Implications of recent virus (Trojan Horse) attack

Jon A. Tankersley zjat02 at cra2.uucp
Tue Nov 15 09:43:23 AEST 1988


I've read too much not to comment.....


The question is not actually 'can you trust any university student', but
'can you trust any person'.  The answer is yes and no.  Short of getting
some crack programmers together and brainwashing them.  But even then it
would be difficult, they could turn on you.

Anybody is culpable.  Anyone can be 'broken'.  Maturity has nothing that
makes it more reliable.

There are/were some University students that I can/would trust to write clean
code.  This is because of the 'more than cursory' knowledge of the people
in question.  After working with them for 4 years, I knew what their morals
and ideals were.  I also knew the other type, that you couldn't trust to
give you the correct time.  But, even these people I could trust could/can
be broken and subverted.  And that is not a crime.  That is human nature.
Given the correct type of hard choices, anyone can be subverted.

But this doesn't deal with the issue.  Ethics is something learned from
day 1.  Education on ethics points out some of the problems when dealing
with ethics, but it doesn't teach ethics.  Scruples are learned also.
Beyond the ancient form of measure, there is no education for scruples.
But it also takes discipline.  Discipline to document what is really going
on.  Discipline to get it done the right/correct/best way.  Discipline to
not be seduced by 'creeping featurism' (a seduction/subversion listed above).

There will always be bugs and loopholes.  Security is not a passive function.
But it is often treated that way.  Fix it when something slips.  Active
Even I am 'guilty' of letting security lapse, partially due to ignorance and
partially due to lack of time to devote security auditing.  Even with all
of the C1-B2 auditing going on, it is still an active job.  If nobody ever
looks at the logs..... then there is no security.

The biggest result of the 'Attack of the Hungry Worm' will be a clamping down
on the ease of use of networking.  New 'conveniences' will be developed with
new 'features' that will present  new 'loopholes' in the never ending seesaw
battle between 'good and evil' (convenience and security).

Sigh...  Back to work.  Standard disclaimers, etc, etc, etc. and to be
	redundant etc.

-tank-
#include <disclaimer.h>		/* nobody knows the trouble I .... */



More information about the Comp.unix.wizards mailing list