Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!ginosko!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: dmg@lid.mitre.org (David Gursky) Newsgroups: comp.virus Subject: Re: Centel Corp. and ViruScan Message-ID: <0001.8909251241.AA29279@ge.sei.cmu.edu> Date: 22 Sep 89 12:21:07 GMT Sender: Virus Discussion ListLines: 58 Approved: krvw@sei.cmu.edu In (ewiles@iad-nxe.global-mis.dhl.com) writes... The creator of VirusX for the Amiga certainly feels this way, [that "I want you to get your information from me and no one else"], and for a very good reason: It's the only way to make certain that the program hasn't been tampered with to make it a virus spreader instead of a stopper. It just so happens that I agree with him. What better way for some sleazo to get a virus or trojan horse spread than to make it look like it's a common, otherwise trusted, shareware virus killer program? - ----- I have no qualms with any of this per se. If the author of a package wants to limit the sources from which his or her work is available, fine! But by doing so you forfeit the right to label your work as shareware! Shareware, by definition, is software that is shared with other users for the purpose of preliminary evaluation. If the user finds the application useful, the user is honor- and legally-bound to pay the requested fee for the software. Shareware works because the distribution system is the users themselves. The author has only a minimal say in the distribution. Certainly if the author wants to more strictly limit the dissemination of his or her work, he or she is welcome to do so. The proper manner is a commercial distributor; anything that tries to mix commercial and shareware, "isn't kosher". As far as Ed's other argument goes (about using trusted shareware virus killer programs as a carrier for a virus), I can't be the only one who has failed to notice that despite that this is a common fear, it has not happened recently or often (the last case I know of was a "version" of Ross Greenberg's original FluShot, that was a Trojan Horse that destroyed FATs or some-such; even then, this wasn't a virus but a trojan). Let me take this one step further. Anti-virus applications (IMO) make a poor carrier for a virus. In order for a virus to succeed, it must go undetected. This means that prior to the activation of the virus' logic-bomb or time-bomb, it cannot interfere with the normal operation of the computer or the applications in use on the computer. To do so greatly improves the chances the virus will be discovered (to wit, the Jerusalem virus). If we work under the assumption that when a user acquires an anti-virus application, they actually use it (in fact we must work under this rule; otherwise the virus would not spread), the virus necessarily undergoes an increased chance of detection because an application is running that looks for viruses! Standard disclaimers apply. David Gursky Member of the Technical Staff, W-143 Special Projects Department The MITRE Corporation