[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: More FUD



Author:  owner-cypherpunks at unix,sh/dd.RFC-822=owner-cypherpunks\@toad\.com
Date:    1/31/96  4:43 PM

Your comments intrigued me, but unfortunately I have to disagree with you on 
several points.
    
>>The degree to which the attack you describe is a threat to online 
>>commerce depends critically on the degree to which viruses and Trojan 
>>horse programs can propagate through their potential base of platforms. 
     
>Have to interject a comment: even real professionals (which virus writers 
>are not) have trouble getting software to work on on machine, let alone 
>all of the different platforms out there. Windows is worse (ever try to 
>write a .VXD - not easy). Take Michelangelo (please) is a member of a 
>class of viruses the is very difficult to detect: you have to read one 
>word at 0:414 from DOS to know something is wrong.

"real professionals?"  You mean the kind that take meetings to avoid work and 
leave the office by 5:00?  As far as "virus writers" there are relatively few 
that I would lump into that category, but the ones who do get there are worthy 
of at least a little respect.  Most are of the 
VCL-cut-and-paste-upload-it-and-see-who-complains variety.

I have never written a virtual device driver for windows, but I have written 
kernel device drivers for Windows NT, and some nifty driver and TSR code for 
MS-DOS.  I have (and still do) collect viruses.  Its been fun, and it also makes
me a teeny-tiny bit more employable.  
     
>True, in early '92 when [Mich] came out things were more difficult - not 
>everyone had 640k in their machine so the user acurally had to have a clue 
>how much memory was supposed to be there. Today is there anyone with 512k ?

If my memory serves me correctly, by '92 386's were rolling off the assembly 
lines.  Getting extended memory cards was still easy but they were getting more 
and more scarce as expanded memory became the rage.  A lot people did have 640k.

>Detection has *always* been easy, it is removal that is difficult and 
>*automated* removal that is even more so - know what it takes to determine 
>that there is a macro that might be a virus in a WORD document ? One bit. 
>(Of course things are made a bit more difficult by the fact that MicroSoft 
>considers that bit's location or even its *existance* to be "proprietary" 
>and requires an NDA before they will discuss it - I refuse to sign it).

Maybe you should use WordPerfect instead.  

>In recent months I have had all sorts of software blow up in Windows. 
>On this machine alone (a 486DX-100 w 8 Mb of RAM & Win 3.1, 1 Mb SVGA
>and nothing special), Reachout 5.0, FTP Onnet 2.0, QEMM 8.0 (Windows Manager), 
>and several name brand programs  have required massage to get to play 
>together - and these are the programs from people I consider expert at what 
>they do, in fact each is IMNSHO the best in their class.

Solution: Get rid of Windows.  Upgrade to '95, NT, or go to Linux, even OS/2. 

>And you tell me that someone is going to spread a virus on the net that will 
>capture keystrokes on any machine it hits without anyone noticing ? It is 
>to laugh (and if they can, they are wasting their time with credit card 
>numbers).

        This sounds like a challange.  Is it worth a T-Shirt?

[...snip...]

>Not going to say you could not make one machine act that way - that is easy, 
>not even going to say you won't make a number of machines act that way, but 
>spread with a virus enough will self-destruct on enough machines that 
>intelligent people will get suspicious and some will react creatively.
     
Not if it is written properly.  A lot of viruses become known only when they 
drop their payload.  Others are just poorly written, no different from a bad 
software product.

>Fact is that the greatest protection the net has is that no two machines are 
>alike, may even start that way but after six months, no way.

Ahhhhh.. but your wrong.  Granted, the underlying strata may be radically 
different, but I can run an MS-DOS program on an 300 Mhz DEC Alpha (under NT) 
without any problems (except I couldn't get DOOM to run).  There is already a 
read-only Filesystem driver for Linux that will read NT.  Like TCP/IP, the 
operating systems are going towards interoperability.

The big computer companies recognize that they have to compete to survive.  No 
longer can IBM design a machine and lock in their customers to IBM parts, IBM 
service, and an IBM operating system.
     
>                                                Warmly,
>                                                        Padgett