Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today

• Previous message (by thread): Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today
• Next message (by thread): Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 28 Jan 2004, Alexei Roudnev wrote:

> 
> 
> >
> > Most Windows boxes are running with administrative privledges.  That makes
> > Windows a willing accomplice.  The issue isn't that people click on
> > attachments, but that there are no built in safeguards from what happens
> > next.
> This is problem #1. Unfortunately, Windose is too complex and have too much
> legacy, so everyone must run as a administrator (try to install Visio
> without admin privileges...).

The whole point of the infamous *.DLL was to provide local libraries for 
applications like unix *.lib.so files.   This was corrupted by app vendors 
who were too deadline focused to install their DLL's in the application 
directory.

Of course this was abetted by the ability of an application to write
into the system directories.

When NTFS came out an ordinary user could not write the system directory
tree Hence most users are running as Administrator or equivalent so that
they can write into the system tree.  This was a bad design decision by
MS _and_ application developers.   This _is_ fixable by MS by simply not 
allowing apps to write into the system tree.  This of course is a "small 
matter of programming" but it would really improve the overall security 
posture of Windows.

Now there are well written applications which do install their DLL's into 
their own tree these apps can usually be recognized by _not_ requiring a 
reboot after installation.   

> 
> Problem #2 - using extentions to select an application - may be, it's a very
> good idea, but it complicates virus (worm) problem.
> 
 Agreed
 However magic numbers in the header or having the execute permission bit 
 set bring the same problem to the table.
 

> Problemm #3 - Monoculture.
  This greatly exacerbates problems 1 and 2 but is not so much of a 
  problem on its own.  i.e. Apache which has over 75% of the webserver
  market and is infrequently compromised.


Problem #4

MS applications have an unfortunate predilection to run any bit of 
executable code they find.  i.e. a WMA file can contain executable code 
which media player will happily execute.   This is a perfect example of 
just because you can do something it does not necessarily follow that you 
_should_ do something.   This dates back to [*]BASIC and the RUN command.  
It was somewhat useful 10+ years ago not so much today.

• Previous message (by thread): Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today
• Next message (by thread): Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]