-----BEGIN PGP SIGNED MESSAGE----- Fellow cypherpunks, While I am woefully behind in cypherpunks mail, at this time I wish to pick the discussion on the potassium hydroxide program. I beleive this is relevant to the list, so I'm posting to the list. So as to not try everybody's patience, my own personal opinions and experiences are contained in a section so delimited toward the end. Also, some concerns brought up previously are also contained in their own section, before my opinions. So you can stop reading at any time :-). In summary, I am posting this because I intend to post KOH code when it becomes available. The feelings expressed about this may very well affect the future of the list. In fact, I may post to virus-l because it has come to my attention the topic has surfaced there as well. And I know that anti-virus professionals are always interested in the facts of any matter. A few people have requested copies of the program from me, and I know of at least one person actively working on a disassembly. I mention this partly in an effort to mentally prepare some people on this list for an event that is certain to happen in the future: the posting of KOH source code. I say this: when a disassembly of the program becomes available, if I receive a copy, I fully intend to post it to this list. I would like to point out the charter of this list includes the phrase "Cypherpunks write code." As we all know software development is a time consuming process and thus not many programming projects are discussed, due to complexity, time constraints, slow development, etc. One such project a few list readers expressed interest in was the so called "CryptoStacker" project - a program which would funtion very much like Stacker does (it automatically compresses and uncompresses disk drives) except the CryptoStacker would automatically encrypt and decrypt. Suddenly, a program which claims to do all this surfaces. KOH claims to install itself, encrypt and decrypt with IDEA and an unspecified quick algorithm, and uninstall from the hard drive on request. The author explicity states he intends no maliciousness, and will even accept bug reports and perform patches. How then can we ignore such a program? Now the author called his program a "virus", a word that is treated with near hysteria by some. I don't give a damn if the author calls his program a virus, a program, an automatic encryption program, Pretty Automatic Privacy, a universal Turing machine, or a duck-billed platypus. The fact is this program fill the need of many users, or may advance the state of art in automatic encryption programs. It most certainly will be helpful to see IDEA implemented in assembly - perhaps this could be used to many advantages, in PGP, other packages, etc. A bit of the disassembly has been performed - and apparently the program installs itself in memory, hooks various interrupts, and installs itself on floppies, marking off sectors as bad. I don't know how Stacker 3.0 stacks floppies to make them portably uncompressable (that is, you can stack a floppy, and still use it on a system that doesn't run Stacker), but it is clear it must reserve part of the disk as being used, at least to contain the decompression routines. It is also clear that Stacker installs itself into memory, and hooks various interrupts to compress/decompress on the fly, like KOH does. If this is too close to viral activity, then I ask the anti-virus professionals exactly how did you expect a program of this nature to work? How can a program like stacker funtion if it doesn't hook interrupts, install into memory, and place certain routines on floppies? Answers to these questions may direct efforts and work in another direction more pleasing to some. Now, I'm not going to waste my time looking for an official anti-virus community sanctioned example of a program which does the above. KOH is here, and we may learn and benefit from it. PREVIOUS CONCERNS Some people wrote in objections to the list about the KOH "virus". So as to diffuse a potentially emotional situation, I am not crediting the original authors, and am paraphasing their statements. One person expressed concern that all viruses carry potential for damage, and that a legitimate program would be better. 