Questions about UNIX viruses
John Chambers
jc at minya.UUCP
Sat Apr 20 23:46:25 AEST 1991
> >I am facing this at my job (which is not at Princeton University). The
> >company I work for has a policy of (almost) no internet connections.
> >Worse, it has a policy that we are not to have any non-company-owned
> >software on our computers. This means no software from Usenet. I
> >think the goal may be reasonable, but I think the means are not for two
> >reasons: 1. the policy probably won't work, and 2. it restricts free
> >exchange of ideas. The latter, in my belief, affects productivity, so
> >bottom-line-watchers ought to care about it too.
>
> I would agree that this is a foolish policy. I can understand their
> security fears, but I believe that the free exchange of ideas is
> extremely important in a scientific/engineering community.
Yeah; this is why historically most scientific advances have come from
government and university researchers, not from corporations. The few
exceptions are mostly places like Bell Labs, and it's hard to make a
convincing argument that AT&T is really a private corporation; it is
more of a government department thinly disguised by a veneer of paper
to make it look legally private. The Internet arose from the ARPAnet,
which was developed mostly at universities (and a few places like
BB&N) with government funding. Sun's NFS was developed at Stanford. X
windows was developed at MIT (with DEC and IBM funding, true, but with
repeated firm statements by MIT people that *nothing* developed there
was proprietary). Real advances require open communication among
developers; corporations usually don't even allow this internally.
> Most successful attacks on UNIX boxes that I know of have come in
> straight through the front door. Nothing so fancy as net software
> that had secret password cracking stuff in assembler coded into the
> error messages that got executed if the machine was a Sun.
>
> Just look at the fameous Internet Worm. Everything it did relied on
> bugs in the vendor supplied software, or in shortcomings in the way
> people chose their passwords.
If you read any summary of worms/viruses/etc., one thing that really
stands out is that almost all of them take advantage of the vendor's
supplied software. It's ironic that almost every manager fears the
public domain stuff, which has almost never been the source of any
problems, while admitting the off-the-shelf commercial stuff, which is
where the problems usually originate.
This isn't saying that the vendors are at fault, of course. After all,
if you were to try to implement a virus, and you wanted it spread,
what would you use as a vector? A public-domain program off the net
that is recompiled (and hacked) by a few thousand programmers on a
wide variety of systems, and who will see your code? Or a vendor's
utility, which is delivered in binary form to all of their customers
and installed by someone who hasn't even looked at it? Silly question,
right?
It's especially ironic that there is widespread fear of email and news
links as sources of viruses, when the records show clearly that almost
all infections are via swapped disks and tapes that contain doctored
versions of commercial programs.
The perception and the reality here have very little relationship.
--
All opinions Copyright (c) 1991 by John Chambers. Inquire for licensing at:
Home: 1-617-484-6393
Work: 1-508-486-5475
Uucp: ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc
More information about the Comp.unix.admin
mailing list