I am subscribed to this list. Please don't CC me when replying.
Morgan Storey wrote:
> Yes polymorphic viruses have been around a long time, but look at say
> the 100 biggest infectors at the moment, none of them I would say are
> polymorphic, all of them can be picked up by signatures.
And all of those are hitting machines that are either unpatched or
have vulnerabitlites that should have been patched.
> Not 100% safe, you can still have users doing things they shouldn't
> like giving a screensaver root privileges.
A user dumb enough to do this shouldn't have root privileges.
> Virus writers are as lazy as the rest of us
But as soon as virus scanners catch all non-polymorphic viruses
virus writers will stop writing non-polymorphic viruses.
My thesis is that continuing the virus arms race with virus scanners
results in a situtaion where the virus scanners are unable to detect
99% of all viruses. I think effort should be invested in heading all
viruses that exploit code rather than users off at the pass by fixing
the software bugs viruses exploit.
The user problem needs to be dealt with separately.
> 100% secure code is also nigh-on impossible to write if you want it to
> be flexible to the user.
I think the people here in Sydney who worked on the Sel4 project:
http://ertos.nicta.com.au/research/sel4/
http://www.sigops.org/sosp/sosp09/papers/klein-sosp09.pdf
would say that the level of difficulty is not "nigh-on impossible"
but is at the "phd research in compsci" level of difficulty.
Going by the experience of the Sel4 project, I would say that it
is currently not possible to economically write provably correct
code, but it possible. As more research goes on in the field of
provably correct code, the techniques will improve, become easier
to apply and become more widespread. Long term, that is the only
hope for secure computing.
> Most of the people on this list are not the average user, but my point
> still stands if we continue along the line that Linux is immune to
> viruses we will get bitten as Apple has, one day, and it will be
> harder than the gnome-look screensaver of the Proftpd compromise.
That was a user failure. Dumb users need to be locked down so they
can't compromise the systems they work on.
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