1) Yes, viruses carry potential for damage. But the author of this one states he intends no malicious behavior. * perhaps somebody could enlighten us as to how a program like stacker or KOH is supposed to work in "legitimate program" form. Both programs must obviously hook DOS systems calls, install into memory, and place "undoing" routines on floppies. * not to insult anyone, but to imply that only viruses carry potential for damage is a pretty outrageous selective use of facts. PKZIP and PGP both had bugs which caused lost data, and even DOS itself has a buggy CHKDSK command. {at this time I would like to apologize profusely to Phil Karn, Hal Finney, Derek Atkins, Edgar Swanks, Phil Zimmerman, and anybody else involved in PKZIP, PGP, or creating software in general. The people devote hours of their time and expertise towards programs which help thousands of users; I am not poking fun of anybody or blaming them or anything like that. I just wish to point out that modern software is complex, configurations are uncountable, and that despite the best efforts, mistakes are made. Fortunately, most are caught quickly and corrected. I don't think anybody can expect perfection.} Another person expressed concern that the software comes with no explanation of ramification. 2) Well, I have some interesting news: no software does. In fact, after checking the manuals for every piece of commercial software I could find, I discovered that all software comes with two disclaimers: 1) The manufacturer does not guarentee the software even works 2) The manufacturer disclaims all damages So perhaps those who wish such promises from a public domain encryption program are expecting a lot given that there isn't even any commercial software which does this. {interesting crypto relationship to reputation markets. The software industry is a billion dollar industry that sells products not even guarenteed to work, all damages disclaimed. How then is the industry so successful? Answer: reputations.} PERSONAL OPINIONS Well, I'll keep it brief since if you've read this far, you are probably getting tired :-) * I do not condone or encourage speading malicious code, especially to novice users. Perhaps the worst thing that viruses do is create a sense of fear among people already intimidated by computers. * However, I don't see anything wrong with knowledgeable users who accept the risk sharing code. Naturally, I expect they will take responsibility for their actions and not seek to destroy anybody elses property. Keep it local, use your skill to everybody's advantage. * I think viruses are severly over-hyped. It is my deepest nightmare to one day open the paper and see the headline "Planet Earth Knocked Out of Orbit by Computer Virus!" Eventually with fancier security (operating system wise), cryptography (message digests, authentication), and research on virus scanners the problem will go to zero. Yes, I know it is impossible to have a program perfectly detect viruses. But in my own reading it seems that it is possible to have one program have no false positives (but some false negatives), and another have no false negatives (but some false positives). The combination of these two scanners would then be optimal. If this is incorrect reasoning, please let me know, with an explanation if possible. * I've lost 10 minutes of work because of the nVIR virus on the copy of CricketGraph I once used. I lost one whole week of work (2400 minutes) helping figure out why Windows, Novell, and Dr Dos wouldn't work together. Files were lost, machines crashed, device drivers kept stomping one another. The problems were fixed in bug patches from the manufacturers. So maybe my experiences were atypical, but I just can't get excited about fearing a viral attack. I am more likely to fear the commercial software I use. * Some elements of the anti-viral community seem to act in a self-serving, high priesthood mode, gathering occasionally to congratulate and agree with one another. In fact, some seem to act like the NSA: answerable to no one but themselves, seeking to censor or otherwise restrict information they deem sensitive, preferring you trust them in various matters, etc. Now, I point no fingers, make no accusations, and in no way begrudge any of these people. It's an honest living, and many people do benefit from their efforts. However, I am reminded of a favorite quote of mine: "The louder they spoke of their honor, the faster we counted the spoons." That is, the louder someone condemns viruses, the more hysteria they generate, the more vehement the accusations, the more I wonder how much $$$ this person stands to make. * That's it. Again, I say studying the KOH will benefit us. Comments are welcome at klbarrus@owlnet.rice.edu. However, I am a full time student once again; classes being Monday so I will probably take a while to respond. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLHVHJIOA7OpLWtYzAQFw2wP+KzVc4V4Qjk8Cy3pttEyamxvU1uqhc/ae eAqetb5eGkoX8g5lnww8CpJg4ij0Cb/2WVBU4G8YgyuGIkTk4uR/flruogXQtpuP Qp1CaJ6x6BA9Q9U8M86lAgEhFCH72S+JjQ4lmwNJzmN+o/4loqd860WzbByg8diL MyntPVazLnc= =2V0I -----END PGP SIGNATURE-----
participants (1)
-
Karl Lui Barrus