On May 15, 2017 at 16:17 valdis.kletni...@vt.edu (valdis.kletni...@vt.edu) wrote: > On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said: > > > So for example why does a client OS produced with that much money > > available even allow things like wholesale encryption of files without > > at least popping up one of those warnings to confirm that you really > > meant to run a program on $THRESHOLD files, opening them for update > > etc, not just read? > > Well Barry, I can tell you why, with examples from the Unix world. > > for i in *; do encrypt < $i > $i.new; mv $i.new $i; done
Oh great a design review! Hello Valdis, I am Barry Shein. I've done decades of internals and kernel work. Ever use any Windows since about Vista? It throws up those warning pop-ups when you're about to do something it decides needs confirmation? That was almost certainly my invention. I described the idea on an anti-spam list and two Microsoft engineers contacted me to discuss whether this is feasible etc. Never got a thank you tho. > > How do you throw a pop-up warning for that? Pre-run it and see how many > > might get executed? And how do you tell that the sequence ends up destroying > the file rather than creating a new one? You count the number of destructive opens in the kernel and if it exceeds a threshold (for example) you stop it and pop up a warning. For example. As I said this is the sort of thing which is suitable for an end-user OS and no doubt annoying in a server OS. > > OK. How about this one? > > cat > ./wombat << EOF > ##!/bin/bash > encrypt < $1 > $1.new; mv $1.new $1 > EOF > chmod +x ./wombat > for i in *; do ./wombat $i; done > > Now convert that to C and bury that whole thing inside a binary. How does > the > operating system detect that and throw a pop-up *before* that executes? > > It's a lot harder problem than you think. Hint: Fred Cohen's PhD thesis > showed that detecting malware is isomorphic to the Turing Halting Problem. > > > x[DELETED ATTACHMENT <no suggested filename>, application/pgp-signature] You don't seem to understand how OS's work which surprises me in your case. -- -Barry Shein Software Tool & Die | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*