The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #186 [Re: Disassembled virus?] (1 message, 792 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/186.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: srz@melange.LCS.MIT.EDU (Stan Zanarotti)
To: phage
Date: Wed 02:01:43 09/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 194] [Thread Next: 189] [Message Prev: 190] [Message Next: 187]

I think people are making the mistake of talking about this in terms of
information theory (who has what information), as opposed to the real
issue, which is work.

Whether a typical grad student can turn the algorithms into code is mute.
The fact is, it took RTM many weeks to do this transformation, and
(apparently) some debugging.  Not releasing the virus will prevent casual
use by somebody who knows enough to modify code, but not enough to disassemble
or write it from scratch.  Plus, the few weeks of work will discourage all
but the most determined and skilled attacker.  And we already know that we can't
defend against such a person.

A little knowledge is a dangerous thing.  RTM (or whoever wrote the virus)
knew enough to find the bugs and exploit them, but didn't know enough to
understand the possible consequences.

	-stan

P.S.  Anybody who feels strongly enough for public posting of the virus can
always disassemble it themselves.  It's a lot easier to flame at the people
who already have, but it's not going to help.

END OF DOCUMENT