[3103] in WWW Security List Archive
Re: New and destructive word macro virus
daemon@ATHENA.MIT.EDU (David M. Chess)
Fri Sep 27 12:04:03 1996
Date: Fri, 27 Sep 96 10:16:41 EDT
From: "David M. Chess" <CHESS@watson.ibm.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> From: hallam@ai.mit.edu
> Viruses in general are an entirely unnecessary form of security hole
> which is the result of inadequate system design.
Disagree: in any general-purpose system in which one person can
create programs that another person can execute, there is the
potential for viruses. I have yet to see a system design that
both prevented viruses and allowed programming. You can't get
a virus in your microwave oven, but you can't program it either.
> The only Web security issue that arises is mechanisms to filter out
> such formats at firewalls. I would recommend such steps for all
> executable content, with the possible exception of postscript.
That would certainly make the security problems (not just viruses)
simpler! But the marketplace seems to have a strong hunger for
executable content. I think we need to work on ways of making
it secure, rather than wishing it would go away? I will leave
to others the debate on whether or not it's actually desirable,
or just a marketing-created hunger! *8)
- -- -
David M. Chess | That is the way all
High Integrity Computing Lab | bi-coloured python rock-snakes
IBM Watson Research | always talk
