[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Please run windows update now

Subject: Please run windows update now
From: bzs at theworld.com (bzs at theworld.com)
Date: Mon, 15 May 2017 17:03:15 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <CA+zb_vGHn2HZbEeduyk1Nw2Wu8s17UPEHWX3wn+O15UsW1=gzw@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On May 15, 2017 at 16:17 valdis.kletnieks at vt.edu (valdis.kletnieks at vt.edu) wrote:
 > On Mon, 15 May 2017 15:45:26 -0400, bzs at theworld.com said:
 > 
 > > So for example why does a client OS produced with that much money
 > > available even allow things like wholesale encryption of files without
 > > at least popping up one of those warnings to confirm that you really
 > > meant to run a program on $THRESHOLD files, opening them for update
 > > etc, not just read?
 > 
 > Well Barry, I can tell you why, with examples from the Unix world.
 > 
 > for i in *; do encrypt < $i > $i.new; mv $i.new $i; done

Oh great a design review!

Hello Valdis, I am Barry Shein. I've done decades of internals and
kernel work.

Ever use any Windows since about Vista? It throws up those warning
pop-ups when you're about to do something it decides needs
confirmation?

That was almost certainly my invention.

I described the idea on an anti-spam list and two Microsoft engineers
contacted me to discuss whether this is feasible etc.

Never got a thank you tho.

 > 
 > How do you throw a pop-up warning for that?  Pre-run it and see how many >
 > might get executed? And how do you tell that the sequence ends up destroying
 > the file rather than creating a new one?

You count the number of destructive opens in the kernel and if it
exceeds a threshold (for example) you stop it and pop up a warning.

For example.

As I said this is the sort of thing which is suitable for an end-user
OS and no doubt annoying in a server OS.

 > 
 > OK. How about this one?
 > 
 > cat > ./wombat << EOF
 > ##!/bin/bash
 > encrypt < $1 > $1.new; mv $1.new $1
 > EOF
 > chmod +x ./wombat
 > for i in *; do ./wombat $i; done
 > 
 > Now convert that to C and  bury that whole thing inside a binary.  How does the
 > operating system detect that and throw a pop-up *before* that executes?
 > 
 > It's a lot harder problem than you think.  Hint:  Fred Cohen's PhD thesis
 > showed that detecting malware is isomorphic to the Turing Halting Problem.
 > 
 > 
 > x[DELETED ATTACHMENT <no suggested filename>, application/pgp-signature]

You don't seem to understand how OS's work which surprises me in your
case.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Follow-Ups:
- Please run windows update now
  - From: joquendo at e-fensive.net (J. Oquendo)

References:
- Please run windows update now
  - From: Nathan.Brookfield at simtronic.com.au (Nathan Brookfield)
- Please run windows update now
  - From: kmedcalf at dessus.com (Keith Medcalf)
- Please run windows update now
  - From: jbfixurpc at gmail.com (Joe)
- Please run windows update now
  - From: rsk at gsp.org (Rich Kulawiec)
- Please run windows update now
  - From: randy at psg.com (Randy Bush)
- Please run windows update now
  - From: rsk at gsp.org (Rich Kulawiec)
- Please run windows update now
  - From: randy at psg.com (Randy Bush)
- Please run windows update now
  - From: bzs at theworld.com (bzs at theworld.com)
- Please run windows update now
  - From: valdis.kletnieks at vt.edu (valdis.kletnieks at vt.edu)

Prev by Date: Please run windows update now
Next by Date: Please run windows update now
Previous by thread: Please run windows update now
Next by thread: Please run windows update now
Index(es):
- Date
- Thread