communism in schools, because you think the kids might like the idea.

What we really need is for OSF, or some other group, perhaps IEEE or ANSI,
to develop a new standard for OS and Network security, and for vendors to 
really get behind it (as they have with ANSI C).  

You know, viruses flourish only in an environment where they can live and
grow.