Ed Porter wrote:
Richard,
What ever happen to the Java concept of the sandbox, that totally safe play
space for code from over the web. I assume it proved to be a pipe dream, or
was it that the market placed demanded to break free of the sandbox, so the
concept never got a chance.
Well, what I was talking about were macroviruses: they are macros
inside Microsoft word (and similar in Outlook etc).
So if you pick up a word document from somewhere, and it has virus
macros in it, they can get copied to your main template and sit there
waiting for the day when they are triggered. That avoids the Java
sandbox entirely.
The viruses in Outlook are worse because they are so fast acting. The
last I heard Microsoft had made sure that these could run with as little
restriction as possible, but I do not know if these can do something
like format your hard drive.
Microsoft has consistently ignored the appeals of the AntiVirus
community to stop putting features in their apps that look tailor-made
for virus writers. At the largest AV conference in the world in 1997,
which I attended, there was only one delegate from Microsoft - he was a
junior level systems admin guy, and he was there (he said) to learn
about the best techniques for defending Microsoft headquarters from
virus attacks.
There are some who believe that the main reason that Microsoft inserts
so many powerful, virus-friendly mechanisms into its products is because
the U.S. government has an urgent need for trapdoor mechanisms that let
them build various interesting pieces of software (e.g. key loggers) so
they can monitor people who are not fascists.
Richard Loosemore
-----Original Message-----
From: Richard Loosemore [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 5:53 PM
To: agi@v2.listbox.com
Subject: Re: Hacker intelligence level [WAS Re: [agi] Funding AGI research]
Ed Porter wrote:
Richard,
To the uninformed like me, can you explain why it would be so easy for an
intelligent person to cause great harm on the net. What are the major
weaknesses of the architectures of virtually all operating systems that
allow this. It is just lots of little bugs.
It would be possible to write a macrovirus with a long incubation
period, which did nothing to get it noticed until D-Day, then erase the
hard drive.
It only needs a lot of people to be using Microsoft Word: this by
itself is (or was: I am out of touch) the main transport mechanism.
There are some issues with how that would work, but since I don't want
to end up in Azkhaban, I'll keep my peace if you don't mind.
The only thing that might save us is the fact that Microsoft's
implementation of its own code is so incredibly bad that when it
duplicates macros, it has an alarmingly high screw-up rate, which means
the macros get distorted, which then means that the virus goes wrong. A
really bad virus would then show up, because broken viruses (called
'variants') can cause damage prematurely. Then, it would get noticed.
Richard Loosemore.
-----
This list is sponsored by AGIRI: http://www.agiri.org/email
To unsubscribe or change your options, please go to:
http://v2.listbox.com/member/?&;
-----
This list is sponsored by AGIRI: http://www.agiri.org/email
To unsubscribe or change your options, please go to:
http://v2.listbox.com/member/?&;
-----
This list is sponsored by AGIRI: http://www.agiri.org/email
To unsubscribe or change your options, please go to:
http://v2.listbox.com/member/?member_id=8660244&id_secret=69960975-2c7bf8
