DEFMTH8.CVP 920126 The "Commercial Safety" Myth If I had to choose one viral myth which most contributed to the unchecked spread of viral programs that exists today, it would be that of the "safety" of commercial software. Although there is little agreement as to actual numbers, most virus researchers would agree with the statement that the vast majority of viral infections are caused by viri which are both easy to detect and easy to remove. Yet one recent survey of 600,000 PCs indicated that 63% had been hit with an infection. Why? Easy. Only 25% had any kind of protection against viri. (Note - even more disturbing - *at least* 48% *have been hit and STILL HAVE NOT TAKEN PRECAUTIONS!*) I am often faced with the assertion from computer users that, "Oh, I don't need to worry about viruses. *I* only use *commercial* software. If it doesn't have shrink wrap, it doesn't go into *my* computer!" This statement, and feeling of false security, relies on three assumptions: 1) that shareware is a major viral vector, 2) commercial software is never infected, only shareware and pirate software are and 3) there are no viral vectors other than software. Although shareware has been involved in the spread of viral programs, it is difficult to say how much of a role that it plays. In nine years of involvement with the local and extended communications community, I have not yet downloaded a file which I found to contain a viral program infection. (Except for the ones that were sent to me as such.) Note that I am not making any claims to superior knowledge or expertise here: my random sampling of interesting looking files off the nets and boards has yet to pull in one which is infected. Others say otherwise, although it was interesting to note, in a recent conversation where someone to the opposing view, that he finally had to admit he'd never downloaded an infected file either. In fact, for many years, shareware antivirals were the only reasonable form of protection. Every major microcomputer operating system except CP/M has had at least one instance of a major commercial software vendor distributing infected programs or media. They take precautions, of course, but apparently still don't give virus checking a high enough priority. Besides which, there are other possibilities for obtaining viral infections from "commercial" sources. Most commercial software is still distributed on writable media. Software retailers will often accept "returned" software, re-wrap it (shrink wrapping is easy to do) and resell it - often without checking for any incidental infection. Hardware or system retailers are all too often selling infected systems these days, not knowing or caring that they are doing so. copyright Robert M. Slade, 1992 DEFMTH8.CVP 920126 ============== Vancouver ROBERTS@decus.ca | "A modern US Navy cruiser now requires Institute for Robert_Slade@sfu.ca | 26 tons of manuals. This is enough Research into rslade@cue.bc.ca | to affect the vessel's performance." User p1@CyberStore.ca | "New Scientist" article Security Canada V7K 2G6 | on the "paperless office"