Xref: utzoo comp.sys.atari.st:14929 comp.sys.apple:11470 comp.sys.mac:29031 comp.sys.ibm.pc:26575 Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!biar!trebor From: trebor@biar.UUCP (Robert J Woodhead) Newsgroups: comp.sys.atari.st,comp.sys.apple,comp.sys.mac,comp.sys.ibm.pc Subject: Re: Virus 101: Chapter 3 Message-ID: <406@biar.UUCP> Date: 25 Mar 89 17:52:45 GMT References: <816@orbit.UUCP> Reply-To: trebor@biar.UUCP (Robert J Woodhead) Followup-To: comp.sys.atari.st Organization: Biar Games, Inc. Lines: 49 In article <816@orbit.UUCP> pj@pnet51.cts.com (Paul Jacoby) writes: >Indeed, how does one know an 'expert in need of detailed information' from a >charlatan? Especially in our faceless electronic universe? > > ... > >The whole virus issue is just as polarizing... I agree. There are always problems when you want to determine who has a proper "Need to know". Like most other things in life, it's a balancing act. When _you_ or _I_ make a decision to post information about a virus, we _must_ think for a moment and say "Will this information do more harm than good to the population of computer users it might affect (this is not just the readers btw)?" That is the central judgement that must be made by the disseminator of information. Let's assume I have dissasembled the latest virus. What information do I broadcast? Clearly, I should publish a _description_ of the virus, what it does, and how to detect / repair it. This will allow users to determine if they have been infected, and take appropriate steps. Lets say that message is read by Snidely Whiplash's teenage hacker son. Will this data allow him to create a new virus. No - it does not give him any information about virus writing he didn't already have, or, if he is a decent programmer, could not trivially deduce. Next level : I disassemble the virus and find it has a tricky new infection vector used to avoid current "Watchdog" init's like Gatekeeper. Publically, I would state "This virus beats Gatekeeper vX.Y". Privately, I would get in touch with anti-virus toolmakers and disseminate the information about how it does so, and suggest remedies. Most likely I would do so by sending an example of the virus to interested parties whom _I_ judged to have a need for it. Snivelly Whiplash (the aforementioned son) could eventually get a copy of this virus; however, by limiting access to the information to people _I_ judge (my call, I'm responsible for my actions) to need it, I give the anti-virus toolmakers time to upgrade their products before Snively comes out with a mutant strain. Finally : I have the MPW source code to the latest strain. I would learn what I could from it; disseminate information on the above levels; and destroy the source code. I would not distribute it in any way. Consider what happened with nVIR with all the mutant strains, and now Hpat and AIDS. Jerks who can cut and paste are putting out mutant strains, all because the author (who shouldn't have written the damn thing in the first place) let the source code out. -- * Robert J Woodhead * The true meaning of life is cunningly encrypted and * * uunet!biar!trebor * hidden somewhere in this signature... * * Biar Games, Inc. * ...no, go back and look again *