Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.Dallas.TX.US (John F. Haugh II)
Newsgroups: comp.unix.wizards
Subject: Re: UNIX and viruses
Summary: Read Ken Thompson's Turing Award speach.
Message-ID: <16655@rpp386.Dallas.TX.US>
Date: 10 Jun 89 01:12:59 GMT
References: <19930@adm.BRL.MIL> <4457@ficc.uu.net>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Organization: River Parishes Programming, Plano TX
Lines: 28

In article <4457@ficc.uu.net> peter@ficc.uu.net (Peter da Silva) writes:
>In article <19930@adm.BRL.MIL>, bzs@bu-cs.bu.edu (Barry Shein) writes:
>> Will someone explain to me exactly how usernames and passwords and
>> file protections (a not unknown form of security) will protect against
>> computer viruses??
>
>Thirty-fifteen.
>
>I guess it's time for this again. I originally posted this before the
>Internet Worm Scare.

Anyone interested in a really good paper on trojan horses and trust
should read Ken Thompson's Turing Award presentation.

Ken creates a scenario in which the C compiler and login are in
cahoots to create this security hole which only he [ and dmr ;-) ]
are aware of.

It ends with some very sound advice - eventually a secure OS comes
down to trusting the people who wrote the code.  I don't think GNU
will ever produce a trusted OS for exactly this reason - who is
going to trust people such as Stallman who believes security is
something big companies use to steal from the average Joe?
-- 
John F. Haugh II                        +-Button of the Week Club:-------------
VoiceNet: (512) 832-8832   Data: -8835  | "AIX is a three letter word,
InterNet: jfh@rpp386.Cactus.Org         |  and it's BLUE."
UucpNet : <backbone>!bigtex!rpp386!jfh  +--------------------------------------