Archive of UserLand's first discussion group, started October 5, 1998.

Re: "No Viri" Control Panel

Author:Paul Snively
Posted:5/5/2000; 8:49:34 AM
Topic:Virus from Manila
Msg #:16971 (In response to 16949)
Prev/Next:16970 / 16972

Winer: I also think it would be nice for Microsoft to have an easy to find control panel that makes it impossible for someone to send a virus through email enclosures. I have no idea if it's possible or not, I'd be happy to learn the issues, but it's a big problem.

It's not possible given current mainstream OS architectures (BSD/AT&T UNIX, all flavors of Windows, all flavors of MacOS). The reasons why are varied, but a BIG problem is that code run on "my" machine (loosely interpreted as "the machine in front of me," but not necessarily so) that I've received from "somewhere else" (loosely interpreted as "some other machine on the network," but not necessarily so) tends to be run with MY privileges--which, on Windows and the Mac, is basically potentially disastrous in and of itself, while on UNIX, the code might have to rely on the fact that even such utilitarian software as certain mail server software effectively runs as "God" and find a way to usurp control of that process so as to also run as "God," at which point it can work literally whatever mayhem a piece of software on UNIX can work.

Adding a control panel to stop this would be a computer science problem tantamount to solving the halting problem. No, I don't have a proof, and I'm not sure that one could be constructed. I AM sure that it would make a dandy Computer Science Ph.D. thesis.

The only true solution to the problem is to insist on computing platforms such as <http://www.eros-os.org> and <http://www.erights.org>, insist on provably correct security models, and then be willing to shake out the bugs in the implementations of those models. As things stand, though, we have security models that leak like sieves and literally no hope of them solidifying. One of my favorite canards thrown at the EROS team is "When are you going to break down and become POSIX compliant?" Shapiro's response is basically "You need to decide whether you wish to be POSIX compliant or secure, because you cannot be both." The same thoughts apply to being Win32 compliant or MacOS compliant.


There are responses to this message:


This page was archived on 6/13/2001; 4:55:04 PM.

© Copyright 1998-2001 UserLand Software, Inc.