Secure Coding mailing list archives

RE: Hypothetical design question

From: "Alun Jones" <alun () texis com>
Date: Mon, 02 Feb 2004 17:06:10 +0000

-----Original Message-----
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: Saturday, January 31, 2004 12:43 PM

Antivirus scanners typically work by matching against 
patterns of known
viruses.  For VMS that is the null set.


Hope you don't mind me saying this, but that's essentially a null argument.

All software sucks, that's a given.  All software has bugs, all software has
security flaws, often the biggest of which is that all software is (at some
point) used, configured and controlled by humans.

If VMS has no known viruses, it's because of a combination of factors:
1. About ten people in the world use VMS.
2. A story about a virus infecting VMS is unlikely to make the evening news.

If every Windows user switched to some other OS tomorrow, within a few days
that system would be under attack from a whole host of new viruses.

Unless you're going to point to specific _technical_ features of VMS (and
I'm glad that you have) that prevent the spread of viruses, the argument
that the system currently has no viruses is nothing better than a security
by obscurity argument.  There are no viruses because there is no perceived
benefit to the virus author.  Remember, the virus author can only have a few
reasons for writing a virus:
1. To get some form of notoriety (even if it has to be anonymous notoriety,
where it's only the author that gets to say "hey, I wrote that", and he only
says it to himself).
2. As a destruction of existing systems - kind of a techno-Luddite, or one
who hates an OS or app sufficiently much to want to harm everyone that uses
it.
3. As a means of creating a vector for future attacks - this is happening
more frequently.

Note that only item 2 would allow for a cracker to consider writing a virus
for a marginally popular OS.

Alun.
~~~~
-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | [EMAIL PROTECTED]
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Current thread:

Re: Hypothetical design question, (continued)
- - Re: Hypothetical design question der Mouse (Jan 30)
  - Re: Hypothetical design question Glenn and Mary Everhart (Jan 30)
  - Re: Hypothetical design question Fernando Schapachnik (Jan 30)
- RE: Re: Hypothetical design question Nick Lothian (Jan 29)
- Re: Hypothetical design question Greenarrow 1 (Jan 30)
- RE: Re: Hypothetical design question Carl G. Alphonce (Jan 30)
- RE: Hypothetical design question Jeremy Epstein (Jan 30)
  - Re: Hypothetical design question der Mouse (Jan 31)
- RE: Hypothetical design question Shea, Brian A (Jan 31)
  - RE: Hypothetical design question ljknews (Feb 01)
    - RE: Hypothetical design question Alun Jones (Feb 02)
    - RE: Hypothetical design question ljknews (Feb 03)
    - Re: Hypothetical design question Crispin Cowan (Feb 04)
    - RE: Hypothetical design question Alun Jones (Feb 04)
    - RE: Hypothetical design question dtalk-ml (Feb 04)
    - RE: Hypothetical design question Alun Jones (Feb 04)
    - Re: Hypothetical design question Crispin Cowan (Feb 05)
- RE: Hypothetical design question dtalk-ml (Feb 04)