-----BEGIN PGP SIGNED MESSAGE----- On Fri, 20 Aug 93 17:11:51 CDT, Karl Lui Barrus <uunet!owlnet.rice.edu!klbarrus> wrote -

In summary, I am posting this because I intend to post KOH code when it becomes available. The feelings expressed about this may very well affect the future of the list. In fact, I may post to virus-l because it has come to my attention the topic has surfaced there as well. And I know that anti-virus professionals are always interested in the facts of any matter.

While I may have been one of the first to "sound the alarm," let's get it straight -- up front -- that I do not condone any type of OS subversive program that conducts it's "activities" without the user's knowledge, or any code that has the potential to propogate without user's knowledge. That said, I think I qualify well enough as an "anti-virus professional," even though I don't -officially- produce any antivirus software for public consumption. In any case, I'm mano-en-mano with most of the notables in the field.

A few people have requested copies of the program from me, and I know of at least one person actively working on a disassembly.

I'd like to examine a copy myself.

I mention this partly in an effort to mentally prepare some people on this list for an event that is certain to happen in the future: the posting of KOH source code. I say this: when a disassembly of the program becomes available, if I receive a copy, I fully intend to post it to this list.

Words escape me at the moment -- perhaps its all those damned Mooseheads...

I would like to point out the charter of this list includes the phrase "Cypherpunks write code."

[Mooseheads-kicking-in mode] "Cypherpunks write code" should be expanded (in fact, it -is- expanded, to a certain extent) to include beneficial vs non-beneificial software. But what delineates the two? This is a -very- touchy subject. "Subversive software," is a term which I use to demonstrate the properties of software which spoofs someone, in one way or another. Viruses do this, especially what we call "stealth" viruses, because of their ability to spoof the operating system. "Subversive software," in the terminolgy of KOH may be something else entirely, but any software that marks sectors bad on my disks without my permission automatically falls into the clssification of "unwanted" or "bad" software. Perhaps I don't understand or haven't familiarized myself enough with this software, but it sounds ominously like some timebomb which harbors the potential to hose the user at any given time. IMHO, this sounds like badware, but I would have to examine it further, under a debugger.

As we all know software development is a time consuming process and thus not many programming projects are discussed, due to complexity, time constraints, slow development, etc. One such project a few list readers expressed interest in was the so called "CryptoStacker" project - a program which would funtion very much like Stacker does (it automatically compresses and uncompresses disk drives) except the CryptoStacker would automatically encrypt and decrypt.

Suddenly, a program which claims to do all this surfaces. KOH claims to install itself, encrypt and decrypt with IDEA and an unspecified quick algorithm, and uninstall from the hard drive on request. The author explicity states he intends no maliciousness, and will even accept bug reports and perform patches. How then can we ignore such a program?

Firstly, by not jumping the gun. Secondly, by examining the software extensively. Thirdly, by making an honest analysis of its merits, its pitfalls and its contentions. All in all, if all it does is actively encrypt and compress, then it is certainly non-threatening to the general public. If it does otherwise, or has some odd caveats, the it needs to be advertised "up front." Now, don't get ne wrong -- I don't condone someone posting a debug script on the net and saying "This may hose your system," knowing full well that it will do exactly that! Comments? -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLHWMTJRLcZSdHMBNAQF4EAQAmCtz1LYKZmh21UJcyZ5K3UuVv5rJ+4c/ L3K8oYjnqFevBQvjYBgiXIMqglxvu6R4XKXRAOXHLvUeUIHZk/3Da8UrfWbDyR14 ds72gn+5l/XldKw60DvJPuFJFvsjcYigNrvnVwMbzgUbpkN8zsi6Rfy85AfeclfG AzfnMlO+cQc= =QK5G -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp@sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson <fergp@sytex.com> Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58