Path: utzoo!attcan!uunet!lll-winken!lll-lcc!pyramid!octopus!pete From: pete@octopus.UUCP (Pete Holzmann) Newsgroups: news.admin Subject: re: Malicious posting worries (was re: A counter-example...) Keywords: Be Practical Message-ID: <266@octopus.UUCP> Date: 30 Jun 88 14:45:02 GMT Reply-To: pete@octopus.UUCP (Pete Holzmann) Organization: Octopus Enterprises, Cupertino CA Lines: 94 [This is a second article responding to Rich K's article about distribution worries on the net.] >While there are several ways to distinguish these, the one that I tend >to focus on first is oft-discussed notion that binaries are easily >booby-trapped, while sources are not. Actually, *postings* of *either* can be easily booby-trapped. Maybe I'm nit-picking, but we need to deal with reality here. Theoretically speaking, it is true that a booby trap can be better *hidden* in a binary than elsewhere. Practically speaking: 1) Booby traps are extremely rare. As far as I know, no posting in ANY binary or source group has ever been booby trapped. Not even a simple killer rm in a shar! Fear of computer infection may make me paranoid, but sendsys floods are a much more real problem. 2) Nobody has the time or willingness to truly analyze every program (binary OR source) posted to the net for booby traps. The best we can do is practical testing. "I've compiled and run this. It seems to work fine." That's what you see on the source groups. At least when I first get a PC binary, I run it on a system with RAM disk only, nothing else connected that can be trashed. If someone were to send a source moderator a well-hidden booby trap inside a big, supposedly safe, program, I'll bet the moderator would test it, find it 'works', post it to the net, and it could be in use in lots of places within a few months. Suppose that a new smail version were well boobied? News 3.0? A time-delay trap could be hidden in the source code, and a LOT of people could get hurt. BUT THAT'S JUST THEORETICAL. Practically speaking, I'm not too worried. >I have no particular desire to disenfranchise microcomputer users; >however, I have no particular desire to assist in the demise of >their software and data holdings by being a party to the distribution >of binary programs of a malicious nature. Please let THEM worry about that. You are not going to be held accountable if a 'malicious' posting (binary OR source) is posted to the net. If it ever happens, I'm sure that the all-out search for the offending party, and ensuing nuclear flamefest, will break all records :-). >Further, I note that >distinguishing between malicious and non-malicious binary programs >is a problem that poses difficulties even for experts in the field, >while distinguishing between malicious and non-malicious source programs >can usually be done much more easily. If somebody does something that is obviously malicious, a moderator will quickly find the problem. This is independant of source vs. binary. If somebody wants to hid their maliciousness, they will take care to make sure that a source-code-virus is well hidden. I doubt that a time-bomb malicious smail would be found by the moderator. Do any of the moderators actually read all source code they post, carefully enough to understand the subtle (potentially malicious) implications of every line of code? Of course not! Sure, in theory it is much easier to do that than to disassemble a binary and figure all its complexity out, but practically speaking, they are both monumental tasks that just aren't going to get done! >Since I have trouble making this distinction, it seems >to me to be better to avoid the unpleasant possibilities that >binary distribution raises. And my response is: these 'unpleasant possibilities' exist right now in many forms on the net. They are worries that we must all live with. The net is NOT a completely safe, secure place. Please let others live with the insecurities necessary to their technical activities. If you can't do that, then maybe you'd like to volunteer to provide end-to-end encryption of everything on the net, so that some Sun-user-with-root-access can't add a few lines of killer code to the next News source code distribution as it passes through their site :-). Personally, I feel much better about trying a new binary on my RAM-disk-only PC setup, than I do about trying a newly compiled program on my Unix box. My conclusion: malicious postings are not a practical reality on the net at this point. There is no practical way to completely protect ourselves either. We must all be watchful to avoid the obvious problems [via moderation, etc]. Beyond that, we all must live with our own feelings of insecurity. Conclusion #2: the word 'malicious' now makes my brain glaze over...I get that funny "that word doesn't look *right* any more... isn't it spelled wrong?" feeling. :-) Pete -- OOO __| ___ Peter Holzmann, Octopus Enterprises OOOOOOO___/ _______ USPS: 19611 La Mar Court, Cupertino, CA 95014 OOOOO \___/ UUCP: {hpda,pyramid}!octopus!pete ___| \_____ Phone: 408/996-7746