On May 15, 2017 at 16:17 valdis.kletnieks@vt.edu (valdis.kletnieks@vt.edu) wrote:
On Mon, 15 May 2017 15:45:26 -0400, bzs@theworld.com said:
So for example why does a client OS produced with that much money available even allow things like wholesale encryption of files without at least popping up one of those warnings to confirm that you really meant to run a program on $THRESHOLD files, opening them for update etc, not just read?
Well Barry, I can tell you why, with examples from the Unix world.
for i in *; do encrypt < $i > $i.new; mv $i.new $i; done
Oh great a design review! Hello Valdis, I am Barry Shein. I've done decades of internals and kernel work. Ever use any Windows since about Vista? It throws up those warning pop-ups when you're about to do something it decides needs confirmation? That was almost certainly my invention. I described the idea on an anti-spam list and two Microsoft engineers contacted me to discuss whether this is feasible etc. Never got a thank you tho.
How do you throw a pop-up warning for that? Pre-run it and see how many > might get executed? And how do you tell that the sequence ends up destroying the file rather than creating a new one?
You count the number of destructive opens in the kernel and if it exceeds a threshold (for example) you stop it and pop up a warning. For example. As I said this is the sort of thing which is suitable for an end-user OS and no doubt annoying in a server OS.
OK. How about this one?
cat > ./wombat << EOF ##!/bin/bash encrypt < $1 > $1.new; mv $1.new $1 EOF chmod +x ./wombat for i in *; do ./wombat $i; done
Now convert that to C and bury that whole thing inside a binary. How does the operating system detect that and throw a pop-up *before* that executes?
It's a lot harder problem than you think. Hint: Fred Cohen's PhD thesis showed that detecting malware is isomorphic to the Turing Halting Problem.
x[DELETED ATTACHMENT <no suggested filename>, application/pgp-signature]
You don't seem to understand how OS's work which surprises me in your case. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*