OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Ethical/Theoretical Question
From: Henry Sieff (hsieffORTHODON.COM)
Date: Thu Jun 01 2000 - 17:01:16 CDT

No; I don't think any self-propogating program which performs administrative actions on someone else pc will only undermine security by encouraging people to execute apps from unknown sources. If there is a "friendly" virus going around conducting scans on people's systems, and people become accustomed to this "friendly" virus, it will only be a matter of time before someone modifies it to do malicious things and releases it.

I feel the same way about web sites: unless you make it "opt-in" designing your web site to scan a visitor for weaknesses is bad bad bad.

Henry Sieff

>-----Original Message-----
>From: Jonathan Cook [mailto:JCookFOOTHILLTRANSIT.ORG]
>Sent: Thursday, June 01, 2000 3:42 PM
>To: FOCUS-MSSECURITYFOCUS.COM
>Subject: Ethical/Theoretical Question
>
>
>I was just discussing VBScript with some people online, and an
>interesting
>question came up.
>
>Namely, should we, the security conscious "geeks" of the
>world, be designing
>"virii" that shore up holes in "normal" user's security?
>(Things like .vbs,
>.js windows scripting associations, password caching,
>auto-opening EXEs from
>IE)
>
>Something that tells you what holes there are in your system
>and offers to
>patch them...
>
>Jonathan
>