[LINK] An interesting thought on virus liability
rick at praxis.com.au
Wed Apr 18 12:50:31 EST 2007
Howard Lowndes wrote:
> My concern is that I don't believe the problem of possible database
> corruption in the transfer process due to an introduced virus has been
> addressed and given the potential for a corrupted database resulting in
> a catastrophic incident, I find the thought disturbing.
> I am thinking that I should recommend to my client that he maintains a
> dedicated PC under engineering control for the purpose of these transfers.
> What are your thoughts.
How long is a piece of string? What is the intent of the person who
wrote the virus?
Your concern is valid since it is possible for a virus to do *anything*.
Ask youself what is the possibility of a virus being written with the
intent of corrupting a database. What purpose would it serve?
There is another possibly, and this happens far more often. Many viruses
are copied and adapted by kiddies who wouldn't know a stack overflow
from an easter egg. Their viruses have unintended consequences and these
are the real worry. They could unintentionally alter the memory management
or buffer pool used by a database causing data corruption. I shudder
to think what would happen to an aviation guidance system if there were
even a few bytes of control or program data accidentally corrupted as
the side effect of a virus.
Rick Welykochy || Praxis Services
Windows accelerator: G*m1*m2/r^2
-- with apologies to John Clear
More information about the Link