Please run windows update now

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Mon May 15 20:17:53 UTC 2017


On Mon, 15 May 2017 15:45:26 -0400, bzs at theworld.com said:

> So for example why does a client OS produced with that much money
> available even allow things like wholesale encryption of files without
> at least popping up one of those warnings to confirm that you really
> meant to run a program on $THRESHOLD files, opening them for update
> etc, not just read?

Well Barry, I can tell you why, with examples from the Unix world.

for i in *; do encrypt < $i > $i.new; mv $i.new $i; done

How do you throw a pop-up warning for that?  Pre-run it and see how many >
might get executed? And how do you tell that the sequence ends up destroying
the file rather than creating a new one?

OK. How about this one?

cat > ./wombat << EOF
##!/bin/bash
encrypt < $1 > $1.new; mv $1.new $1
EOF
chmod +x ./wombat
for i in *; do ./wombat $i; done

Now convert that to C and  bury that whole thing inside a binary.  How does the
operating system detect that and throw a pop-up *before* that executes?

It's a lot harder problem than you think.  Hint:  Fred Cohen's PhD thesis
showed that detecting malware is isomorphic to the Turing Halting Problem.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170515/25ce0184/attachment.pgp>


More information about the NANOG mailing list