nanog mailing list archives

Re: Please run windows update now

From: "J. Oquendo" <joquendo () e-fensive net>
Date: Mon, 15 May 2017 16:48:21 -0500

On Mon, 15 May 2017, bzs () theworld com wrote:

Oh great a design review!

Hello Valdis, I am Barry Shein. I've done decades of internals and
kernel work.

Ever use any Windows since about Vista? It throws up those warning
pop-ups when you're about to do something it decides needs
confirmation?

That was almost certainly my invention.

I described the idea on an anti-spam list and two Microsoft engineers
contacted me to discuss whether this is feasible etc.

Never got a thank you tho.

 > 
 > How do you throw a pop-up warning for that?  Pre-run it and see how many >
 > might get executed? And how do you tell that the sequence ends up destroying
 > the file rather than creating a new one?

You count the number of destructive opens in the kernel and if it
exceeds a threshold (for example) you stop it and pop up a warning.

For example.

As I said this is the sort of thing which is suitable for an end-user
OS and no doubt annoying in a server OS.


*popcorn* ... What was the original thread about? Because
once upon a time as a proof of concept for "undetectable"
viruses on *nix, (was for a competition where I was not
allowed to be play post disclosure of PoC), anyway, I
created a really really bad mechanism to negatively
impact ALL BSDs, Solaris, Linux, it was *nix agnostic.


Bigger takeaway, malware/scumware/whateverware authors
target Windows because there are more users. For someone
dealing with security 24x7x365, I can state MS has come
a very long way from what they were, including dealing
with MSRC and other departments. Do you have any idea
how difficult it is to deal with certain *nix projects?
Freshmeat? Github, hobby...

Apples and oranges. And I CAN COUNT the number of
destructive opens read, and write on any nix system, so
perhaps we should kill this thread before it becomes:
my NetBSD toaster is better than your windows powered
refrigetor.


-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

0B23 595C F07C 6092 8AEB  074B FC83 7AF5 9D8A 4463
https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463

Current thread:

Re: Please run windows update now, (continued)
- - - Re: Please run windows update now Rich Kulawiec (May 14)
    - Re: Please run windows update now valdis . kletnieks (May 15)
    - RE: Please run windows update now Eliezer Croitoru (May 15)
    - Re: Please run windows update now Randy Bush (May 15)
    - Re: Please run windows update now Rich Kulawiec (May 15)
    - Re: Please run windows update now Randy Bush (May 15)
    - Re: Please run windows update now bzs (May 15)
    - Re: Please run windows update now valdis . kletnieks (May 15)
    - Re: Please run windows update now William Waites (May 15)
    - Re: Please run windows update now bzs (May 15)
    - Re: Please run windows update now J. Oquendo (May 15)
    - Re: Please run windows update now Aaron C. de Bruyn via NANOG (May 15)
    - Re: Please run windows update now valdis . kletnieks (May 15)
    - Re: Please run windows update now Jonathan Roach (May 15)
    - Re: Please run windows update now Brad Knowles (May 16)
    - Re: Please run windows update now JoeSox (May 16)
    - Re: Please run windows update now Brad Knowles (May 16)
    - Re: Please run windows update now valdis . kletnieks (May 16)
    - Re: Please run windows update now valdis . kletnieks (May 16)
    - RE: Please run windows update now Keith Medcalf (May 16)
    - Re: Please run windows update now valdis . kletnieks (May 16)

(Thread continues...)