[194628] in North American Network Operators' Group
Re: Please run windows update now
daemon@ATHENA.MIT.EDU (bzs@theworld.com)
Mon May 15 17:04:14 2017
X-Original-To: nanog@nanog.org
Date: Mon, 15 May 2017 17:03:15 -0400
From: bzs@theworld.com
To: valdis.kletnieks@vt.edu
In-Reply-To: <17509.1494879473@turing-police.cc.vt.edu>
Cc: North American Network Operators' Group <nanog@nanog.org>,
Rich Kulawiec <rsk@gsp.org>, bzs@theworld.com
Errors-To: nanog-bounces@nanog.org
On May 15, 2017 at 16:17 valdis.kletnieks@vt.edu (valdis.kletnieks@vt.edu) wrote:
> On Mon, 15 May 2017 15:45:26 -0400, bzs@theworld.com said:
>
> > So for example why does a client OS produced with that much money
> > available even allow things like wholesale encryption of files without
> > at least popping up one of those warnings to confirm that you really
> > meant to run a program on $THRESHOLD files, opening them for update
> > etc, not just read?
>
> Well Barry, I can tell you why, with examples from the Unix world.
>
> for i in *; do encrypt < $i > $i.new; mv $i.new $i; done
Oh great a design review!
Hello Valdis, I am Barry Shein. I've done decades of internals and
kernel work.
Ever use any Windows since about Vista? It throws up those warning
pop-ups when you're about to do something it decides needs
confirmation?
That was almost certainly my invention.
I described the idea on an anti-spam list and two Microsoft engineers
contacted me to discuss whether this is feasible etc.
Never got a thank you tho.
>
> How do you throw a pop-up warning for that? Pre-run it and see how many >
> might get executed? And how do you tell that the sequence ends up destroying
> the file rather than creating a new one?
You count the number of destructive opens in the kernel and if it
exceeds a threshold (for example) you stop it and pop up a warning.
For example.
As I said this is the sort of thing which is suitable for an end-user
OS and no doubt annoying in a server OS.
>
> OK. How about this one?
>
> cat > ./wombat << EOF
> ##!/bin/bash
> encrypt < $1 > $1.new; mv $1.new $1
> EOF
> chmod +x ./wombat
> for i in *; do ./wombat $i; done
>
> Now convert that to C and bury that whole thing inside a binary. How does the
> operating system detect that and throw a pop-up *before* that executes?
>
> It's a lot harder problem than you think. Hint: Fred Cohen's PhD thesis
> showed that detecting malware is isomorphic to the Turing Halting Problem.
>
>
> x[DELETED ATTACHMENT <no suggested filename>, application/pgp-signature]
You don't seem to understand how OS's work which surprises me in your
case.
--
-Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
The World: Since 1989 | A Public Information Utility | *oo*
