Path: utzoo!attcan!uunet!lll-winken!lll-lcc!pyramid!octopus!pete
From: pete@octopus.UUCP (Pete Holzmann)
Newsgroups: news.admin
Subject: re: Malicious posting worries (was re: A counter-example...)
Keywords: Be Practical
Message-ID: <266@octopus.UUCP>
Date: 30 Jun 88 14:45:02 GMT
Reply-To: pete@octopus.UUCP (Pete Holzmann)
Organization: Octopus Enterprises, Cupertino CA
Lines: 94

[This is a second article responding to Rich K's article about
	distribution worries on the net.]

>While there are several ways to distinguish these, the one that I tend
>to focus on first is oft-discussed notion that binaries are easily
>booby-trapped, while sources are not.

Actually, *postings* of *either* can be easily booby-trapped. Maybe I'm
nit-picking, but we need to deal with reality here. Theoretically speaking,
it is true that a booby trap can be better *hidden* in a binary than
elsewhere. Practically speaking:

	1) Booby traps are extremely rare. As far as I know, no posting
		in ANY binary or source group has ever been booby trapped.
		Not even a simple killer rm in a shar! Fear of computer
		infection may make me paranoid, but sendsys floods are a
		much more real problem.

	2) Nobody has the time or willingness to truly analyze every
		program (binary OR source) posted to the net for booby
		traps. The best we can do is practical testing. "I've
		compiled and run this. It seems to work fine." That's
		what you see on the source groups. At least when I first
		get a PC binary, I run it on a system with RAM disk only,
		nothing else connected that can be trashed. If someone
		were to send a source moderator a well-hidden booby trap 
		inside a big, supposedly safe, program, I'll bet the
		moderator would test it, find it 'works', post it to
		the net, and it could be in use in lots of places within
		a few months. Suppose that a new smail version were well
		boobied? News 3.0? A time-delay trap could be hidden in
		the source code, and a LOT of people could get hurt.
		BUT THAT'S JUST THEORETICAL. Practically speaking, I'm
		not too worried.

>I have no particular desire to disenfranchise microcomputer users;
>however, I have no particular desire to assist in the demise of
>their software and data holdings by being a party to the distribution
>of binary programs of a malicious nature.

Please let THEM worry about that. You are not going to be held accountable
if a 'malicious' posting (binary OR source) is posted to the net. If it ever
happens, I'm sure that the all-out search for the offending party, and
ensuing nuclear flamefest, will break all records :-).

>Further, I note that
>distinguishing between malicious and non-malicious binary programs
>is a problem that poses difficulties even for experts in the field,
>while distinguishing between malicious and non-malicious source programs
>can usually be done much more easily.

If somebody does something that is obviously malicious, a moderator will
quickly find the problem. This is independant of source vs. binary.

If somebody wants to hid their maliciousness, they will take care to make
sure that a source-code-virus is well hidden. I doubt that a time-bomb
malicious smail would be found by the moderator. Do any of the moderators
actually read all source code they post, carefully enough to understand
the subtle (potentially malicious) implications of every line of code?
Of course not! Sure, in theory it is much easier to do that than to
disassemble a binary and figure all its complexity out, but practically
speaking, they are both monumental tasks that just aren't going to get done!

>Since I have trouble making this distinction, it seems
>to me to be better to avoid the unpleasant possibilities that
>binary distribution raises.

And my response is: these 'unpleasant possibilities' exist right now
in many forms on the net. They are worries that we must all live with.
The net is NOT a completely safe, secure place. Please let others live
with the insecurities necessary to their technical activities. If you
can't do that, then maybe you'd like to volunteer to provide end-to-end
encryption of everything on the net, so that some Sun-user-with-root-access
can't add a few lines of killer code to the next News source code 
distribution as it passes through their site :-).

Personally, I feel much better about trying a new binary on my RAM-disk-only
PC setup, than I do about trying a newly compiled program on my Unix box.

My conclusion: malicious postings are not a practical reality on the net
	at this point. There is no practical way to completely protect 
	ourselves either. We must all be watchful to avoid the obvious
	problems [via moderation, etc]. Beyond that, we all must live
	with our own feelings of insecurity.

Conclusion #2: the word 'malicious' now makes my brain glaze over...I get
	that funny "that word doesn't look *right* any more... isn't it
	spelled wrong?" feeling. :-)

Pete
-- 
  OOO   __| ___      Peter Holzmann, Octopus Enterprises
 OOOOOOO___/ _______ USPS: 19611 La Mar Court, Cupertino, CA 95014
  OOOOO \___/        UUCP: {hpda,pyramid}!octopus!pete
___| \_____          Phone: 408/996-7746