nanog mailing list archives

Re: Please run windows update now

From: bzs () theworld com
Date: Mon, 15 May 2017 17:03:15 -0400


On May 15, 2017 at 16:17 valdis.kletnieks () vt edu (valdis.kletnieks () vt edu) wrote:

On Mon, 15 May 2017 15:45:26 -0400, bzs () theworld com said:

So for example why does a client OS produced with that much money
available even allow things like wholesale encryption of files without
at least popping up one of those warnings to confirm that you really
meant to run a program on $THRESHOLD files, opening them for update
etc, not just read?


Well Barry, I can tell you why, with examples from the Unix world.

for i in *; do encrypt < $i > $i.new; mv $i.new $i; done


Oh great a design review!

Hello Valdis, I am Barry Shein. I've done decades of internals and
kernel work.

Ever use any Windows since about Vista? It throws up those warning
pop-ups when you're about to do something it decides needs
confirmation?

That was almost certainly my invention.

I described the idea on an anti-spam list and two Microsoft engineers
contacted me to discuss whether this is feasible etc.

Never got a thank you tho.


How do you throw a pop-up warning for that?  Pre-run it and see how many >
might get executed? And how do you tell that the sequence ends up destroying
the file rather than creating a new one?


You count the number of destructive opens in the kernel and if it
exceeds a threshold (for example) you stop it and pop up a warning.

For example.

As I said this is the sort of thing which is suitable for an end-user
OS and no doubt annoying in a server OS.


OK. How about this one?

cat > ./wombat << EOF
##!/bin/bash
encrypt < $1 > $1.new; mv $1.new $1
EOF
chmod +x ./wombat
for i in *; do ./wombat $i; done

Now convert that to C and  bury that whole thing inside a binary.  How does the
operating system detect that and throw a pop-up *before* that executes?

It's a lot harder problem than you think.  Hint:  Fred Cohen's PhD thesis
showed that detecting malware is isomorphic to the Turing Halting Problem.


x[DELETED ATTACHMENT <no suggested filename>, application/pgp-signature]


You don't seem to understand how OS's work which surprises me in your
case.

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Current thread:

RE: Please run windows update now, (continued)
- - - RE: Please run windows update now Keith Medcalf (May 12)
    - Re: Please run windows update now Rich Kulawiec (May 14)
    - Re: Please run windows update now valdis . kletnieks (May 15)
    - RE: Please run windows update now Eliezer Croitoru (May 15)
    - Re: Please run windows update now Randy Bush (May 15)
    - Re: Please run windows update now Rich Kulawiec (May 15)
    - Re: Please run windows update now Randy Bush (May 15)
    - Re: Please run windows update now bzs (May 15)
    - Re: Please run windows update now valdis . kletnieks (May 15)
    - Re: Please run windows update now William Waites (May 15)
    - Re: Please run windows update now bzs (May 15)
    - Re: Please run windows update now J. Oquendo (May 15)
    - Re: Please run windows update now Aaron C. de Bruyn via NANOG (May 15)
    - Re: Please run windows update now valdis . kletnieks (May 15)
    - Re: Please run windows update now Jonathan Roach (May 15)
    - Re: Please run windows update now Brad Knowles (May 16)
    - Re: Please run windows update now JoeSox (May 16)
    - Re: Please run windows update now Brad Knowles (May 16)
    - Re: Please run windows update now valdis . kletnieks (May 16)
    - Re: Please run windows update now valdis . kletnieks (May 16)
    - RE: Please run windows update now Keith Medcalf (May 16)

(Thread continues...)