Re: Support the Sasser-author fund started

[Ondrej Krajicek <krajicek () ics muni cz>]

> I run anti-virus software on my servers... to sluff away the moronic
> Windows viruses that clog up my email account.  Anti-virus monitors are
> a built-in performance drag on the OS.  Microsoft says, "hey, when we
> benchmark against samba, we're almost as fast, and this special case,
> we're faster".  Add on an the required anti-virus program monitoring
> packets in and out and watch your performance drop as that eliminates
> the whole concept behind DMA as now you have to route all data through
> the host cpu anyways.  Pretty soon, we'll need AV signature engines
> encoded in the data bus of Windows machines in silicon.  I wouldn't be
> surprised if Intel or AMD had a skunkworks project on this very problem. 
> M$ is going to hit a performance wall pretty hard otherwise.

IMHO the data are routed through host CPU anyway, DMA is not as clever
to locate the proper file in the proper filesystem on the proper
volume and pass them to the proper network card. You're right that the 
CPU does not have to process every single bit of each (?) file.
But this could be solved by used more advanced bus architecture
(PCIX or even something faster) and adding more CPU. Dedicated anti-virus
chip is a thing which I hope is not going to happen.

Virus prevention solutions are useless when you have careless or
undereducated users. I've seen a secretary who were told not to open
attachments in e-mails in Outlook. When she got another tremendous
birthday card from god-knows-who she obeyed, saved the attachment
to the desktop and then opened it. 

> What other vendors have done is to disable services by default, separate
> code privileges by user, run code in various levels of restricted
> privileges from limited access to the filesystem (chroot jails) to
> limited access to generic capabilities (POSIX 1e), and even just making
> simple distinctions like what code is data and what code is
> executable...  They've supposedly got a microkernel design in the
> flagship NT OSs.  This should be wonderful from a security standpoint,
> but in reality, has it helped them?  Why did so many processes require
> system level access?  Why are _parsers_ (ASN.1) running with system
> level access at all?  OpenSSH learned its lesson on that, and every
> other major unix-style daemon has learned how to drop privileges and run
> non-privilege-requiring code in users and processes with restricted and
> dropped privileges.  Why is M$ so late to the market with even this?

Well, it's worth another discussion whether the NT kernel is really a
microkernel. It's not a classical monolith, but still far from Mach.
In design, it's rather comparable to the Linux modular kernel
(yes, I know that NT were first out there).

The whole thing with security is that Windows OS is so complex, that
whole bunch of decisions is made for simplicity's sake, _alas_. 
No wonder that today, after more than ten years of Windows development,
they still lack fundamental management and monitoring capabilities
(for instance). Because of the clever idea, that some space 
must be left to third parties to earn some extra bucks. Do they?

> An accountant I know got blaster from connecting to MSN's registration
> service after a fresh XP install.  Why was the registration service on
> Internet-routable IPs?  Why can't one get updates via a M$ dialup BBS
> system?  Why is the MSN installation and registration system forcing
> people to get exploited and they haven't even finished their
> registration?

This would be too expensive for the end user (not mentioning the speed
of BBS and the last-mile dial-up connections). Instead, there could
be some locked-down default internet connection set up, which
allows the user to connect to the Windows Update and _ONLY_ to
the Windows Update, throwing away all traffic from the rest of world.

Also, another problem is maintaining security in older versions
of Windows. Microsoft is slowly pushing implementations of lacking
security features (such as usable firewall, etc.). But what
to do when you really must maintain security even for Windows98 boxes?
We'd better to run away screaming when Microsoft introduced
the concept of Windows95...

Ondra 

+>>>-----------------------------------------------------------------+
|Ondrej Krajicek                                                 (-KO|
|Institute of Computer Science, Masaryk University Brno, CR          |
|http://isildur.ics.muni.cz/~ondra               krajicek () ics muni cz|
+--------------------------------------------------------------------+

Attachment: _bin
Description: