On May 15, 2017, at 21:17, valdis.kletnieks@vt.edu wrote:
So for example why does[n’t] a client OS confirm that you really meant to run a program on $THRESHOLD files…
How does the operating system detect that and throw a pop-up *before* that executes?
It's a lot harder problem than you think. Hint: Fred Cohen's PhD thesis showed that detecting malware is isomorphic to the Turing Halting Problem.
The general problem might well be that hard, I don’t know, it seems plausible. However Barry’s suggestion doesn’t seem impossible. One strategy is as follows. Have a counter in the kernel about writes to files. Have some sort of log-structured filesystem with checkpoints or whatever. When the counter goes too fast, show Barry’s dialog box and if the user says no, roll back the filesystem to the time just before the process (or its parent, or its parent’s parent, …) started. There are details to be ironed out, of course, but there’s no reason in principle that it couldn’t be done like this. The reason that you don’t have to make the operating system solve the halting problem is because you ask the user. William Waites Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh Informatics Forum 5.38, 10 Crichton St. Edinburgh, EH8 9AB, Scotland The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.