Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!uwm.edu!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: XRJDM%SCFVM.BITNET@VMA.CC.CMU.EDU (Joe McMahon) Newsgroups: comp.virus Subject: Tiger Teams Message-ID: <0003.8909281133.AA14331@ge.sei.cmu.edu> Date: 27 Sep 89 13:05:57 GMT Sender: Virus Discussion ListLines: 17 Approved: krvw@sei.cmu.edu Dave Gursky asked about the tiger team approach. It depends on several things: - - Is the computer in question a computer which belongs to the installation, or one which belongs to the person? - - Is the virus completely self-limiting (i.e., if the date becomes anything other that the date of infection, the virus removes itself? - - Is the company willing to risk destroying this user's files and possibly wasting large amounts of time and money to replace them? Apple's statement on Mac viruses is that you should never trust a once-infected file, even if it is "cleaned up". I tend to side with that approach. I know that if I had been following procedures, and some expletive-deleted from Security futzed around with my machine behind my back, I'd be angry. Especially if it trashed my files. --- Joe M.