|
 |
Darren New <dne### [at] san rrcom> wrote:
> Traditional file system interfaces probably do too. For example, if you
> wanted something like a virus scanner that was watching your executables, I
> suspect that "scan the file when it gets passed to exec()" is probably a
> much more common implementation than "scan each block between the time it is
> paged in and the time the code branches to it", for example. (Indeed, I
> don't know how you'd even do that latter on Linux or Windows or whatever.)
On the subject of virus scanners in particular, I'd say that the very
need to have such scanners is a symptom of fundamentally bad OS design.
Of course this isn't an original idea of mine, as such an idea has been
expressed numerous times by people more knowledgeable than me (and probably
even linked to in this very newsgroup in the past).
The unix philosophy of OS design has always been a step or two closer
to the safer design (with respect to computer viruses and other malware)
then the typical DOS/Windows (and other similar OS's in the past) design.
The reason for this is that unixes have always been designed to be
multi-user operating systems while DOS/Windows has been designed to be
a single-user OS with no regard to security. The very need to handle
multiple user automatically brings forth the need for security: You should
not be able to access other users' data without permission, and especially
you shouldn't be able to access the superusers' data without permission.
This causes security to be built into the system from the ground up.
The DOS/Windows design always took basically the exact opposite approach:
Whatever the user wants to run or do, the OS allows. It's not the system's
task to stop the user doing what he wants. Unfortunately it took over 20
years for Microsoft to rid itself of this mentality (for some reason MS
has always been very slow to adopt certain ideas). NT had security, but
it wasn't even intended for normal users. It wasn't until XP that some
*semblance* of security was introduced (yet, nevertheless, the mentality
of the regular user being by default the superuser was still there, and
probably 99% of XP users out there still use their machine with superuser
privileges). This made the spreading of viruses and malware *trivial*.
Not that the unix design is perfect, but at least viruses, worms and
other malware have always been, and still are, extremely rare in unix
systems in comparison (basically the only relatively successful worms
in the unix world have exploited bugs in the systems to spread themselves,
rather than relying on the users; fix the bug, and the worm stops; however,
in the single-user OS's it requires a very significantly more radical
change in design than just fixing a few bugs).
--
- Warp
Post a reply to this message
|
|
