[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encrypting virus (KOH)



-----BEGIN PGP SIGNED MESSAGE-----

Since this doesn't have much to do with encryption or cypherpunks per
se, I am hesitant to respond.  Interested people may obtain the
software from me.

Perhaps I should have doctored the text included with the program I
received and termed it an automatic encryption program, which encrypts
your hard drive and floppies with your permission.  We would possibly
be spared some of the fears of viruses.

1) the program asks for permission before performing any action

> I'd be rather perturbed (especially since I use a Mac :-), since the
> question would probably be completely outside of the context of what I
> was trying to do (eg. run a GIF viewer, checkbook balancer, compiler,
> whatever), and would not provide sufficient notification of potential
> ramifications from answering in either the negative or the affirmative.

2) perhaps the program should include the standard disclaimer that ALL
SOFTWARE INCLUDING COMMERCIAL SOFTWARE includes, usually in the
beginning of the documentation, or on a separate card.  You know, the
one that says essentially that the the authors are not omniscient,
cannot predict all circumstances the software shall be used under, and
thus disclaim any damages.  This warning is included in all the
commercial software I own.  Actually, the disclaimers simply say that
you use the software at your own risk, damages are disclaimed.  I have
yet to see software which attempts to explain all potential
ramifications of its use.  I very much doubt I would be using software
at all if I were to wait for such packages to appear.

> Now, if a smart compressor/encryptor wrote itself along with the files
> it was treating, and then wrote a nice README file which explained that
> files on the floppy were compressed/encrypted, would be automatically
> decompressed/decrypted, and that the treatment could, if you wished, be
> performed on your hard drives and/or other floppies by making a backup
> and then executing the following command, that would be perfectly fine.

3) the program does not do this, much like Stacker does not create
README files which explain that your disks are now compressed.  This
is left to the documentation that comes with the program, some
appearing in a booklet, some as a text file (this practice occurs in
every single commercial package I own)

Now, I realize that since the author chose to call his program the
"potassium hydroxide virus" that alarm bells sound.  Maybe he should
have posted the source to this list, describing it as a CryptoStacker
program, which after installation encrypts floppy disks after
prompting.

Why, the whole thing would be so much better if MSDOS could run
background processes - he could have written it to work like a unix
daemon.

As I said before, I posted this since I know some people are working
on a similar program and may be interested in one which purports to do
all this.  Interested people may obtain the program, hex debug, and
read.me file from me.  I don't have the source code but maybe I can
contact the author and ask for it.  I don't have the tools or
expertise in assembly to do the disassembly myself.



-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLG8N8IOA7OpLWtYzAQFk5AP/TDib1SwkADkfk1D/WDwIk4gwpYLOIax/
sZ6WqrwDIl+Wpu9cO6sfIpxlO5iOqLVGhHeGxYfgaIKKr+IrS3x/t9HwWOV3vo7F
8zu5gPObI3J8yJ7C1xAgyKZ3kJ0ZfCX3fMYEK/zUt47W61qbfAp6QqGoo1jlE4D4
4HDp8uF3wzg=
=BDLa
-----END PGP SIGNATURE-----