Please run windows update now

valdis.kletnieks at valdis.kletnieks at
Mon May 15 20:17:53 UTC 2017

On Mon, 15 May 2017 15:45:26 -0400, bzs at said:

> So for example why does a client OS produced with that much money
> available even allow things like wholesale encryption of files without
> at least popping up one of those warnings to confirm that you really
> meant to run a program on $THRESHOLD files, opening them for update
> etc, not just read?

Well Barry, I can tell you why, with examples from the Unix world.

for i in *; do encrypt < $i > $; mv $ $i; done

How do you throw a pop-up warning for that?  Pre-run it and see how many >
might get executed? And how do you tell that the sequence ends up destroying
the file rather than creating a new one?

OK. How about this one?

cat > ./wombat << EOF
encrypt < $1 > $; mv $ $1
chmod +x ./wombat
for i in *; do ./wombat $i; done

Now convert that to C and  bury that whole thing inside a binary.  How does the
operating system detect that and throw a pop-up *before* that executes?

It's a lot harder problem than you think.  Hint:  Fred Cohen's PhD thesis
showed that detecting malware is isomorphic to the Turing Halting Problem.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list