Re: Get your free microsoft secuirty posters

From: Jim Watt (jimwatt_at_aol.no_way)
Date: 01/30/04

Next message: Alice: "Advice On IP Blocking Service"
Previous message: donutbandit: "Re: The Best Personal Firewalls - Which Ones?"
In reply to: Craig A. Finseth: "Get your free microsoft secuirty posters"
Next in thread: Ben Measures: "Re: Get your free microsoft secuirty posters"
Reply:(deleted message) Ben Measures: "Re: Get your free microsoft secuirty posters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Jan 2004 19:09:09 +0100

On 30 Jan 2004 15:15:37 GMT, Craig A. Finseth <news@finseth.com>
wrote:

>>"Jim Watt" <jimwatt@aol.no_way> wrote in message
>>news:7ick10t1i5397sq52m2g296ivakkd8c6nu@4ax.com...
> ...
>>> The first mention I saw of a computer Virus was in 1987 in a journal
>>> called 'Computers and Security' entitled 'Computer Viruses' by
>>> Fred Cohen who starts off saying "This paper defines a major computer
>>> security problem called a virus"
>>>
>>> It mentions the first virus being created in 1983 - so 30 years on
>>> we are still stuck with the bloody things.
> ...
>
>If you read the paper -- which is a landmark one in the computer
>science field by the way and well worth reading -- you would know that
>your last (quoted) sentence is meaningless.
>
>The key point of the paper is that viruses can exist in any
>(Turing-complete) computing system, no matter how it is implemented.
>(I won't bother you with the proof: he does that in his paper.) He
>goes on to prove that it is not possible to create a virus that cannot
>be countered by some defense and _also_ that it is not possible to
>create a defense that cannot be penetrated by some virus. In other
>words, there is neither a "perfect attack" that will overcome any
>defense nor a "perfect defense" that will counter any attack.
>
>While we knew this through studying history (:-), it is still profound
>to be able to prove this knowledge from first principles.
>
>So, does this mean that we throw up our hands and give up?
>
>Certainly not. There's a lot that we can do to prevent the spread of
>viruses. The main defense is to not execute untrusted code.
>
>The history of viruses is (not surprisingly) filled with cases where
>computers executed such code.
>
>Boot sector viruses were spread because someone thought it would be a
>good idea to put the basic boot code on a floppy disk and to have the
>computer read and execute the code without any checks. A perfect case
>of not even bothering to put up a defense. They only really stopped
>because people stopped passing disks around.
>
>Email viruses were (and still are) spread because someone (guess who)
>thought it would be a good idea to allow anyone in the world to put
>any arbitrary executable code into an email message and have your mail
>reader execute it. Another perfect case of not even bothering to put
>up a defense, at least initially. (And, while there are now some
>defenses, they are patchwork at best because systems have been built
>that require this capability to operate.)
>
>Web-page viruses were (and still are) spread because ...insert the
>rest of the previous paragraph (:-)...
>
>There are more cases that I won't bother to list.
>
>None of these mechanisms were (or are) really required for most
>things: if the designers had thought for about 5 minutes in the early
>stages, they could have come up with equivalent mechanisms that did
>not provide for carrying viruses. *sigh*
>
>Craig

I did read the paper in 1987 and quickly pulled it off the shelf
to quote some parts today.

There certainly are things that could and should have been done
to make the life of malevolent software harder and mine easier -
although I do get paid for sorting out messes, its not fun.

Otherwise, yes and its very nice to see some sensible debate
on the subject.

--
Jim Watt          http://www.gibnet.com

Next message: Alice: "Advice On IP Blocking Service"
Previous message: donutbandit: "Re: The Best Personal Firewalls - Which Ones?"
In reply to: Craig A. Finseth: "Get your free microsoft secuirty posters"
Next in thread: Ben Measures: "Re: Get your free microsoft secuirty posters"
Reply:(deleted message) Ben Measures: "Re: Get your free microsoft secuirty posters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Get your free microsoft secuirty posters
... >> The first mention I saw of a computer Virus was in 1987 in a journal ... The key point of the paper is that viruses can exist in any ... create a defense that cannot be penetrated by some virus. ... The main defense is to not execute untrusted code. ...
(alt.computer.security)
Re: Get your free microsoft secuirty posters
... >>The key point of the paper is that viruses can exist in any ... The main defense is to not execute untrusted code. ... What are Software Patents for? ...
(alt.computer.security)
Re: [opensuse] Who said Linux doesnot get Virus infections
... you can execute a screen saver if you test it. ... They're under the general "viruses" tag. ... files/systems to infect. ... The classical viruses come in two groups boot sector and binary file ...
(SuSE)
Re: Novarg
... > The best defense to viruses like this is user education. ... No, the _best_ defense against viruses and worms, especially the e-mail ... have done in designing and implementing their software systems. ...
(Incidents)
Re: [Full-Disclosure] Viral infection via Serial Cable
... Current viruses do not even need user ... some expect to contact a stupid user who's using some ... The worms are using servers and their vulnerabilities (and the admin ... There were no known way for automatically execute the ...
(Full-Disclosure)