1993-08-21 - KOH software topic

Header Data

From: fergp@sytex.com (Paul Ferguson)
To: cypherpunks@toad.com
Message Hash: d8a1478f12cf141605ff11434c8931ed284862109fe4839041a76a6fdda052de
Message ID: <6F3L9B1w165w@sytex.com>
Reply To: N/A
UTC Datetime: 1993-08-21 03:11:23 UTC
Raw Date: Fri, 20 Aug 93 20:11:23 PDT

Raw message

From: fergp@sytex.com (Paul Ferguson)
Date: Fri, 20 Aug 93 20:11:23 PDT
To: cypherpunks@toad.com
Subject: KOH software topic
Message-ID: <6F3L9B1w165w@sytex.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
On Fri, 20 Aug 93 17:11:51 CDT,
 Karl Lui Barrus <uunet!owlnet.rice.edu!klbarrus> wrote -
 
> In summary, I am posting this because I intend to post KOH code
> when it becomes available.  The feelings expressed about this
> may very well affect the future of the list.  In fact, I may
> post to virus-l because it has come to my attention the topic
> has surfaced there as well.  And I know that anti-virus
> professionals are always interested in the facts of any matter.
 
While I may have been one of the first to "sound the alarm," let's get
it straight -- up front -- that I do not condone any type of OS
subversive program that conducts it's "activities" without the user's
knowledge, or any code that has the potential to propogate without
user's knowledge.
 
That said, I think I qualify well enough as an "anti-virus
professional," even though I don't -officially- produce any antivirus
software for public consumption. In any case, I'm mano-en-mano with
most of the notables in the field.
 
> A few people have requested copies of the program from me, and I
> know of at least one person actively working on a disassembly.
 
I'd like to examine a copy myself.
 
> I mention this partly in an effort to mentally prepare some people on
> this list for an event that is certain to happen in the future: the
> posting of KOH source code.  I say this: when a disassembly of the
> program becomes available, if I receive a copy, I fully intend to post
> it to this list.
 
Words escape me at the moment -- perhaps its all those damned
Mooseheads...
 
> I would like to point out the charter of this list includes the phrase
> "Cypherpunks write code."
 
[Mooseheads-kicking-in mode]
 
"Cypherpunks write code" should be expanded (in fact, it -is-
expanded, to a certain extent) to include beneficial vs
non-beneificial software. But what delineates the two?
 
This is a -very- touchy subject.
 
"Subversive software," is a term which I use to demonstrate the
properties of software which spoofs someone, in one way or another.
Viruses do this, especially what we call "stealth" viruses, because of
their ability to spoof the operating system.
 
"Subversive software," in the terminolgy of KOH may be something else
entirely, but any software that marks sectors bad on my disks without
my permission automatically falls into the clssification of "unwanted"
or "bad" software.
 
Perhaps I don't understand or haven't familiarized myself enough with
this software, but it sounds ominously like some timebomb which
harbors the potential to hose the user at any given time.
 
IMHO, this sounds like badware, but I would have to examine it
further, under a debugger.
 
> As we all know software development is a time consuming process and
> thus not many programming projects are discussed, due to complexity,
> time constraints, slow development, etc.  One such project a few list
> readers expressed interest in was the so called "CryptoStacker"
> project - a program which would funtion very much like Stacker does
> (it automatically compresses and uncompresses disk drives)  except
> the CryptoStacker would automatically encrypt and decrypt.
 
> Suddenly, a program which claims to do all this surfaces.  KOH claims
> to install itself, encrypt and decrypt with IDEA and an unspecified
> quick algorithm, and uninstall from the hard drive on request.  The
> author explicity states he intends no maliciousness, and will even
> accept bug reports and perform patches.  How then can we ignore such
> a program?
 
Firstly, by not jumping the gun.
 
Secondly, by examining the software extensively.
 
Thirdly, by making an honest analysis of its merits, its pitfalls and
its contentions.
 
All in all, if all it does is actively encrypt and compress, then it
is certainly non-threatening to the general public. If it does
otherwise, or has some odd caveats, the it needs to be advertised "up
front."
 
Now, don't get ne wrong -- I don't condone someone posting a debug
script on the net and saying "This may hose your system," knowing full
well that it will do exactly that!
 
Comments?
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.2
 
iQCVAgUBLHWMTJRLcZSdHMBNAQF4EAQAmCtz1LYKZmh21UJcyZ5K3UuVv5rJ+4c/
L3K8oYjnqFevBQvjYBgiXIMqglxvu6R4XKXRAOXHLvUeUIHZk/3Da8UrfWbDyR14
ds72gn+5l/XldKw60DvJPuFJFvsjcYigNrvnVwMbzgUbpkN8zsi6Rfy85AfeclfG
AzfnMlO+cQc=
=QK5G
-----END PGP SIGNATURE-----

Paul Ferguson               |  "Government, even in its best state,
Network Integrator          |   is but a necessary evil; in its worst
Centreville, Virginia USA   |   state, an intolerable one."
fergp@sytex.com             |      - Thomas Paine, Common Sense
 
Type bits/keyID   Date       User ID
pub  1024/1CC04D 1993/03/15  Paul Ferguson <fergp@sytex.com>
  Key fingerprint =  EE D2 93 7D 04 6D C6 05  AC 36 AD 9D 8E 4F 41 58





Thread