nanog mailing list archives
Re: Please run windows update now
From: "J. Oquendo" <joquendo () e-fensive net>
Date: Mon, 15 May 2017 16:48:21 -0500
On Mon, 15 May 2017, bzs () theworld com wrote:
Oh great a design review! Hello Valdis, I am Barry Shein. I've done decades of internals and kernel work. Ever use any Windows since about Vista? It throws up those warning pop-ups when you're about to do something it decides needs confirmation? That was almost certainly my invention. I described the idea on an anti-spam list and two Microsoft engineers contacted me to discuss whether this is feasible etc. Never got a thank you tho. > > How do you throw a pop-up warning for that? Pre-run it and see how many > > might get executed? And how do you tell that the sequence ends up destroying > the file rather than creating a new one? You count the number of destructive opens in the kernel and if it exceeds a threshold (for example) you stop it and pop up a warning. For example. As I said this is the sort of thing which is suitable for an end-user OS and no doubt annoying in a server OS.
*popcorn* ... What was the original thread about? Because once upon a time as a proof of concept for "undetectable" viruses on *nix, (was for a competition where I was not allowed to be play post disclosure of PoC), anyway, I created a really really bad mechanism to negatively impact ALL BSDs, Solaris, Linux, it was *nix agnostic. Bigger takeaway, malware/scumware/whateverware authors target Windows because there are more users. For someone dealing with security 24x7x365, I can state MS has come a very long way from what they were, including dealing with MSRC and other departments. Do you have any idea how difficult it is to deal with certain *nix projects? Freshmeat? Github, hobby... Apples and oranges. And I CAN COUNT the number of destructive opens read, and write on any nix system, so perhaps we should kill this thread before it becomes: my NetBSD toaster is better than your windows powered refrigetor. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463 https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463
Current thread:
- Re: Please run windows update now, (continued)
- Re: Please run windows update now Rich Kulawiec (May 14)
- Re: Please run windows update now valdis . kletnieks (May 15)
- RE: Please run windows update now Eliezer Croitoru (May 15)
- Re: Please run windows update now Randy Bush (May 15)
- Re: Please run windows update now Rich Kulawiec (May 15)
- Re: Please run windows update now Randy Bush (May 15)
- Re: Please run windows update now bzs (May 15)
- Re: Please run windows update now valdis . kletnieks (May 15)
- Re: Please run windows update now William Waites (May 15)
- Re: Please run windows update now bzs (May 15)
- Re: Please run windows update now J. Oquendo (May 15)
- Re: Please run windows update now Aaron C. de Bruyn via NANOG (May 15)
- Re: Please run windows update now valdis . kletnieks (May 15)
- Re: Please run windows update now Jonathan Roach (May 15)
- Re: Please run windows update now Brad Knowles (May 16)
- Re: Please run windows update now JoeSox (May 16)
- Re: Please run windows update now Brad Knowles (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- RE: Please run windows update now Keith Medcalf (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)