ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #161 [Re: some points to make with the media] (1 message, 983 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: Steven Bellovin <hector!smb>
Date: Sun 22:51:18 06/11/1988 EST
Subject: Re: some points to make with the media
References: [Thread Prev: 132] [Thread Next: 164] [Message Prev: 083] [Message Next: 082]
Not to split hairs, but... This can be called a virus at a different level. That is, a worm is a network virus. An ordinary virus lives on a computer, and uses programs to infect other programs; this one lives on a network and uses computers to infect other computers. And while it's hard to write a program virus on UNIX because of the MMU and the file system (though not impossible; I know of one that Tom Duff did), our network lacks similar protection. Thus, the network elements -- computers -- try to distrust their environment, in way that programs on a PC perhaps should. Your second point is too strong; while only Sun-3s and VAXen were susceptible to this particular incarnation, there is clearly no reason to think that any UNIX system on the net couldn't have been targeted. All it would have taken was a few more .o files, or even source if the author had wanted to expose the code. On point 4, it's worth stressing that the military has such regulations precisely because they do not trust the current state of the art of computer security. That is, they employ procedural safeguards to make up for technical shortcomings. If there was such a thing as an A3-level system (verified secure at the object level, maybe, with cryptographic checksums at execution time?), there'd be no reason to keep such a machine off the Internet; more or less by definition it would be about as safe as any other way the government stores stuff.
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|