Questions about UNIX viruses

[John Chambers]

> >I am facing this at my job (which is not at Princeton University).  The
> >company I work for has a policy of (almost) no internet connections.
> >Worse, it has a policy that we are not to have any non-company-owned
> >software on our computers.  This means no software from Usenet.  I
> >think the goal may be reasonable, but I think the means are not for two
> >reasons: 1. the policy probably won't work, and 2. it restricts free
> >exchange of ideas.  The latter, in my belief, affects productivity, so
> >bottom-line-watchers ought to care about it too.
> 
> I would agree that this is a foolish policy.  I can understand their
> security fears, but I believe that the free exchange of ideas is
> extremely important in a scientific/engineering community.

Yeah; this is why historically most scientific advances have come from
government and university researchers, not from corporations.  The few
exceptions  are  mostly places like Bell Labs, and it's hard to make a
convincing argument that AT&T is really a private corporation;  it  is
more  of a government department thinly disguised by a veneer of paper
to make it look legally private.  The Internet arose from the ARPAnet,
which  was  developed  mostly  at  universities (and a few places like
BB&N) with government funding. Sun's NFS was developed at Stanford.  X
windows was developed at MIT (with DEC and IBM funding, true, but with
repeated firm statements by MIT people that *nothing* developed  there
was  proprietary).  Real  advances  require  open  communication among
developers; corporations usually don't even allow this internally.

> Most successful attacks on UNIX boxes that I know of have come in
> straight through the front door.  Nothing so fancy as net software
> that had secret password cracking stuff in assembler coded into the
> error messages that got executed if the machine was a Sun.
> 
> Just look at the fameous Internet Worm.  Everything it did relied on
> bugs in the vendor supplied software, or in shortcomings in the way
> people chose their passwords.

If  you  read any summary of worms/viruses/etc., one thing that really
stands out is that almost all of them take advantage of  the  vendor's
supplied  software.   It's  ironic that almost every manager fears the
public domain stuff, which has almost never been  the  source  of  any
problems, while admitting the off-the-shelf commercial stuff, which is
where the problems usually originate.

This isn't saying that the vendors are at fault, of course. After all,
if  you  were  to  try to implement a virus, and you wanted it spread,
what would you use as a vector?  A public-domain program off  the  net
that  is  recompiled  (and  hacked) by a few thousand programmers on a
wide variety of systems, and who will see your code?   Or  a  vendor's
utility,  which  is delivered in binary form to all of their customers
and installed by someone who hasn't even looked at it? Silly question,
right?

It's especially ironic that there is widespread fear of email and news
links as sources of viruses, when the records show clearly that almost
all  infections  are via swapped disks and tapes that contain doctored
versions of commercial programs.

The perception and the reality here have very little relationship.

-- 
All opinions Copyright (c) 1991 by John Chambers.  Inquire for licensing at:
Home: 1-617-484-6393 
Work: 1-508-486-5475
Uucp: ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc