kelly@uts.amdahl.com (Kelly Goen) (04/07/90)
CHESS@YKTVMV.BITNET (David.M.Chess) writes: >Dave Ihnat <ignatz@chinet.chi.il.us> writes: > >> elimination of the conditions that lead to viruses basically means >> redesigning the computers that are attacked to eliminate the >> simplistic hardware model that allows full access to the single user. > >Unfortunately, viruses do not depend on this hardware model; viruses >can spread in any system that allows both programming and information >sharing, regardless of whether or not programs have direct access to >the hardware, whether or not the system is assumed to be single-user, >and so on. See various papers by Fred Cohen on the subject. As long >as (roughly) some programs sometimes have write-access to some other >programs, viruses can spread. > >Dave Chess >IBM T. J. Watson Research Center Yes dave but under environments which use say the VM8086 model on the 386 (such as VPIX) file writability and/or hardware acces is TOTALLY under the control of unix... weak unix security weak dos security good unix security = good dos security in this case.... cheers kelly
CHESS@YKTVMV.BITNET (David.M.Chess) (04/10/90)
kelly@uts.amdahl.com (Kelly Goen) writes, apparently in response to a posting of mine: > Yes dave but under environments which use say the VM8086 model on > the 386 (such as VPIX) file writability and/or hardware acces is > TOTALLY under the control of unix... weak unix security weak dos > security good unix security = good dos security in this case.... My point was that putting file access under the control of the operating system *doesn't help*, at least not as much as people generally assume. Viruses spread by writing to files that they are *allowed* to write to; they don't depend on a lack of security. If most programs have write access to only a few other programs, viruses may not be able to spread as fast; but lowering the exponent on an exponential spread helps surprisingly little. Now of course this may be what you were saying; I'm not entirely sure I understand the posting... DC
HORN%HYDRA@sdi.polaroid.com (04/10/90)
A more accurate analogy might be the introduction of clean water systems rather than the elimination of smallpox. The widespread use of modern operating systems with memory and device protection will greatly hinder the spread of viruses, but by no means prevent their spread. I can think of methods to implement Unix and VM viruses. Most of these depend upon sloppy system administration methods for rapid spreading, but at least for now sloppy administration is the norm. Some of these have been demonstrated by attacks like the Internet Worm. But with a more modern hardware and operating system it is much harder to spread and easier to cure. This is similar to what you find today with water-borne diseases. Typhoid, cholera, and dysentery are by no means eliminated in the US, but they are no longer a normal cause of death. They promptly return after disasters break down the water systems (well cholera is still rare, but would recur if the breakdowns lasted long enough). Probably the greatest strength of most current systems is the diversity of hardware and operating system revisions. This forces the use of source (non-executable) for most inter-machine transfers and greatly hinders the spread of viruses and worms. The strong commercial push for standard binary interfaces is a danger in that it will greatly increase the size of the computer population that is vulnerable to any one specific attack. R Horn horn%hydra@polaroid.com
ignatz@chinet.chi.il.us (Dave Ihnat) (04/11/90)
CHESS@YKTVMV.BITNET (David.M.Chess) writes: >Unfortunately, viruses do not depend on this hardware model; viruses >can spread in any system that allows both programming and information >sharing, regardless of whether or not programs have direct access to >the hardware, whether or not the system is assumed to be single-user, >and so on. See various papers by Fred Cohen on the subject. As long >as (roughly) some programs sometimes have write-access to some other >programs, viruses can spread. >Dave Chess >IBM T. J. Watson Research Center As a practical matter, I was trying to not go into a lecture on the differences between the hardware and software models you bring up. But the baseline is this: All of the single-user machines which are currently the major targets of viral attack provide NO hardware model which allows preemptive control by the OS or monitor of program access to memory or hardware. Thus, in such systems, it is categorically impossible to provide a reliably virus-free environment. Systems which provide the underlying hardware CAN be made much more secure. In this environment, it is still possible to improperly use the provided capabilities and thus grant unauthorized access; but this is not a case of CAN be secure, but DIDN'T make it secure but had the capability. As a real- world example, Unix and VMS systems don't see the widespread attacks that single-user systems such as the PC and Mac have "enjoyed." Attacks on such multi-user/multi-tasking systems that are successful invariably result from either errors in the protection mechanisms (usually, not the hardware itself, but rather the operating system which utilizes it) or errors in application of the provided protections, either by programmers (privileged programs that don't properly control access, etc.), or by administrators and users who don't use such capabilities as ACL's and file permission settings. So the point I was making is that in an environment which doesn't even provide underlying hardware support for protection, it's impossible to make a secure, safe system no matter how good you are in software development. Having the hardware, however, does not guarantee such security; but id does make it possible.
kelly@uts.amdahl.com (Kelly Goen) (04/13/90)
CHESS@YKTVMV.BITNET (David.M.Chess) writes: >kelly@uts.amdahl.com (Kelly Goen) writes, apparently in response >to a posting of mine: > >> Yes dave but under environments which use say the VM8086 model on >> the 386 (such as VPIX) file writability and/or hardware acces is >> TOTALLY under the control of unix... weak unix security weak dos >> security good unix security = good dos security in this case.... > >My point was that putting file access under the control of the >operating system *doesn't help*, at least not as much as people >generally assume. Viruses spread by writing to files that they are >*allowed* to write to; they don't depend on a lack of security. If >most programs have write access to only a few other programs, viruses >may not be able to spread as fast; but lowering the exponent on an >exponential spread helps surprisingly little. > >Now of course this may be what you were saying; I'm not entirely sure >I understand the posting... > >DC Well close dave what I was referring to is the running of DOS programs in a virtual environment and preventing access to hardware models or real "Anything..." Viruses written to attack MS-DOS only or the Hardware model under which MS-DOS functions will fail to infect under such an environment.... That is what I was trying to say... of course the platform itself is vunerable to infections native to it...*nix that is... so the security is only for now(i.e. temporary..) cheers kelly