Get your free microsoft secuirty posters

From: Craig A. Finseth (news_at_finseth.com)
Date: 01/30/04


Date: 30 Jan 2004 15:15:37 GMT


>"Jim Watt" <jimwatt@aol.no_way> wrote in message
>news:7ick10t1i5397sq52m2g296ivakkd8c6nu@4ax.com...
        ...
>> The first mention I saw of a computer Virus was in 1987 in a journal
>> called 'Computers and Security' entitled 'Computer Viruses' by
>> Fred Cohen who starts off saying "This paper defines a major computer
>> security problem called a virus"
>>
>> It mentions the first virus being created in 1983 - so 30 years on
>> we are still stuck with the bloody things.
        ...

If you read the paper -- which is a landmark one in the computer
science field by the way and well worth reading -- you would know that
your last (quoted) sentence is meaningless.

The key point of the paper is that viruses can exist in any
(Turing-complete) computing system, no matter how it is implemented.
(I won't bother you with the proof: he does that in his paper.) He
goes on to prove that it is not possible to create a virus that cannot
be countered by some defense and _also_ that it is not possible to
create a defense that cannot be penetrated by some virus. In other
words, there is neither a "perfect attack" that will overcome any
defense nor a "perfect defense" that will counter any attack.

While we knew this through studying history (:-), it is still profound
to be able to prove this knowledge from first principles.

So, does this mean that we throw up our hands and give up?

Certainly not. There's a lot that we can do to prevent the spread of
viruses. The main defense is to not execute untrusted code.

The history of viruses is (not surprisingly) filled with cases where
computers executed such code.

Boot sector viruses were spread because someone thought it would be a
good idea to put the basic boot code on a floppy disk and to have the
computer read and execute the code without any checks. A perfect case
of not even bothering to put up a defense. They only really stopped
because people stopped passing disks around.

Email viruses were (and still are) spread because someone (guess who)
thought it would be a good idea to allow anyone in the world to put
any arbitrary executable code into an email message and have your mail
reader execute it. Another perfect case of not even bothering to put
up a defense, at least initially. (And, while there are now some
defenses, they are patchwork at best because systems have been built
that require this capability to operate.)

Web-page viruses were (and still are) spread because ...insert the
rest of the previous paragraph (:-)...

There are more cases that I won't bother to list.

None of these mechanisms were (or are) really required for most
things: if the designers had thought for about 5 minutes in the early
stages, they could have come up with equivalent mechanisms that did
not provide for carrying viruses. *sigh*

Craig