 |
 |
|
 |
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
Darren New wrote:
> This is starting to change, but it's still
> not enforced. It's more of a convenience feature than a security feature.
http://developer.android.com/guide/topics/security/security.html#declaring
You need something like that to make it work for normal people.
--
Darren New, San Diego CA, USA (PST)
Serving Suggestion:
"Don't serve this any more. It's awful."
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
On 12/20/2010 11:41 AM, Warp wrote:
> Darren New<dne### [at] san rr com> wrote:
>> Traditional file system interfaces probably do too. For example, if you
>> wanted something like a virus scanner that was watching your executables, I
>> suspect that "scan the file when it gets passed to exec()" is probably a
>> much more common implementation than "scan each block between the time it is
>> paged in and the time the code branches to it", for example. (Indeed, I
>> don't know how you'd even do that latter on Linux or Windows or whatever.)
>
> On the subject of virus scanners in particular, I'd say that the very
> need to have such scanners is a symptom of fundamentally bad OS design.
> Of course this isn't an original idea of mine, as such an idea has been
> expressed numerous times by people more knowledgeable than me (and probably
> even linked to in this very newsgroup in the past).
>
> The unix philosophy of OS design has always been a step or two closer
> to the safer design (with respect to computer viruses and other malware)
> then the typical DOS/Windows (and other similar OS's in the past) design.
> The reason for this is that unixes have always been designed to be
> multi-user operating systems while DOS/Windows has been designed to be
> a single-user OS with no regard to security. The very need to handle
> multiple user automatically brings forth the need for security: You should
> not be able to access other users' data without permission, and especially
> you shouldn't be able to access the superusers' data without permission.
> This causes security to be built into the system from the ground up.
>
> The DOS/Windows design always took basically the exact opposite approach:
> Whatever the user wants to run or do, the OS allows. It's not the system's
> task to stop the user doing what he wants. Unfortunately it took over 20
> years for Microsoft to rid itself of this mentality (for some reason MS
> has always been very slow to adopt certain ideas). NT had security, but
> it wasn't even intended for normal users. It wasn't until XP that some
> *semblance* of security was introduced (yet, nevertheless, the mentality
> of the regular user being by default the superuser was still there, and
> probably 99% of XP users out there still use their machine with superuser
> privileges). This made the spreading of viruses and malware *trivial*.
>
> Not that the unix design is perfect, but at least viruses, worms and
> other malware have always been, and still are, extremely rare in unix
> systems in comparison (basically the only relatively successful worms
> in the unix world have exploited bugs in the systems to spread themselves,
> rather than relying on the users; fix the bug, and the worm stops; however,
> in the single-user OS's it requires a very significantly more radical
> change in design than just fixing a few bugs).
>
Seems to me, the best design would be an additional layer. An
application runs "sandboxed", until a scanner can verify its not
dangerous, and only then does it get "current user" rights, never mind
admin. That way, it can only clobber itself, or the data it creates
itself, or copies of the data you opened with it. Nothing changes in the
"original", of say, a JPG, until you, or your scanner, are sure that the
program is what it says, and even any changes you make only appear in
*its* copy, until verification happens, and the original is updated with
the changes.
Or, something like that. Not unlike the idea I had with using EyeOS as a
host for fake terminals, where you could hack them, but you would be
hacking into the copy of the system, so the normal user of it could log
in, see the hack and then, on their option, restore the whole thing in a
single action, back to the unchanged state. Any changes/additions they
made would still go to *their* copy, unless the changes where to a
hacked file, in which case you could have the option to keep the changes
you made, or throw them out (i.e., restore from a backup).
--
void main () {
if version = "Vista" {
call slow_by_half();
call DRM_everything();
}
call functional_code();
}
else
call crash_windows();
}
<A HREF='http://www.daz3d.com/index.php?refid=16130551'>Get 3D Models,
3D Content, and 3D Software at DAZ3D!</A>
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
Patrick Elliott wrote:
> Seems to me, the best design would be an additional layer. An
> application runs "sandboxed", until a scanner can verify its not
> dangerous, and only then does it get "current user" rights, never mind
> admin.
Begs the question. How do you know it's dangerous? And what happens if you
run two sandboxed applications that change the same file? How often do you
check? Every time you run it, or just when the code changes? If only when
the code changes, just scan it before you start it the first time, but risk
having malware modify the checksum you're using to check for valid programs.
--
Darren New, San Diego CA, USA (PST)
Serving Suggestion:
"Don't serve this any more. It's awful."
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
> (basically the only relatively successful worms
> in the unix world have exploited bugs in the systems to spread themselves,
> rather than relying on the users; fix the bug, and the worm stops;
Recently it's the same on Windows (Outlook has prevented you running
executables for years now).
There are several other important differences between viruses on Unix
type OSs and Windows. Firstly, the average "computer knowledge" of unix
users is probably way higher than windows users, this in itself prevents
a load of viruses spreading. Secondly, virus writers know this, so
target Windows. Do not underestimate a large amount of people with
malicious intent. I would be very surprised if similar exploitable bugs
and loop-holes don't exist in Unix, it's just people haven't searched
that hard for them.
