Re: Please run windows update now

[valdis.kletnieks () vt edu]

On Mon, 15 May 2017 15:45:26 -0400, bzs () theworld com said:

> So for example why does a client OS produced with that much money
> available even allow things like wholesale encryption of files without
> at least popping up one of those warnings to confirm that you really
> meant to run a program on $THRESHOLD files, opening them for update
> etc, not just read?

Well Barry, I can tell you why, with examples from the Unix world.

for i in *; do encrypt < $i > $i.new; mv $i.new $i; done

How do you throw a pop-up warning for that?  Pre-run it and see how many >
might get executed? And how do you tell that the sequence ends up destroying
the file rather than creating a new one?

OK. How about this one?

cat > ./wombat << EOF
##!/bin/bash
encrypt < $1 > $1.new; mv $1.new $1
EOF
chmod +x ./wombat
for i in *; do ./wombat $i; done

Now convert that to C and  bury that whole thing inside a binary.  How does the
operating system detect that and throw a pop-up *before* that executes?

It's a lot harder problem than you think.  Hint:  Fred Cohen's PhD thesis
showed that detecting malware is isomorphic to the Turing Halting Problem.

Attachment: _bin
Description: