Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!cs.utexas.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: WHMurray@DOCKMASTER.ARPA Newsgroups: comp.virus Subject: Spafford's Theorems Message-ID: <0012.9001021304.AA00688@ge.sei.cmu.edu> Date: 22 Dec 89 17:28:00 GMT Sender: Virus Discussion List Lines: 49 Approved: krvw@sei.cmu.edu In general, I agree with theorems 1, 2, and 3. I think that those that deal with the future, are speculative. However, in the same spirit and along the same lines, I offer the following: 1. The amount of damage to data and availability done by viruses to date has been less than users do to themselves by error every day. 2. The press speculation about the DATACRIME virus was much more damaging than the virus. 3. The amount of damage that has been done to trust within the community is orders of magnitude worse. 4. Viruses and rumors of viruses have the potential to destroy society's already fragile trust in our ability to get computers to do that which we intend while avoiding unintended adverse consequences. 5. We learn from the biological analogy that viruses are self-limiting. Clinically, if you catch a cold, you will either get over it, or you will die. Epidemiologically, a virus in a limited population will either make its hosts immune, or destroy the population. Even in open population, a virus must have a long incubation period and slow replication in order to be successful (that is, replicate and spread). 6. The current vector for viruses is floppy disks and diskettes, not programs. That is to say, it is the media, rather than the programs, that are moving and being shared. A virus that is stored on such media will be very persistent. One infected diskette pulled from a drawer may began a new cycle. On the other hand, diskettes as media have a limited life expectancy. Punched paper lasted just a century; 8.5" floppies only a decade. The life of such media is a function of a number of complex factors. The success of the current technology augers for a long life, while the pace of technology suggests that it will be short. 7. AIDS not withstanding, terrorists have more effective and efficient mechanisms at hand. Amateurs have a very high vested interest in a community in which programs can be relied upon to do only what they advertise. It is to be hoped that they can be socialized not "to soil their own sandpiles." Season's Greetings. William Hugh Murray, Fellow, Information System Security, Ernst & Young 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840