"Day Brown" <[EMAIL PROTECTED]> wrote:
> If you run a multi-tasking operating system, by definition, there are
> tasks running in the background. There is no necessity for you to know
> they are running. Whatever else sabotage software is, it runs in the
> background.
But not all destructive software needs to run in the background to be
effective. The problem is _exposure and vulnerability to sabotage_, not the
fact that an OS is multi-tasking. A pretty solid case can be made that a
QUALITY multi-tasking OS actually has better protection mechanisms than a
single-tasking OS in which everything runs with essentially "root" access.
If I'm a user on a QUALITY multi-tasking OS, and I do not have system-wide
privleges, the capacity of any program I run to do damage will be limited,
be it a virus or not.
Arguably, a user could wind up passing on an e-mail macro or similar payload
which takes advantage of their access rights, but these are not the same as
infecting the system itself. That argument is countered by the ability of a
multi-tasking OS to run countermeasures against such payloads (i.e. scan all
outbound mail as it leaves the system, check sanity of outbound volume,
etc.).
> I run DR-DOS. in single tasking mode. no background, nothing for a
> virus running on netware to get into.
Yet DR-DOS remains vulnerable to virus attacks, no? Pop in a diskette
infected with a boot-sector virus, and you're still vulnerable even BEFORE
the OS loads. And others were equally effective, weren't they? My only point
is that a single-tasker isn't somehow immune, and usage dictates
vulnerability on most single-taskers.
> I can see where some geek
> might be able to modify JAVA code so that it alters the firmware of
> the modem, turning off the speaker, so you dont hear it dial out or
> logon.
Again, normal users shouldn't be allowed to do things such as modify
hardware on a properly designed OS. Separate system functions from user
functions (and don't use "root" for day-to-day tasks) and much of this sort
of thing can be diminished.
> The worst sabotage event I know of happened years ago, when a hacker
> under contract saw that the software house he was coding for was not
> going to pay him for his work, feeling that they had enough lawyers
> to keep him in court forever. Which they certainly did. [...]
But again, nothing about this is dependent on a single- or multi-tasking
environment. Sabotage occurs in both cases.
> [...]
> IIRC, it cost corporate customers 40 million to fix. They arrested
> him, but all charges were dropped when it was demonstrated that they
> had no right to the software in the fist place.
Interesting. Can you cite specifics? I hadn't heard about this one.
> Now, the bad news. Talented programmers are leaving Microsoft in
> droves to find contracts working in Linux. What bombs have they left
> on the WINx disks? Damifino.
Please don't give the impression that all those involved in the Open Source
movement are embittered ex-Microsoft employees! The Open Source community
consists of a fair number of folks who have NEVER worked for Microsoft, or
on Microsoft projects. And the vast majority of programmers I know are
ethical, software-biz politics aside. And nastys have been written for
plenty of non-MS platforms. Some of those embittered types may have worked
on _any number_ of projects, including some of our beloved single-taskers.
Not to get off on an old theme, but I don't equate saboteurs with heroes of
any sort. On any platform.
> [...]
> You cannot do this with an 'open source' operating systems like Linux
> or DR-DOS.
I wasn't aware that DR-DOS is Open Source. Is that the case now?
> Every macro and subroutine are up on public display for
> programmer peer review to see what it does, and why it is there. If
> you wanna be sure your system is not sabotaged, you dont havta depend
> on your opinion of the competency and honesty of proprietary scanner
> software; if you wanna be sure, you havta use open source software.
And notice that many of the Open Source OS efforts are, indeed
MULTI-TASKING. **QUALITY** ones at that.Selection of tools developed with
protection in mind from the outset can certainly be beneficial (witness
OpenBSD's record). "I'm not vulnerable because I use <your OS here>" is
whistling in the dark.
I just want to separate the issues of multi-tasking from vulnerability to
mischief. I understand and respect peoples' anti-Microsoft sentiment,
although I don't share _all_ of it. A well administered multi-tasking OS can
be as secure as a well administered single-tasker. A poorly administered
system is vulnerable, regardless. If the OS you run is popular enough to
have much of an audience, some bored fool will probably target it for some
sort of mischief eventually. The key is in being aware and proactive.
Again, just emphasizing that multi-tasking doesn't equate to vulnerability.
- Bob
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
