The Usenet Virus: a case history.

Marcus J. Ranum mjr at vax2.nlm.nih.gov.nlm.nih.gov
Sat Oct 22 05:18:07 AEST 1988 

In article <2836 at sugar.uu.net> peter at sugar.uu.net (Peter da Silva) writes:
>
>			The Usenet virus: a case history.
>				(A cautionary tale).

	Actually, calling them 'virus'ses is a beautiful description - and
just like virusses that infect humans 90% of the defense is common sense.
It's just like getting a venereal disease: if you play around with code that
is not from reputable sources, or if you don't exercise caution, you may
have a problem. I mean, compiling some sleazy public domain deamon as "root"
and doing a "make install start" is the same level of thoughtlessness as
doing intravenous drugs with someone you just met in a bar :-)  -and when
something goes wrong, you deserve as much pity.

	I use lots of the code that I see on the net. My defense seems to
be pretty good, since I am so busy that I almost never even unshar a file
until I have forgotten about it for at least a week. That greatly increases
the chance that someone else will have already looked at it. And, of
course, if it isn't source code, you bet I'm not going to run it on my
machine unless it comes from a reputable source (someone I know personally
who WROTE it, or a big company that has too much to lose to play games).
There are also some "names" on the net you learn you can trust. Sure,
someone could hack something into the diffs for "perl", but I expect
that someone would notice.

	Of course you're NOT going to protect yourself from EVERYTHING by
just showing common sense, but it really helps. I've found that thinking
of virusses as "cybernetic VD" makes it pretty easy to know how to react
when someone gives me a floppy disk of PD utilities, sans source. It's not
a "paranoid" attitude - it's not a "don't use anything you didn't BUY"
attitude, it's just that mommy always used to tell me: "Don't put that in
your mouth if you don't know where it's *BEEN*".

	And if you don't have backups, you're so stupid you should give
me a call and buy this 900Gb write only memory I'm selling.

--mjr();

More information about the Comp.unix.wizards mailing list