Newsgroups: news.sysadmin
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Virus in the future?
Message-ID: <1988Nov10.165136.25593@utzoo.uucp>
Organization: U of Toronto Zoology
References: <74@dsoft.UUCP> <6470@galbp.LBP.HARRIS.COM> <16720@agate.BERKELEY.EDU>
Date: Thu, 10 Nov 88 16:51:36 GMT

In article <16720@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes:
>> ... all the more reason to roast this guy over slow
>>coals.  If others see him get away with it (and probably end up with a
>>good job in computer security to boot) they will definitely get the idea
>>that this is the "in" thing to do...
>
>It doesn't matter if people do or do not get the idea that this is an
>"in" thing to do.  All it takes is ONE person to wreck REAL havoc on
>the ARPANET.  Just ONE.  Think about it.  Whether or not *most* people
>get the idea that random cracking is bad, you should run your system
>on the assumption that there is ONE person out there who is going to
>TOTALLY TRASH your system--if you let him....  So why do you
>treat your computers in this manner?  Hoping that the legal system is
>going to protect you here is so totally misguided.  PROTECT YOURSELF!

I don't see anybody suggesting that the legal system is going to be our
sole protection, even if we crucify Morris Jr.  Of course there is always
going to be the occasional bozo.  But we can never have perfect security.
The most we can do is stack the deck in our favor IN AS MANY WAYS AS WE CAN.
The number of successful penetrations is the product of two numbers:  the
number of attempts and the probability of success.  To reduce that product
to the smallest number possible, we have to reduce *both* factors.  So we
reduce the probability of success by tightening up our systems, AND we
reduce the number of attempts by making it clear that success brings
punishment, not reward.  The two approaches are not mutually incompatible!
-- 
Sendmail is a bug,             |     Henry Spencer at U of Toronto Zoology
not a feature.                 | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
