[194625] in North American Network Operators' Group
Re: Please run windows update now
daemon@ATHENA.MIT.EDU (valdis.kletnieks@vt.edu)
Mon May 15 16:18:05 2017
X-Original-To: nanog@nanog.org
From: valdis.kletnieks@vt.edu
X-Google-Original-From: Valdis.Kletnieks@vt.edu
To: bzs@theworld.com
In-Reply-To: <22810.1366.444562.174279@gargle.gargle.HOWL>
Date: Mon, 15 May 2017 16:17:53 -0400
Cc: North American Network Operators' Group <nanog@nanog.org>,
Rich Kulawiec <rsk@gsp.org>
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1494879473_2666P
Content-Type: text/plain; charset=us-ascii
On Mon, 15 May 2017 15:45:26 -0400, bzs@theworld.com said:
> So for example why does a client OS produced with that much money
> available even allow things like wholesale encryption of files without
> at least popping up one of those warnings to confirm that you really
> meant to run a program on $THRESHOLD files, opening them for update
> etc, not just read?
Well Barry, I can tell you why, with examples from the Unix world.
for i in *; do encrypt < $i > $i.new; mv $i.new $i; done
How do you throw a pop-up warning for that? Pre-run it and see how many >
might get executed? And how do you tell that the sequence ends up destroying
the file rather than creating a new one?
OK. How about this one?
cat > ./wombat << EOF
##!/bin/bash
encrypt < $1 > $1.new; mv $1.new $1
EOF
chmod +x ./wombat
for i in *; do ./wombat $i; done
Now convert that to C and bury that whole thing inside a binary. How does the
operating system detect that and throw a pop-up *before* that executes?
It's a lot harder problem than you think. Hint: Fred Cohen's PhD thesis
showed that detecting malware is isomorphic to the Turing Halting Problem.
--==_Exmh_1494879473_2666P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Comment: Exmh version 2.8.0 04/21/2017
iQEVAwUBWRoM8Y0DS38y7CIcAQKRigf/b7gMOncAFhs4g52uYpRjlFibRegvPfio
HX0m2BVW0iflQR+/uj0q7n/BL92dWMsgsvDUmLnYGZVl4PHA8jF+CbJrzh7zcxfF
IfvQrDUkPKCNeXv5msP63lL+fjmBrcHzviq1pdFfiqryS9W4Pklw0+pQsE4exzrJ
vVE7MVGAAnqKRhsXWicF1IGlQXI30Gy+dhh/Weh3HKqChPMR4OWp+LKyOoy6u97/
sc1gO3Ti6UiYCaNglzIiH8jPRV5riheCwvaHSFEk7EZXGIrYFKyPQ5kVXakE6452
7REDCOhAYd1AkJg13XlG2UYKqZwj+9ta6tmhONEUvl78c4M6+viebw==
=cpNM
-----END PGP SIGNATURE-----
--==_Exmh_1494879473_2666P--
