On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said: > So for example why does a client OS produced with that much money > available even allow things like wholesale encryption of files without > at least popping up one of those warnings to confirm that you really > meant to run a program on $THRESHOLD files, opening them for update > etc, not just read?
Well Barry, I can tell you why, with examples from the Unix world. for i in *; do encrypt < $i > $i.new; mv $i.new $i; done How do you throw a pop-up warning for that? Pre-run it and see how many > might get executed? And how do you tell that the sequence ends up destroying the file rather than creating a new one? OK. How about this one? cat > ./wombat << EOF ##!/bin/bash encrypt < $1 > $1.new; mv $1.new $1 EOF chmod +x ./wombat for i in *; do ./wombat $i; done Now convert that to C and bury that whole thing inside a binary. How does the operating system detect that and throw a pop-up *before* that executes? It's a lot harder problem than you think. Hint: Fred Cohen's PhD thesis showed that detecting malware is isomorphic to the Turing Halting Problem.
pgpPisOZIogHA.pgp
Description: PGP signature