Please run windows update now

bzs at theworld.com bzs at theworld.com
Mon May 15 21:03:15 UTC 2017


On May 15, 2017 at 16:17 valdis.kletnieks at vt.edu (valdis.kletnieks at vt.edu) wrote:
 > On Mon, 15 May 2017 15:45:26 -0400, bzs at theworld.com said:
 > 
 > > So for example why does a client OS produced with that much money
 > > available even allow things like wholesale encryption of files without
 > > at least popping up one of those warnings to confirm that you really
 > > meant to run a program on $THRESHOLD files, opening them for update
 > > etc, not just read?
 > 
 > Well Barry, I can tell you why, with examples from the Unix world.
 > 
 > for i in *; do encrypt < $i > $i.new; mv $i.new $i; done

Oh great a design review!

Hello Valdis, I am Barry Shein. I've done decades of internals and
kernel work.

Ever use any Windows since about Vista? It throws up those warning
pop-ups when you're about to do something it decides needs
confirmation?

That was almost certainly my invention.

I described the idea on an anti-spam list and two Microsoft engineers
contacted me to discuss whether this is feasible etc.

Never got a thank you tho.

 > 
 > How do you throw a pop-up warning for that?  Pre-run it and see how many >
 > might get executed? And how do you tell that the sequence ends up destroying
 > the file rather than creating a new one?

You count the number of destructive opens in the kernel and if it
exceeds a threshold (for example) you stop it and pop up a warning.

For example.

As I said this is the sort of thing which is suitable for an end-user
OS and no doubt annoying in a server OS.

 > 
 > OK. How about this one?
 > 
 > cat > ./wombat << EOF
 > ##!/bin/bash
 > encrypt < $1 > $1.new; mv $1.new $1
 > EOF
 > chmod +x ./wombat
 > for i in *; do ./wombat $i; done
 > 
 > Now convert that to C and  bury that whole thing inside a binary.  How does the
 > operating system detect that and throw a pop-up *before* that executes?
 > 
 > It's a lot harder problem than you think.  Hint:  Fred Cohen's PhD thesis
 > showed that detecting malware is isomorphic to the Turing Halting Problem.
 > 
 > 
 > x[DELETED ATTACHMENT <no suggested filename>, application/pgp-signature]

You don't seem to understand how OS's work which surprises me in your
case.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


More information about the NANOG mailing list