WHMurray@DOCKMASTER.ARPA (10/07/89)
>I wouldn't say UNIX is virus-proof (I posted a hoax article about a >UNIX virus over a year ago, just before the Internet Worm incident), >but it's sure a hell of a lot more virus-resistant than DOS. It may be useful to compare UNIX with DOS. However, if you are going to do it, you should be a little more complete. In most implementations, UNIX is a multi-user multi-tasking system requiring a system manager or operator. Media is not in the hands of the end-user. It gets whatever storage it requires. DOS is a single-user single-tasking system designed to be operated by the user. Media is normally in his hands. DOS was originally designed to run, with an application, in under 64K. (Had it not been, we would not have a virus problem; we would not even have an industry.) It is not reasonable to expect them to manifest the same vulnerability to viruses, any more than they exhibit the same functionality. However, as it relates to viruses, the big difference between them today is the number and nature of uses and users. If UNIX were being used for the same things and by the same number of users as DOS, it would be just as vulnerable. >Better than changing OS to get better virus "resistance", why not >encourage the systems designers at Apple and IBM to implement >protection in their respective operating systems? Be careful what you ask for; you might get it. The vulnerability to viruses arises from our ability to write and share programs; All complete strategies for dealing with them must ultimately involve some restriction on those capabilities. While operating system functionality may be useful, I would rather reserve the decision over such fundamental choices to the end- user. Much of what appears to be vulnerabilities to viruses in DOS, e.g., the bootblock, are simply the virus designer exploiting a feature in the way that it was intended to be used. The bootblock is intended to give control to the program on the media. It operates the way that it was intended. It contains no surprises. The virus designer uses it as the obvious solution to the problem which confronts every virus designer, i.e., how to get control, how to get his program executed. In the absence of malice the mechanism would be beneath the users level of notice. In the presence of viruses, he must be careful what media he boots from and must avoid putting his media in machines already booted. In the absence of the feature, the virus designer would get his program executed in some other way. As a last resort, he would simply dupe users. We may decide that being able to switch programs by switching media is too dangerous a feature to have, but I am not ready to concede it yet. >I am sure that there are many complex issues facing a >company such as Apple, with regards to this problem, and changes at >the OS level to deal with viruses will, and probably should, be slow. Here we are clearly in agreement. >What users should be doing, is overtly pressuring computer >manufacturers to address this need at the OS level, and start buying >equipment from vendors who move in that direction. The only machines that fully address this problem at the OS level are "application machines" which do not present any ability to modify or install programs. Fred Cohen suggests that in a world of such machines we would still enjoy many, but not all, of the benefits of computers. I would assert that we would enjoy many, but not most, of those benefits. Indeed, the advantages of user programmability are so great that there is no chance that the readers will follow your advice, or that manufacturers would yield to any such pressure. In the end, it is not an operating system issue; it is an application issue. No matter what you do at the system layer, if you include user-programming at the application layer, then you are vulnerable to viruses. Even interpreted languages, such as REXX, BASIC, or key-board macro languages, which need not even know what system they will run in, can be used to implement viruses. William Hugh Murray, Fellow, Information System Security, Ernst & Young 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840
davidsen@crdos1.crd.ge.com (Wm E Davidsen Jr) (10/26/89)
In article <0001.8910231129.AA06880@ge.sei.cmu.edu>, WHMurray@DOCKMASTER.ARPA w rites: | However, as it relates to viruses, the big difference between them | today is the number and nature of uses and users. If UNIX were being | used for the same things and by the same number of users as DOS, it | would be just as vulnerable. I don't see how that relates to the technical issues. DOS allows any program to write anywhere in memory, including over the o/s. UNIX does not. DOS allows any program to write directly on the hard disk. UNIX does not. DOS allows any program to write to a floppy disk. UNIX may or may not, but in general UNIX seldom uses floppies at all, and when it does the formats are usually not susceptable to changing one file without changing others (ie. tar, cpio). DOS allows any program to modify any file on any disk. UNIX does not. This is not a case of one being "better" than another, just a case of inherent characteristics of the systems. Yes, if someone is running UNIX on an 8088 machine many of the protections are bypassed. - -- bill davidsen (davidsen@crdos1.crd.GE.COM -or- uunet!crdgw1!crdos1!davidsen) "The world is filled with fools. They blindly follow their so-called 'reason' in the face of the church and common sense. Any fool can see that the world is flat!" - anon