From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 1 Feb 1996 15:47:43 +0800
To: cypherpunks@toad.com
Subject: re: More FUD
Message-ID: <960131174331.202083b0@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>The degree to which the attack you describe is a threat to online
>commerce depends critically on the degree to which viruses and Trojan
>horse programs can propagate through their potential base of platforms. 

Have to interject a comment: even real professionals (which virus writers
are not) have trouble getting software to work on on machine, let alone
all of the different platforms out there. Windows is worse (ever try to
write a .VXD - not easy). Take Michelangelo (please) is a member of a
class of viruses the is very difficult to detect: you have to read one
word at 0:414 from DOS to know something is wrong.

True, in early '92 when [Mich] came out things were more difficult - not
everyone had 640k in their machine so the user acurally had to have a clue
how much memory was supposed to be there. Today is there anyone with 512k ?

Detection has *always* been easy, it is removal that is difficult and
*automated* removal that is even more so - know what it takes to determine
that there is a macro that might be a virus in a WORD document ? One bit.
(Of course things are made a bit more difficult by the fact that MicroSoft
considers that bit's location or even its *existance* to be "proprietary"
and requires an NDA before they will discuss it - I refuse to sign it).

In recent months I have had all sorts of software blow up in Windows. 
On this machine alone (a 486DX-100 w 8 Mb of RAM & Win 3.1, 1 Mb SVGA
and nothing special), Reachout 5.0, FTP Onnet 2.0, QEMM 8.0 (Windows Manager),
and several name brand programs  have required massage to get to play 
together - and these are the programs from people I consider expert at what
they do, in fact each is IMNSHO the best in their class.

And you tell me that someone is going to spread a virus on the net that will
capture keystrokes on any machine it hits without anyone noticing ? It is 
to laugh (and if they can, they are wasting their time with credit card 
numbers).

(Did I mention that the documentation those signing the M$ NDA have been 
receiving has been *wrong* ?)

Not going to say you could not make one machine act that way - that is easy, 
not even going to say you won't make a number of machines act that way, but
spread with a virus enough will self-destruct on enough machines that 
intelligent people will get suspicious and some will react creatively.

Fact is that the greatest protection the net has is that no two machines are
alike, may even start that way but after six months, no way.

						Warmly,
							Padgett