[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONTEST: Name That Program!



At 12:10 AM 1/31/96, Bill Stewart wrote:
>At 11:45 AM 1/30/96 -0500, Nathaniel Borenstein <[email protected]> wrote:
>> In fact, I'd settle for getting onto 10% of the machines, although I
>> suspect I could get onto more like 80% without raising a sweat.

If I were you, Nathaniel, I'd drop that petard of yours on the ground, grab
a very absorbent hankie and run like hell. ;)

>You've alleged that Macs and Unixen should be about as easy as Windows
>machines to crack with your CardShark.  I disagree - most Mac users I
>know have been using virus protectors more consistently and reliably
>than DOS/Windows users.  However, if their virus software only stops
>known viruses, rather than anything modifying critical resources,
>you might get away with it for long enough to surf some numbers.
 [elided]

Actually, for those who don't know, one of the most ubiquitous anti-viral
utilities for Macs (Symantec Antivirus for Macintosh, aka "SAM") also
offers a mode that constantly watches for any generic attempt to modify
crucial file/app/system resources -- and offers the opportunity to deny
such attempts. Thus, it doesn't _only_ offer protection against "known"
attacks. It even specifies which application/virus is trying to modify
which file, allows the user to teach it that certain mods are verboten and
halts activity until the user decides how to proceed. This makes it all but
impossible (if a Mac is so-protected) to even introduce a
trojan-keystroke-sniffing-credit-card-transmitter, much less use it to take
over the TCP stack (MacTCP) without the user's knowledge.

As for FV's recent "discovery:"
[a] I'm glad if FV _really_ wants to educate the public, but I hope they
find a better way next time than a "hey, we found this really simple way to
hack the universe, but we're not telling all you 13-year-old juvenile
delinquent hacker-wannabes" broadcast (talk about yer invitations!),
[b] confused why NB didn't anticipate the fuss and prepend a short
disclaimer onto his posting of it to cpunx (how about _thrice_ burnt,
Nathaniel?),
[c] unimpressed by all the vitriol it stirred up and the glee exhibited by
everyone in slamming Nathaniel and Co. (lighten up, even if it was
deserved) and
[d] bummed that no-one remembered my keycapture utility survey of nearly a
year and a half ago...as in "gee, I wish _I'd_ thoughta that." ;)

Frankly, I wonder if, in the long run, FV's stunt hasn't wrought more harm
than good: I got a late-night call from a worried but clueless friend
asking me to clarify this "credit card sniffer thing" he'd heard about from
someone else: he was all worried that there was an invisible virus on his
machine. >sigh< It's seems the brush has been set afire: now which way will
the winds blow?

Cheers,

   dave

____________________________________________________________________________
"With annual interest, compounded every nanosecond, that'll be $0.02000018."