On Mon, 15 May 2017 15:45:26 -0400, bzs@theworld.com said:
So for example why does a client OS produced with that much money available even allow things like wholesale encryption of files without at least popping up one of those warnings to confirm that you really meant to run a program on $THRESHOLD files, opening them for update etc, not just read?
Well Barry, I can tell you why, with examples from the Unix world. for i in *; do encrypt < $i > $i.new; mv $i.new $i; done How do you throw a pop-up warning for that? Pre-run it and see how many > might get executed? And how do you tell that the sequence ends up destroying the file rather than creating a new one? OK. How about this one? cat > ./wombat << EOF ##!/bin/bash encrypt < $1 > $1.new; mv $1.new $1 EOF chmod +x ./wombat for i in *; do ./wombat $i; done Now convert that to C and bury that whole thing inside a binary. How does the operating system detect that and throw a pop-up *before* that executes? It's a lot harder problem than you think. Hint: Fred Cohen's PhD thesis showed that detecting malware is isomorphic to the Turing Halting Problem.