Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!uwm.edu!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: JHSangster@DOCKMASTER.ARPA
Newsgroups: comp.virus
Subject: Virus Protection
Message-ID: <0009.8910021119.AA27772@ge.sei.cmu.edu>
Date: 29 Sep 89 23:33:00 GMT
Sender: Virus Discussion List 
Lines: 38
Approved: krvw@sei.cmu.edu

It seems to me that this whole problem will be largely solved when and
only when the vendors all start "signing" their software with a
digital signature based on public key cryptography.  At least then any
one who wishes to check a program for authenticity need only check to
see that it passes the digital signature check with the alleged
vendor's public key.  Of course you also have to know that the
checking program hasn't been tampered with, the hardware hasn't been
tampered with, etc., etc., but at least we would have a starting point
for software authentication.

The signature approach and the use of signature checking seem to me
the only way to make definitive progress against viruses.  All other
approaches are dependent on details of the viruses code, which as we
have seen change with time and with each new virus.  Digital
signatures will let us check that at least a trusted source has put
its signature on the code, and that it has not been altered since
then.  Software developers will then have to get serious about
preventing viruses from creeping in at the factory if they are not
already serious.

If members of the appropriate software standards body are listening, I
hope they give consideration to such a standard ASAP.  The standard
should allow for both existing and future developers as well as private
individuals (hobbyists who may develop freeware) to have a unique public
key.  Then software users who neglect to check the signature use the
software at their own risk, but if they experience damage and can prove
it, they will be in a position to apply some heat to the vendor who
provided the signed, but infected, software.

The ideal way to implement checking would be to build it into the
loader.  This may become feasible if a worldwide standard is adopted.
Meanwhile checking could be implemented in a way which did not require
ROM modifications.  The standard could provide for inclusion of the
vendor's public key and the resulting signature in the format of any
loadable file.

- -John Sangster SPHINX Technologies, Incorporated (617) 235-8801 / P.O.
Box 81287, Wellesley Hills, MA 02181