Domain: tc.ca
Stories and comments across the archive that link to tc.ca.
Comments · 14
-
Re:The Sword and the ShieldI don't have mod points with which to thank you for that. (Holy shit, the real Mitrohkin Archive is available online!)
So in lieu of mod points, anyone who enjoys the story will also enjoy Stephen Coonts' (of "Flight of the Intruder" fame) fictionalized version of the story in his novel Liars and Thieves.
-
Re:Bleat, bleat, bleat....
If that is what you want, check out Robert Slade's book reviews: http://victoria.tc.ca/int-grps/books/techrev/mnbk
. htm
He hates all books! Well, almost all of them. -
Peter Tippett started FoundationWare...
Hello,
This was a while ago, so I don't have exact dates but Peter Tippett founded a company named FoundationWare around 1987-1989 nwhich made an integrity checking program called Vaccine. Vaccine was eventually renamed to Certus and the company followed suit in the early 1990s, renaming itself after its flagship product.
Certus was initially an integrity checker and behavior blocker. The integrity checker calculated a CRC or hash value on files and system areas, stored them in a database and compared the two to look for differences which could be the result of viruses. The behavior blocker looked for "virus-like" behavior (attempts to write to boot sectors of floppy diskettes, master boot records of hard disk drives, executable files and so forth) and prevented/required prompting to allow the changes to occur. Later on, a "standard" signature-based scanner was added to the suite, but I don't think this was updated as frequently as those from companies who developed them as a primary means of protection.
In late 1992, Symantec completed its acquisition of Certus. At that point, Symantec had already acquired Peter Norton Computing, Inc. (PNCI) and had moved forward with Norton Anti Virus (NAV), scrapping their own DOS-based anti-virus product, which was code-named Andromeda. The primary reason they grabbed Certus was to incorporate the integrity features into the product--I don't know if this happened--and to consolidate marketshare, which did.
I was working at McAfee Associates at the time of the acquisition and while the move was viewed with interest, there was not any particular alarm on our part. Stealth viruses (viruses which hooked the interrupts managing disk and file I/O and redirected attempts to look for themselves or stripped copies of the viral code off the file before passing it to the requesting program) were becoming more and more common which limited the effectiveness of integrity management programs since a stealth virus would pass "clean" copies of the infected disk structures or files back and behavior blockers were viewed as ineffective because of the high false-positive rate. Perhaps someone who was at Symantec at the time of the acquisition could give a better view of what was going on at the time.
Regards,
Aryeh Goretsky -
Re:No default anything...
-
Re:Not much of a fix...
Microsoft WAS in the antivirus business a long time ago.
Microsoft included "MSAV.EXE"--Microsoft Anti-Virus--with MS-DOS 6.0 back in the early 90's.
It was, essentially, a cut-down derivative of Central Point Antivirus, which was actually developed by a company in Israel, not Central Point. Central Point was purchased by Symantec in 1994, and Microsoft quietly removed MSAV from their OS's when Symantec refused to supply updates and Yisrael Radai wrote his now famous paper outlining how it was deeply flawed.
-
this vs. Robert Slade in comp.risks
For more book reviews, especially on computer security, watch for Robert Slade's regular contributions to comp.risks. It doesn't look as though Robert has reviewed this one yet so I'll look forward to reading and comparing. His praise for a former edition seems uncharacteristically positive -- compare reviews of Secrets of a Super Hacker or Computer Security Basics -- so I'll be surprised if he doesn't praise this one, too...
cheers...ank -
this vs. Robert Slade in comp.risks
For more book reviews, especially on computer security, watch for Robert Slade's regular contributions to comp.risks. It doesn't look as though Robert has reviewed this one yet so I'll look forward to reading and comparing. His praise for a former edition seems uncharacteristically positive -- compare reviews of Secrets of a Super Hacker or Computer Security Basics -- so I'll be surprised if he doesn't praise this one, too...
cheers...ank -
this vs. Robert Slade in comp.risks
For more book reviews, especially on computer security, watch for Robert Slade's regular contributions to comp.risks. It doesn't look as though Robert has reviewed this one yet so I'll look forward to reading and comparing. His praise for a former edition seems uncharacteristically positive -- compare reviews of Secrets of a Super Hacker or Computer Security Basics -- so I'll be surprised if he doesn't praise this one, too...
cheers...ank -
Give the robot an AI Mind
A Robot AI Mind is available free of charge for alteration and installation in any robot.
Do-It-Yourself Artificial Intelligence leads you through the steps of DIY AI for robots.
The main Alife program loop is the first stage of coding robot artificial intelligence in any XYZ programming language.
The Tutorial AI Mind in JavaScript for Microsoft Internet Explorer is one sample pathway in the evolution of Minds for robots.
-
A more informative reviewHere's a review by Rob Slade that's quite a bit more detailed than MasterSLATE's review.
Before seeing Slade's review, I read most of The Art of Deception at the bookstore and decided not to buy it. I agree with most of what Slade says. The book is mostly aimed at PHB types and doesn't say all that much useful to techies. However, as a security implementer, I don't think trying to install paranoia in PHB's is such a bad thing. They are often completely unrealistic about vulnerabilities, so it's good to open their eyes a little.
-
Open Artificial Intelligence Network
Great. A big hurrah for the Open Content Network and the Creative Commons.
Artificial Minds will be able to spread all over the 'Net. They are already at:
http://mind.sourceforge.net/index.html
http://mentifex.virtualentity.com/jsaimind.html
http://users.resentment.org/ai/jsaimind.html
http://www.scn.org/~mentifex/jsaimind.html
http://victoria.tc.ca/~uj797/jsaimind.html -
Fortresses are banned
in several countries. For example in New Zealand they break down gang houses if they put up too much reinforcement...
In England for centuries you needed a licence to crenellate from the King.
-
Rendered Services.When we were looking at what existing OSS license would allow us to release a project we were working on (a web-based portal system) while preventing someone from taking the codebase and modifying it and using it themselves to render services, without returning the changes.
In a brief discussion with RMS in Vancouver confirmed it: the GPL provides no such protection. In RMS' mind it doesn't matter, because it's not a matter of code losing its freedom. The fact someone else is gaining without contributing back doesn't bother RMS at all, but was not acceptable to the underwriters of our project.
A review of all the common OSS licenses do not provide protection in regards to this. For this reason, we ended up modifying the NPL slightly into the CommPort Public License (CPPL), which has explicit language about rendered services. If anyone's interested, have a look at http://www.tc.ca/commport/license.html.
This has been reviewed by several lawyers, although not yet by the OSI. Feedback from the OSI would be appreciated, BTW.
-
Rendered Services.When we were looking at what existing OSS license would allow us to release a project we were working on (a web-based portal system) while preventing someone from taking the codebase and modifying it and using it themselves to render services, without returning the changes.
In a brief discussion with RMS in Vancouver confirmed it: the GPL provides no such protection. In RMS' mind it doesn't matter, because it's not a matter of code losing its freedom. The fact someone else is gaining without contributing back doesn't bother RMS at all, but was not acceptable to the underwriters of our project.
A review of all the common OSS licenses do not provide protection in regards to this. For this reason, we ended up modifying the NPL slightly into the CommPort Public License (CPPL), which has explicit language about rendered services. If anyone's interested, have a look at http://www.tc.ca/commport/license.html.
This has been reviewed by several lawyers, although not yet by the OSI. Feedback from the OSI would be appreciated, BTW.