Path: utzoo!attcan!uunet!super!udel!mmdf
From: BEB%UNO.BITNET@cunyvm.cuny.edu
Newsgroups: comp.sys.amiga
Subject: Re: The Ultimate Fix!!!
Message-ID: <4254@louie.udel.EDU>
Date: 27 Sep 88 01:08:06 GMT
Sender: mmdf@udel.EDU
Lines: 56

Don White  writes:

>    If kickstart (both ROM and Disk) were distributed with a WORKBENCH checker
> you would be told automatically when your disk was not standard. If you have

And how do we do the checking? Checksums? Once known (same day they hit the
street if not before) they can be matched by a trojan virus. Comparison with
code in ROM? No room in current ROMs, is there? Code not in ROM? Unsecure.

> attempted to load a copy-protected program then you will simply accept that
> it is non-standard. And documentation should warn you that you are subject to
> having other disks harassed. There is NO WAY TO GET PAST THIS WARNING because
> it is in ROM or a write-protected kickstart. (System Master disks should be
> distributed with NO WRITE PROTECT TABS!!! I.E ALWAYS PROTECTED!!!)

Nobody in his right mind ever boots off the original master more than once.
(I think I did it twice. :}

>    This method would incur some cost. Any time Workbench changed, KickStart
> would have to be redistributed.

So C= would be very unwilling to do it, even if it would help, and I for one
would be unwilling to pay extra for such a limited gain in "security".

>                                 But there would always be dependable warning
> when you first stuck a virused disk in your system. It would be READ before
> it was RUN. This insures that no bad code is executed!!

Any code not in ROM is fair game for a trojan horse. You can't put it all
in ROM without *major* hardware redesign. At most you can get a clean boot,
but from the end of the boot on anything is vulnerable.

>    Come on now! Wouldn't this work?

This only addresses the bootblock type of virus. How do you defend against
a virus that spreads by attaching itself to random load files (for instance)?
Or how about a "dir" that copies itself to a writeable disk that contains a
:c/dir. This is the vector. Pick any sort of crazy badness you could imagine
for the disease.

When you've figured out how to defeat that, I'll suggest another method of
mangling your system. See? It's a no-win game. No point in even trying to
defend against it. Talking about viruses and trojan horses just encourages
the pinheads that write them. The best defense is a suspicious nature.

> Don White
> {ihnp4 | akgua | seismo}!zehntel!donw
> Box 271177 Concord, CA. 94527-1177

                                  Bruce
death before disclaimer
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>Handle:   Bruce Bettis         USnail:   University of New Orleans  <>
<>BITnet:                  Computer Research Center   <>
<>Voices:   (504) 286-7067                 New Orleans, La. 70148     <>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>