At 2:46 PM 11/24/95, Thomas E Zerucha wrote: ....
I don't know if I mentioned, but I keep PGP and my keys on pcmcia memory cards that aren't in the system at the same time as a network or modem card. Moreover I can also simply use the DOS version (I use linux to communicate) - It would require quite an effort to create a virus that would work and pass data across the required OS problems and not break with the twice a week kernel-level changes :). .... Yes it would be hard. When you choose your own protection as above an opponent would have to mount a significant effort just to get your stuff. .... It takes quite an effort to create a complex virus to do this. It reminds me of the Glomar Challenger that was used to recover the remains of a russian sub (my memory is somewhat faulty). Such a virus would require a great investment in time and money. What target would be worth it? Many otherwise feasible things aren't economically pracitcal.
Yes, but if your particular habits became widespread, an intelligence agency could amortize the virus effort across many victims. Here is just one such complicated virus: Sit in the OS watching for PGP to be launched. Patch PGP on the way in. The patch writes to disk the location and password for the secure key ring. Concurrently the virus watches for there to be IP service and sends the disk information as a UDP. Alternatively the virus waits for idle time, (screen saver time) and dials an 800 number having turned off the modem speaker. But don't send the same data twice! There is a significant hazard for the virus producer here if someone finds the code and learns the 800 number. I am sure that the Telco would help locate the physical phone to which the 800 number led. UDP provides more ways to pigeon drop the secret so as to protect the reader of that data. Perhaps you can send the UDP to the NY-Times (or to your favorite enemy) over a line that you are tapping. The NYT will discard it and no one is the wiser. The virus is then anonymous.