Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!uwm.edu!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: XRJDM%SCFVM.BITNET@VMA.CC.CMU.EDU (Joe McMahon)
Newsgroups: comp.virus
Subject: Tiger Teams
Message-ID: <0003.8909281133.AA14331@ge.sei.cmu.edu>
Date: 27 Sep 89 13:05:57 GMT
Sender: Virus Discussion List 
Lines: 17
Approved: krvw@sei.cmu.edu

Dave Gursky asked about the tiger team approach. It depends on several
things:

- - Is the computer in question a computer which belongs to the installation,
  or one which belongs to the person?
- - Is the virus completely self-limiting (i.e., if the date becomes anything
  other that the date of infection, the virus removes itself?
- - Is the company willing to risk destroying this user's files and possibly
  wasting large amounts of time and money to replace them?

Apple's statement on Mac viruses is that you should never trust a
once-infected file, even if it is "cleaned up". I tend to side with
that approach.  I know that if I had been following procedures, and
some expletive-deleted from Security futzed around with my machine
behind my back, I'd be angry.  Especially if it trashed my files.

 --- Joe M.