Implications of recent virus (Trojan Horse) attack

Mon Nov 7 12:02:16 AEST 1988

In article <1698 at cadre.dsl.PITTSBURGH.EDU> sean at cadre.dsl.PITTSBURGH.EDU (Sean McLinden) writes:
>Now that the crime of the century has been solved and all of the
>bows have been taken it is, perhaps, time to reflect a little more
>on the implications of what has happened.
>
	text deleted
>
>Let's look, for a moment, at the effects of this system (whether
>intended or otherwise). First, it satisfied a public desire for news
>and, one might argue, served as a reassurance to the many technophobes
>out there that our systems are as vulnerable as error prone as they,
>all along, have been arguing. If you don't think that this might have
>social consequences you need only look at things like community bans
>on genetic research have resulted from social policy implemented as
>a result of public distrust. When I was interviewed by a local news

Are you suggesting that the "public" does not have an interest and
responsibility to ask for suitable safeguards from what "they"
consider to be either dangerous or incompletely thought out?
Although people like Jeremy Rifkin have been nuisances to the
practical application of bio-engineered tools, they have also
caused investigators to more completely think out their studies,
AND have forced scientists to explain and defend their approaches
and tools to the people who ultimately fund their research.

>Second, there is an economic conseqence. Since we were unable to
>determine the extent of the programs activities we were forced to
>commit programmers time to installing kernel fixes, rebuilding systems,
>checking user data files, and checking for other damage. That was
>the direct cost. The indirect cost comes from the delay in other

Perhaps I am foolish, but I feel some of the responsibility goes to
whoever left the debug option in sendmail, and to those who allow
promiscuous permissions in their systems.

>
>If we tolerate those who view the network as a playground where
>anyhting goes, we are going to be faced with serious consequences. But
>the answer is not to change the character of the network (by increasing
>restrictions and decreasing freedom of access), but to promote a sense
>of character among the members of the community who work and experiment
>in this network. This puts the burden on us to remember that there
>is a need for us to encourage, teach, and provide examples of the
>kind of behaviors that we need to preserve in order to preserve the
>network.
>

You talk of personal responsibility -to oneself, to one's colleagues,
to one's community - and I heartily agree; however, you also talk of the 
burden we all have to somehow teach and instill in others that sense of
rightness which makes the net possible. This does not insure that those
whom we teach will listen, and even if they do, that they will do it
right away. Perhaps there is an analogy to children who, though they
have been told to "do right", test the limits of their freedom, test the
extent of their personal strengths. We hope that through time and 
experience these children will grow to become an integral part of their
communities - but it takes time.
I do not wish to condone the actions of anyone who disrupts the net or
rips out pages from library books or trashes the environment in which we
all live. Although our site has not seen evidence for this particular
virus, it will, no doubt, be the victim of others. In that vein, we need 
to protect our site from the thrashings of either childish behaviour 
or cynical attacks. This means we treat our sites more protectively -
viz. the family heirloom - yet no so much that growth and evolution
of the system is stifled.
I suspect that part of the openess and collegiality which we would like
pays its price in these attacks. We can only muted the number and
intensity of them

Don Chen
Dept of Microbiology
Oregon State University