Re: Why does Windows allow Worms?

From: Alun Jones [MS MVP - Security] (alun_at_texis.invalid)
Date: 05/18/04 

Date: Tue, 18 May 2004 14:28:28 GMT

In article <Pine.BSI.4.58.0405091902220.25139@malasada.lava.net>, Joseph
Fenn <jfenn@lava.net> wrote:
>your logic is totally irrational. I too have been in and out of
>ml programming. Your equally amiss ref costing and upgradeing.

Try my logic. See if it works for you.

>Instead of annual upgrades of your windows stuff the slow hard way
>the only one who would suffer by haveing the OS in rom would be
>Mr Gates. But then he could charge just as much for the upgrade
>roms each year and probably make a bundle in the process. As to
>commercial useage I assume an office with 15 or 20 machines
>any tech they have in the company could replace prom chips in all
>20 of them in less than half an hour.

And for the enterprise with several thousand systems?

How frequently would these service packs come out? Monthly? Can you defend
anything that costs you that much maintenance time every month? Don't
forget that this process would require a complete shutdown every time you do
it. No 'hot-patching'.

Note also that a software patch can be sent from developer to user in a very
short time, and can, to a certain extent, be corrected if problems are
discovered mid-stream. Distributing millions of chips would be a
significant time delay in the patching process.

[Granted, it would make an uninstall, in the event of a failure, much
easier]

>The idea I am pushing
>is to help the Govt itself rid itself of the huge problem with
>virus attacks every couple of years. In fact if things were
>done in ROM, they could design future PC's with a little
>trap door on the back or side of the machine or tower where you
>just pop it open reach 2 fingers in and unlatch the old (last years)
>ROM chip and insert the new one in one minute or less.

So, you've fixed the OS (you think) - now, what about the applications that
are generally the target of these viruses? The only way you could reach the
sort of thing you're aiming it is to have every piece of executable code
locked down onto ROM. But then you wouldn't be able to write batch files,
or perl scrips, or anything like that, because those, too, are executable
code, right? They look, to the computer, like data files that cause
executable code to follow different paths - but you're not fooled by that,
are you? They're really code.

So you can't quite make the separation you're looking for. There will
always be some code that is in RAM, and must remain in RAM, and is therefore
vulnerable to viruses.

>The ones who would really suffer financially woult be all he
>Virus killer companies Nortins Thunderbyte, and the others.
>It would put them out of business actually.

If the anti-virus companies were serious about stopping viruses, then their
goal would be to put themselves out of business. Consider that for a
moment. The best way for an anti-virus company to stay in business is to
ensure that the threat - or the perception of a threat - is always with us.

Symantec owns and moderates the Bugtraq mailing list. The Bugtraq mailing
list has seen more and more "proofs of concept" that are nothing more than
thinly-disguised worm starter kits using the latest vulnerabilities.

Hmm...

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Relevant Pages