Please run windows update now
valdis.kletnieks at vt.edu
valdis.kletnieks at vt.edu
Mon May 15 20:17:53 UTC 2017
On Mon, 15 May 2017 15:45:26 -0400, bzs at theworld.com said:
> So for example why does a client OS produced with that much money
> available even allow things like wholesale encryption of files without
> at least popping up one of those warnings to confirm that you really
> meant to run a program on $THRESHOLD files, opening them for update
> etc, not just read?
Well Barry, I can tell you why, with examples from the Unix world.
for i in *; do encrypt < $i > $i.new; mv $i.new $i; done
How do you throw a pop-up warning for that? Pre-run it and see how many >
might get executed? And how do you tell that the sequence ends up destroying
the file rather than creating a new one?
OK. How about this one?
cat > ./wombat << EOF
##!/bin/bash
encrypt < $1 > $1.new; mv $1.new $1
EOF
chmod +x ./wombat
for i in *; do ./wombat $i; done
Now convert that to C and bury that whole thing inside a binary. How does the
operating system detect that and throw a pop-up *before* that executes?
It's a lot harder problem than you think. Hint: Fred Cohen's PhD thesis
showed that detecting malware is isomorphic to the Turing Halting Problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170515/25ce0184/attachment.sig>
More information about the NANOG
mailing list