Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!ssbell!mcmi!unocss!ho@fergvax.unl.edu
From: ho@fergvax.unl.edu (Tiny Bubbles...)
Newsgroups: comp.sys.ibm.pc
Subject: Re: Binary: McAfee's SCANV52 (latest version, includes AIDS)
Message-ID: <1367@unocss..unl.edu>
Date: 7 Jan 90 22:28:35 GMT
References: <13153@cit-vax.Caltech.Edu>
Sender: root@unocss..unl.edu
Reply-To: ho@fergvax.unl.edu
Lines: 34

From article <13153@cit-vax.Caltech.Edu>, by tim@cit-vax.Caltech.Edu (Timothy L. Kay):
> Ever since the virus scares started, I have stopped using free software
> unless I really needed it.  I would love to run this virus detector,
> but it seems to me that a virus detector is a perfect place to transmit
> a new virus.
> 
> The only way I would feel comfortable running such a program obtained
> over the net is if it were distributed in source form.  I would then
> compile it myself and use it.
> 
> Does anybody have similar feelings?  Is there a reason that the source
> is not included in the previous posting?

There's a darned good reason for it.  Two, actually.

1.  SCAN is a shareware program.  Mr. McAfee spent a long time writing and
    improving SCAN, and there's no reason why some net.hacker should be able
    to just walk away with the source code.

2.  Knowing the algorithms and scan strings used to find the viruses would
    be a great incentive for some net.hacker to just change his program a
    little -- like by adding a NOP in a judicious place -- to keep it from
    being detectable.

I'm glad you're so careful.  Too many people in the age of AIDS aren't.  But
now that the flu season has started, are you staying inside?

Free software is like sex.  Some are strong enough to eschew it totally, and
miss out on all that it has to offer.  Others take precautions and sleep just
as well at night.
---
	... Michael Ho, University of Nebraska
Internet: ho@hoss.unl.edu		USnail:  115 Nebraska Union
BITnet:   cosx001@UNLCDC3			 Lincoln, NE 68588-0461