Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!uwm.edu!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: JHSangster@DOCKMASTER.ARPA Newsgroups: comp.virus Subject: Virus Protection Message-ID: <0009.8910021119.AA27772@ge.sei.cmu.edu> Date: 29 Sep 89 23:33:00 GMT Sender: Virus Discussion ListLines: 38 Approved: krvw@sei.cmu.edu It seems to me that this whole problem will be largely solved when and only when the vendors all start "signing" their software with a digital signature based on public key cryptography. At least then any one who wishes to check a program for authenticity need only check to see that it passes the digital signature check with the alleged vendor's public key. Of course you also have to know that the checking program hasn't been tampered with, the hardware hasn't been tampered with, etc., etc., but at least we would have a starting point for software authentication. The signature approach and the use of signature checking seem to me the only way to make definitive progress against viruses. All other approaches are dependent on details of the viruses code, which as we have seen change with time and with each new virus. Digital signatures will let us check that at least a trusted source has put its signature on the code, and that it has not been altered since then. Software developers will then have to get serious about preventing viruses from creeping in at the factory if they are not already serious. If members of the appropriate software standards body are listening, I hope they give consideration to such a standard ASAP. The standard should allow for both existing and future developers as well as private individuals (hobbyists who may develop freeware) to have a unique public key. Then software users who neglect to check the signature use the software at their own risk, but if they experience damage and can prove it, they will be in a position to apply some heat to the vendor who provided the signed, but infected, software. The ideal way to implement checking would be to build it into the loader. This may become feasible if a worldwide standard is adopted. Meanwhile checking could be implemented in a way which did not require ROM modifications. The standard could provide for inclusion of the vendor's public key and the resulting signature in the format of any loadable file. - -John Sangster SPHINX Technologies, Incorporated (617) 235-8801 / P.O. Box 81287, Wellesley Hills, MA 02181