Also I wonder if having an open-source OS would make it more or less
vulnerable to viruses compared to closed-source (if all other factors
were equal)? On the one hand virus writers can browse the source code
looking for exploits (surely way easier than reverse engineering or
random testing), but on the other hand people can do the same to close
the exploits.
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
>> If it went far enough, people would send out "here's a zip file with the
>> password xyz. Unpack it with that password, rename hello.jpg to hello.exe,
>> and run it to get an important message from your bank" and someone would do it.
>
> Didn't seem to be such a problem in the unix world.
Because there are a tiny number of unix users who would follow
instructions such as "you must run this attachment as admin to regain
access to your bank account" from a random email. Yet there are
probably thousands of windows users who would simply run the attachment
and click "Yes" when asked exactly the same question by the OS. If you
were a virus writer wanting to make money, which platform would you target?
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
scott <sco### [at] scott com> wrote:
> >> If it went far enough, people would send out "here's a zip file with the
> >> password xyz. Unpack it with that password, rename hello.jpg to hello.exe,
> >> and run it to get an important message from your bank" and someone would do it.
> >
> > Didn't seem to be such a problem in the unix world.
> Because there are a tiny number of unix users who would follow
> instructions such as "you must run this attachment as admin to regain
> access to your bank account" from a random email. Yet there are
> probably thousands of windows users who would simply run the attachment
> and click "Yes" when asked exactly the same question by the OS. If you
> were a virus writer wanting to make money, which platform would you target?
Well, that's kind of my point: Microsoft made it easy for viruses and
other malware to spread. The fundamental problem is that Microsoft didn't
"teach" their users to be more conscious about security. Safety thinking
didn't become a second nature to their users because the OS wasn't hammering
it into them by its very behavior.
And by this I don't mean eg. messages popping up warning the users.
With this I am talking about the very design of the OS. The design itself
should have been such that the users who learn to use it automatically
learn an instinct that protects them from most harm.
It's a bit like the difference between a "safe" and an "unsafe" programming
language: If the programming language, by its very design, makes it very
hard to write unsafe code, programmers who learn the language will learn
to use it safely, in a natural way. When the safety is in the design, the
language doesn't need to remind the user of it eg. with warnings.
--
- Warp
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
Darren New <dne### [at] san rr com> wrote:
> Thinking on it, there are a whole bunch of "patches" made in the UNIX world
> to account for bad security.
I never said that unix was perfect from the start (nor even that it is
perfect now). That wasn't my point.
My point was that the *approach* at OS design was different from the
start, and this caused it to naturally grow into a safer environment.
When the internet got immensely popular, unixes were already mostly safe
(give or take some exploitable bugs), while Windows was completely open
to all kinds of attacks. And this was not solely because unix has existed
longer. It's a question of fundamental design.
--
- Warp
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
Darren New <dne### [at] san rr com> wrote:
> > If the very first version of DOS had had a similar account/password
> > system as unixes,
> ... then it wouldn't have run on an 8086, and MS would be broke.
Or maybe we would have much better PCs today because they would not be
based on (and mostly backwards-compatible with) a totally antiquated and
obsolete architecture designed by IBM and Intel.
Think about how the game industry has boosted the development of graphics
cards. Imagine if the same boost would have been done to the PC architecture
by OS vendors.
> > would not complain because they would take it for granted, as something
> > obvious.
> It's hard to say. Most of the other systems of the day didn't have it either.
Multi-user unix systems were certainly being used in many environments
(eg. at universities with thousands of students) back when Windows95 didn't
even exist. Back then things like logins, passwords and access rights were
a given in those system. Yes, I have personal experience.
> Contrast with something like Singularity, where you explicitly list every
> program you're going to run
I never said that unix is the perfect system. I just said that it's
*better* (in terms of safety) because the fundamental design is different
(namely, it's intended to be a multi-user system).
The point is that if operating systems had had the proper design from
the start, things like computer viruses wouldn't exist (except perhaps
ones exploiting bugs, but those would probably not get as widespread
because bugs are easier to fix than fundamental OS design).
--
- Warp
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
scott <sco### [at] scott com> wrote:
> Also I wonder if having an open-source OS would make it more or less
> vulnerable to viruses compared to closed-source (if all other factors
> were equal)?
At least some years ago Linux was the second OS with the most security
vulnerabilities found each year (probably no need to mention which OS the
one with the most). I wouldn't be surprised if that was the case today as
well.
It's not like systems like Linux don't have security bugs to be exploited
(either by hackers or by malware).
--
- Warp
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|  |
|
 |
Warp wrote:
> My point was that the *approach* at OS design was different from the
> start, and this caused it to naturally grow into a safer environment.
Sure, I'll grant that. It wasn't what I was talking about in the original
post, but I'll grant that.
I don't think it applies any longer, tho. Indeed, in many ways I think
Windows might have a more secure architecture than UNIX nowadays, even if in
practice it's not quite up to snuff and in practice it gets attacked more.
--
Darren New, San Diego CA, USA (PST)
Serving Suggestion:
"Don't serve this any more. It's awful."
Post a reply to this message
|
 |
|  |
|  |
|
 |
|
 |
|  |
|
 |