Re: Why does Windows allow Worms?

From: Alun Jones [MS MVP - Security] (alun_at_texis.invalid)
Date: 05/18/04 

Date: Tue, 18 May 2004 14:28:32 GMT

In article <c7eoi9$9ld$0@208.20.133.66>, Bruce Barnett
<spamhater95+U040506204844@grymoire.com> wrote:
>A good system understands the difference between code and data,
>expecially if data comes from an outside source.

There is no such difference. Data is nothing more than instructions to code
on how to execute, what branches to follow, what functions to call. In the
simplest of cases (say, a text editor), there are only a few branches that
data can affect. In the most complex of cases (say, a Perl script, or a
VBScript) there are multiple branches, and the line between data and code,
if there ever was one, has obviously been crossed.

But no, you can't make a difference between code and data. As soon as you
operate on the data anything more sophisticated than "data comes in, data
goes out"', as soon as you _process_ that data, you are allowing the data to
control your code. There are no well-defined edges between code and data.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Relevant Pages

  • Re: ssl negotiation failed with Microsoft IIS
    ... They can fail when you write first ssl packet header, ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.platformsdk.security)
  • Re: Security Bug in IE
    ... >people print out the contents of FTP sites, ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.security)
  • Re: LogonUser, but no password?
    ... across a network, for instance a client certificate, or a password, but even ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.platformsdk.security)
  • Re: Security??
    ... It was silly of Jason to claim that he was invulnerable. ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.security)
  • Re: what gives?? Hey Microsoft, HEL-LO....
    ... It's a virus, and as more people click on the attachment ... Take a programming course, and learn more about your system - eventually ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.windowsxp.security_admin)
Quantcast