[2671] in WWW Security List Archive
Re: DOS and Macro Virus Discussion
daemon@ATHENA.MIT.EDU (Jacob Rose)
Sat Aug 17 22:23:08 1996
Date: Sat, 17 Aug 1996 20:22:10 -0400 (EDT)
From: Jacob Rose <jacob@whiteshell.com>
To: Ben Camp <benc@geocel.com>
Cc: Scott Sesher <sas@mail.pittstate.edu>, www-security@ns2.rutgers.edu
In-Reply-To: <2.2.32.19960816214301.006a2040@lithium.geocel.com>
Errors-To: owner-www-security@ns2.rutgers.edu
> You seem to have a slightly negative attitude. This will of course, fix the
> problem. Would you expect Microsoft to 'fix' DOS since viruses can be
> transmitted via DOS executables? You can either use the tool and accept the
> possible problems, or lack the functionality and deal with it. Seems pretty
> simple.
Um, guys, I think you've all totally missed the fact that Microsoft *has*
added an antivirus program to MS-DOS; it has included "msav" since DOS
6.22. I'm not saying it's a perfect solution, but obviously even
Microsoft feels it's appropriate to expect a company that produces a
product that can do other than what its users desire to attempt to correct
the problem, and I expect Microsoft will patch ActiveX to fix this
particular bug, and the next one, and the next one, and the next one, and
so on. Of course, Microsoft can afford to do this, so it doesn't really
matter (in dollars, not sense) whether they deliver a good security model
or a cool name like "ActiveX". They can, and will, get away with it.
Jacob Rose The human mind is both our greatest gift
jacob@whiteshell.com and our greatest responsibility.
