Please run windows update now

William Waites wwaites at
Mon May 15 20:43:43 UTC 2017

> On May 15, 2017, at 21:17, valdis.kletnieks at wrote:
>> So for example why does[n’t] a client OS confirm that you really
>> meant to run a program on $THRESHOLD files…

> How does the operating system detect that and throw a pop-up
> *before* that executes?
> It's a lot harder problem than you think.  Hint:  Fred Cohen's PhD
> thesis showed that detecting malware is isomorphic to the Turing
> Halting Problem.

The general problem might well be that hard, I don’t know, it seems
plausible. However Barry’s suggestion doesn’t seem impossible.

One strategy is as follows. Have a counter in the kernel about writes to
files. Have some sort of log-structured filesystem with checkpoints or
whatever. When the counter goes too fast, show Barry’s dialog box and
if the user says no, roll back the filesystem to the time just before the
process (or its parent, or its parent’s parent, …) started. There are 
details to be ironed out, of course, but there’s no reason in principle
that it couldn’t be done like this.

The reason that you don’t have to make the operating system solve
the halting problem is because you ask the user.

William Waites
Laboratory for Foundations of Computer Science
School of Informatics, University of Edinburgh
Informatics Forum 5.38, 10 Crichton St.
Edinburgh, EH8 9AB, Scotland

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the NANOG mailing list