[194626] in North American Network Operators' Group
Re: Please run windows update now
daemon@ATHENA.MIT.EDU (William Waites)
Mon May 15 16:43:49 2017
X-Original-To: nanog@nanog.org
From: William Waites <wwaites@tardis.ed.ac.uk>
In-Reply-To: <17509.1494879473@turing-police.cc.vt.edu>
Date: Mon, 15 May 2017 21:43:43 +0100
To: valdis.kletnieks@vt.edu
Cc: North American Network Operators' Group <nanog@nanog.org>, bzs@theworld.com
Errors-To: nanog-bounces@nanog.org
> On May 15, 2017, at 21:17, valdis.kletnieks@vt.edu wrote:
>=20
>> So for example why does[n=E2=80=99t] a client OS confirm that you =
really
>> meant to run a program on $THRESHOLD files=E2=80=A6
> How does the operating system detect that and throw a pop-up
> *before* that executes?
>=20
> It's a lot harder problem than you think. Hint: Fred Cohen's PhD
> thesis showed that detecting malware is isomorphic to the Turing
> Halting Problem.
The general problem might well be that hard, I don=E2=80=99t know, it =
seems
plausible. However Barry=E2=80=99s suggestion doesn=E2=80=99t seem =
impossible.
One strategy is as follows. Have a counter in the kernel about writes to
files. Have some sort of log-structured filesystem with checkpoints or
whatever. When the counter goes too fast, show Barry=E2=80=99s dialog =
box and
if the user says no, roll back the filesystem to the time just before =
the
process (or its parent, or its parent=E2=80=99s parent, =E2=80=A6) =
started. There are=20
details to be ironed out, of course, but there=E2=80=99s no reason in =
principle
that it couldn=E2=80=99t be done like this.
The reason that you don=E2=80=99t have to make the operating system =
solve
the halting problem is because you ask the user.
William Waites
Laboratory for Foundations of Computer Science
School of Informatics, University of Edinburgh
Informatics Forum 5.38, 10 Crichton St.
Edinburgh, EH8 9AB, Scotland
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
