VIRUS-L Digest Monday, 5 Dec 1988 Volume 1 : Issue 31 Today's Topics: The Virus is morris the only ... Morris some more Re: Low level format (PC) Re: Response to Morris comments --------------------------------------------------------------------------- Date: Mon, 28 Nov 88 11:29:52 EST From: Dan Bornstein Subject: The Virus ...forwarded from WEIRD-L. - ----------------------------Original message---------------------------- The Virus No installation had been hit by a computer virus for some time. By God, they had all taken enough precautions since the last one a few years ago. Suddenly, however, people started noticing that the calculations weren't getting done quite so fast and started wondering... Everyone suddenly seemed to be utterly concerned; everyone who even seldomly used a computer. There was a growing interest in learning how to program so you could "disinfect my computer" "just in case." Even secretaries using computers only for word processing got involved. And yet, things still seemed to slow down. Career programmers were taking longer to complete their projects, essay-writers as well. "Just making sure I'm not infected; that's all." Eventually, even the ATM machines started slowing down. News broadcasters had to wait for their slow-moving teleprompters to catch up. Finally, prime time ground to a halt as people were hypnotized by the flickering words, ever faster, as more and more people added to it, in dozens of languages, in an endless feedback loop: "Make this appear on somebody else's screen." ------------------------------ Date: Fri, 2 Dec 88 20:12:22 CDT From: Len Levine Subject: is morris the only ... >John A. Pershing Jr. states: >I am somewhat surprised at the lack of comments on the culpability of >(1) the programmer who implemented the gaping trap door in the mailer >which RTM exploited, and/or (2) the organizations that >sold/distributed this software. >Is Morris the only person to blame for the debacle? I had a chance to speak at length with a system programmer at a meeting of the Computer Professionals for Social Responsibility meeting about this. I quoted the comment from the author of the trap about its use in "avoiding certain managerial barriers" (not a direct quote, but about right). His response was that the trap was regularly used by him in regaining control for users who forgot or lost the password for root and thus had lost access to their own systems. No arguments on my part were of any use at all, not a suggestion that more than one root level account be installed with one password known only by him, his point was that such traps are just plain the only way to regain control after such a failure. I judge him as totally wrong. The use of a known non-passworded access port to a dial-in (or worse) system when other approaches are feasible (and they are) is folly. This does not mean that morris had the right to penetrate production systems via this trap. It does mean that others have responsibility too. + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail len@evax.milw.wisc.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U.S.A. Modem (414) 962-6228 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ------------------------------ Date: Fri, 2 Dec 88 23:52:38 EST From: Jefferson Ogata (me!) Subject: Morris some more The analogy of breaking in and dumping trash on the floor of your house is sorely lacking in a couple of ways. One is that the house should be a business office where a number of people work every day, and make a certain amount of money doing it. The computer systems infected by the worm were not just places where people go to relax after a long day. The computer systems were an essential element of the BUSINESS of those people. By trashing their office the G.S. puts those people out of work for a day. And while the criminal penalty still may not be high, imagine the cost of putting tens of thousands of people out of work for a day. Another weak spot is the whole idea of regarding Morris as a "good Samaritan", out to inform the user of the foolishness of his leaving the back door unlocked. Certainly this is NOT what Morris intended to do. Somebody else asked about the culpability of the writer of the debug feature of sendmail. I think it's quite clear that this culpability is nil. The debug feature was there for a reason; clearly it should not have been left on after testing, but I'm sure it came in handy during testing. Suppose you order a locking doorknob assembly from some company. It comes in an unlocked state. You install the new lock, but leave the office without actually locking it. A burglar steals your pencil sharpener. Should we blame the designer of the doorknob? - - Jeff Ogata ------------------------------ Date: Sat, 03 Dec 88 10:58:37 EST From: "Homer W. Smith" Subject: Re: Low level format (PC) How do I get a program that will do a lowest level scrubb and reformat on my pc/xt hard disk? Homer CTM@CORNELLC ------------------------------ Date: Sat, 03 Dec 88 11:08:31 EST From: "Homer W. Smith" Subject: Re: Response to Morris comments In reply to Peter Scott's comments about my comments on Mr. Morris. Amends in no way assumes an eye for an eye. Morris can not possibly 'pay-back' for all the 'damage'. He can however make amends. Amends is what ever is necessary fo people to be glad that he exists and are willing and eager to have him have the free run of the land again. For example, if Morris were to discover or prove some amazing computer theorem that immediately allowed people to close every security hole in every computer everywhere, then surely people would forgive Morris the untold man hours he wasted, because he just came up with a way of saving them 1000*untold manhours in the future. Surely intelligent and compassionate people can figure out what is needed and wanted and sufficient for Morris to re-justify his existance to us. You know even if he 'payed back' the lost man hours and money, that would not necessarily be enough for anyone to really like him or want him around. Amends means more than just fixing the toy you broke. That just sets you even, which does not set you even at all. Amends is a healing relationship where in both parties are agree its OK it all happened. For example if Morris had never crashed the internet, he would never have had to make amends and maybe that amazing computer theorem would never have been developed, so the people would still be at risk in their futures. Resolution always comes because things are made BETTER because the bad thing happened. Recovering even-ness, things as they were, is not sufficient. The bad memories still remain. Of course I am not implying that good things only come from bad things, or that we should MAKE bad things occur so that good things can come from them. I am implying that SOMETIMES good things occur because bad things have occured first and the resolved and healed state is better and more secure than before. As for nailing Morris to the wall, well if a person is a total ingrate and unredeemable in all aspects, then hanging him out to dry for all to see may be the most productive thing we can do with his body. But in general, breaking someone elses toy because they broke yours leads to a doubly decreased GNP and is a sin against everbody. Of course as a deterrent through example, breaking the toys of those that broke yours acts to prevent the GNP from falling futher by dissuading others from similar irresponsible acts. But AMENDS properly done causes a resurgence in the GNP over and above the original course of operation and CAN cause a resurgence above and beyond WHAT IS POSSIBLE in the normal course of operation. It is the wise fool who invests in such activity. Homer Wilson Smith ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253