VIRUS-L Digest Monday, 5 Dec 1988 Volume 1 : Issue 31
Today's Topics:
The Virus
is morris the only ...
Morris some more
Re: Low level format (PC)
Re: Response to Morris comments
---------------------------------------------------------------------------
Date: Mon, 28 Nov 88 11:29:52 EST
From: Dan Bornstein <ST702174@BROWNVM>
Subject: The Virus
...forwarded from WEIRD-L.
- ----------------------------Original message----------------------------
The Virus
No installation had been hit by a computer virus for some time. By
God, they had all taken enough precautions since the last one a few
years ago. Suddenly, however, people started noticing that the
calculations weren't getting done quite so fast and started wondering...
Everyone suddenly seemed to be utterly concerned; everyone who even
seldomly used a computer. There was a growing interest in learning how
to program so you could "disinfect my computer" "just in case." Even
secretaries using computers only for word processing got involved. And
yet, things still seemed to slow down.
Career programmers were taking longer to complete their projects,
essay-writers as well. "Just making sure I'm not infected; that's all."
Eventually, even the ATM machines started slowing down. News
broadcasters had to wait for their slow-moving teleprompters to catch up.
Finally, prime time ground to a halt as people were hypnotized by the
flickering words, ever faster, as more and more people added to it, in
dozens of languages, in an endless feedback loop:
"Make this appear on somebody else's screen."
------------------------------
Date: Fri, 2 Dec 88 20:12:22 CDT
From: Len Levine <
[email protected]>
Subject: is morris the only ...
>John A. Pershing Jr. states:
>I am somewhat surprised at the lack of comments on the culpability of
>(1) the programmer who implemented the gaping trap door in the mailer
>which RTM exploited, and/or (2) the organizations that
>sold/distributed this software.
>Is Morris the only person to blame for the debacle?
I had a chance to speak at length with a system programmer at a
meeting of the Computer Professionals for Social Responsibility
meeting about this. I quoted the comment from the author of the trap
about its use in "avoiding certain managerial barriers" (not a direct
quote, but about right). His response was that the trap was regularly
used by him in regaining control for users who forgot or lost the
password for root and thus had lost access to their own systems.
No arguments on my part were of any use at all, not a suggestion that
more than one root level account be installed with one password known
only by him, his point was that such traps are just plain the only way
to regain control after such a failure.
I judge him as totally wrong. The use of a known non-passworded
access port to a dial-in (or worse) system when other approaches are
feasible (and they are) is folly.
This does not mean that morris had the right to penetrate production
systems via this trap. It does mean that others have responsibility
too.
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Leonard P. Levine e-mail
[email protected] |
| Professor, Computer Science Office (414) 229-5170 |
| University of Wisconsin-Milwaukee Home (414) 962-4719 |
| Milwaukee, WI 53201 U.S.A. Modem (414) 962-6228 |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
------------------------------
Date: Fri, 2 Dec 88 23:52:38 EST
From: Jefferson Ogata (me!) <OGATA@UMDD>
Subject: Morris some more
The analogy of breaking in and dumping trash on the floor of your house
is sorely lacking in a couple of ways.
One is that the house should be a business office where a number of
people work every day, and make a certain amount of money doing it.
The computer systems infected by the worm were not just places where
people go to relax after a long day. The computer systems were an
essential element of the BUSINESS of those people. By trashing
their office the G.S. puts those people out of work for a day. And
while the criminal penalty still may not be high, imagine the cost
of putting tens of thousands of people out of work for a day.
Another weak spot is the whole idea of regarding Morris as a "good
Samaritan", out to inform the user of the foolishness of his leaving
the back door unlocked. Certainly this is NOT what Morris intended
to do.
Somebody else asked about the culpability of the writer of the debug
feature of sendmail. I think it's quite clear that this culpability
is nil. The debug feature was there for a reason; clearly it should
not have been left on after testing, but I'm sure it came in handy
during testing. Suppose you order a locking doorknob assembly from
some company. It comes in an unlocked state. You install the new
lock, but leave the office without actually locking it. A burglar
steals your pencil sharpener. Should we blame the designer of the
doorknob?
- - Jeff Ogata
------------------------------
Date: Sat, 03 Dec 88 10:58:37 EST
From: "Homer W. Smith" <CTM%
[email protected]>
Subject: Re: Low level format (PC)
How do I get a program that will do a lowest level scrubb
and reformat on my pc/xt hard disk?
Homer CTM@CORNELLC
------------------------------
Date: Sat, 03 Dec 88 11:08:31 EST
From: "Homer W. Smith" <CTM%
[email protected]>
Subject: Re: Response to Morris comments
In reply to Peter Scott's comments about my comments on
Mr. Morris.
Amends in no way assumes an eye for an eye. Morris can
not possibly 'pay-back' for all the 'damage'. He can however
make amends. Amends is what ever is necessary fo people to
be glad that he exists and are willing and eager to have him
have the free run of the land again.
For example, if Morris were to discover or prove some
amazing computer theorem that immediately allowed people
to close every security hole in every computer everywhere,
then surely people would forgive Morris the untold man hours
he wasted, because he just came up with a way of saving
them 1000*untold manhours in the future.
Surely intelligent and compassionate people can figure
out what is needed and wanted and sufficient for Morris
to re-justify his existance to us.
You know even if he 'payed back' the lost man hours
and money, that would not necessarily be enough for anyone
to really like him or want him around. Amends means more
than just fixing the toy you broke. That just sets you even,
which does not set you even at all.
Amends is a healing relationship where in both parties are
agree its OK it all happened. For example if
Morris had never crashed the internet, he would never have had
to make amends and maybe that amazing computer theorem would never
have been developed, so the people would still be at risk in their
futures.
Resolution always comes because things are made BETTER because the
bad thing happened. Recovering even-ness, things as they were, is
not sufficient. The bad memories still remain.
Of course I am not implying that good things only come from
bad things, or that we should MAKE bad things occur so that good
things can come from them. I am implying that SOMETIMES good
things occur because bad things have occured first and the resolved
and healed state is better and more secure than before.
As for nailing Morris to the wall, well if a person is a total
ingrate and unredeemable in all aspects, then hanging him out to
dry for all to see may be the most productive thing we can do
with his body. But in general, breaking someone elses toy
because they broke yours leads to a doubly decreased GNP and
is a sin against everbody.
Of course as a deterrent through example, breaking the toys
of those that broke yours acts to prevent the GNP from falling
futher by dissuading others from similar irresponsible acts.
But AMENDS properly done causes a resurgence in the GNP over and
above the original course of operation and CAN cause a resurgence
above and beyond WHAT IS POSSIBLE in the normal course of operation.
It is the wise fool who invests in such activity.
Homer Wilson Smith
------------------------------
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253
