[43691] in Cypherpunks
Re: Virus attacks on PGP
daemon@ATHENA.MIT.EDU (Thomas E Zerucha)
Mon Nov 20 18:04:37 1995
Date: Mon, 20 Nov 1995 14:52:58 -0800 (PST)
From: Thomas E Zerucha <zerucha@shell.portal.com>
To: Bill Frantz <frantz@netcom.com>
Cc: cypherpunks@toad.com
In-Reply-To: <199511201945.LAA27486@netcom10.netcom.com>
Thanks for the post. I think there are a few interesting points, and
some of the things I do to try to make things more difficult for a
potential virus.
First, my secring is on a PCMCIA memory card, as is the versions of PGP,
in this case DOS and Linux. A virus is unlikely to attack both, and when
the memory card is in, the network and modem cards are out.
Second, I think PGP is statically linked by default. If it isn't this
shoudl be changed - there was recently a CERT alert about telnet services
being compromised by switching DLLs. The code can also be cross compiled
and burned onto a CDROM which would make it difficult to infect.
zerucha@shell.portal.com -or- 2015509 on MCI Mail
finger zerucha@jobe.portal.com for PGP key
