From: “J. J. Larrea” <jjl@panix.com>
To: cypherpunks@toad.com
Message Hash: d8a8a9adc73fce5140df4978c03259a412b2d0450e44b706e97c987df59286d7
Message ID: <199308160315.AA07140@panix.com>
Reply To: <199308152240.AA11446@Menudo.UH.EDU>
UTC Datetime: 1993-08-16 03:17:01 UTC
Raw Date: Sun, 15 Aug 93 20:17:01 PDT
From: "J. J. Larrea" <jjl@panix.com>
Date: Sun, 15 Aug 93 20:17:01 PDT
To: cypherpunks@toad.com
Subject: Re: encrypting virus (KOH)
In-Reply-To: <199308152240.AA11446@Menudo.UH.EDU>
Message-ID: <199308160315.AA07140@panix.com>
MIME-Version: 1.0
Content-Type: text/plain
Karl Barrus writes:
> I don't see any difference between Stacker 3.0 and its stacked disk
> option that compresses files on a floppy and inserts a small
> decompression routine there as well, and the encrypting "program" I
> posted information on. Well, besides the fact the Stacker compresses
> and potassium hydroxide encrypts.
I did not save the original potassium hydroxide posting, so I am not sure
whether it truly constitutes a "virus", but I can't let any defense of
"benign" infection mechanisms go unchallenged.
If someone gives me a floppy, and, by running a program contained on it
or booting off of it, some algorithm contained therein is permanently
incorporated into my system *without my explicit desire and command*,
to me that constitutes a viral ATTACK on my system, by compromising the
sanctity of my data, whether or not the author's intent was benign.
Even if a question like "Compress [Encrypt] drive C: ?" were presented,
I'd be rather perturbed (especially since I use a Mac :-), since the
question would probably be completely outside of the context of what I
was trying to do (eg. run a GIF viewer, checkbook balancer, compiler,
whatever), and would not provide sufficient notification of potential
ramifications from answering in either the negative or the affirmative.
Should that happen to *me*, I'd immediately go for the reboot switch and
never use that floppy again; but most non-hacker computer users I know
would be pretty lost, and feel rather violated if they chose the wrong
option and something bad happened.
Now, if a smart compressor/encryptor wrote itself along with the files
it was treating, and then wrote a nice README file which explained that
files on the floppy were compressed/encrypted, would be automatically
decompressed/decrypted, and that the treatment could, if you wished, be
performed on your hard drives and/or other floppies by making a backup
and then executing the following command, that would be perfectly fine.
Low-pressure sales techniques are far more humane than high-pressure:
one gets time to scratch one's head, think about alternative strategies,
reconsider one's intent. And a decision to reformat possibly years of
data from a universally-accessible native format to a proprietary format
certainly should not be made in an ad hoc manner.
If a compressor/encryptor has a mode whereby it can automatically compress/
encrypt native-mode floppies when they are first mounted, that's quite a
useful feature. But in this case I would have first had to have made a
pro-active decision to install the software on my system, and thus been
apprised of the ramifications. I would certainly still want and expect
at least a minimal query like the above before anything is changed, otherwise
it would be too easy to forget the mechanism is in place, get a floppy from
a friend, and without knowing it return to them an altered and possibly
unuseable disk. Not good.
I thought Cypherpunks were all for self-determination? If there's anything
in the computer world which strips us of that it's a virus or trojan horse,
no?
- JJ
Return to August 1993
Return to “Karl Barrus <elee9sf@Menudo.UH.EDU>”