[LUAU] Intel Doubles Down on Linux

Tim Newsham newsham at lava.net
Thu Jul 21 10:58:35 PDT 2005 

>>> Any computer architecture that needs "anti-virus" software has failed.
>>> 
>> 
>> I'm sorry.  I have to take issue with this.  The need for anti-virus 
>> software doesnt prove anything other than popularity.  There is no existing 
>> security technology that can prevent virii.  Abstinance is the only 
>> solution.

[... stuff about rainbow books ...]

> users.  Many existing systems (e.g., PCs running DOS) lack even these basic 
> protections required at C1, thus allowing a virus executed by any user to 
> infect any part of the system,

Yes, and this makes writing and propogating a virus a lot easier.
However, we've not had these systems in wide deployment for the last
5 years.  Mac OS X, any windows on NT and everything running a unix
kernel has basic C1-level security.  The NT system even passed
a C2 cert (at least in a very limited configuration.  The goal was
to get the checkbox checked, not to provide a real C2 system).

> integrity.  WinXP goes further, and by default, logs itself in as something a 
> lot like 'root' on a *nix box, putting the entire system at risk.

WinXP need not auto-login as any user.  On my systems it comes up to
a login screen and lets you choose which user to log in as.  Not
that this has any bearing on virus propagation.

> Commencing with the B2 level of trust, I expect that there will be no 
> fundamental design flaws that allow the security mechanisms in the TCB to be 
> circumvented.

You do not have to have any design flaws to allow a virus to
propagate.  But perhaps I should remind you that the A1 security
level is the ONLY level that provides any real assurances of
security.  And even then, its still software.  Any unforseen
software defect (ie. coding bug, but not necessarily architectural
flaw in the trusted base) will allow some level of compromise.

The fundamental problem in computer security is that software can
not be automatically verified.  Software is way too complicated for
us mere mortals to get right, and thanks to Church and Turing and
other people who are smarter than people should be, we know that
most of the analysis problems involving computer programs are unsolvable.
As a result of this, the best design practices are focussed around
mitigating the risk of software flaws.  At increasing orange-book
levels, you get better partitioning between the system components,
but the fundamental issue of software vulnerability can never
be entirely removed.

At any rate, most of this is moot when discussing virii.  Virii
can use vulnerable software to propagate, but the needn't.
They can do plenty of damage without violating privilege.
I run a program or open a document with a program, the virus
attaches itself to some other files that I have access to, and
at some point those files get shared with other people.

In fact, this is how most virii work.  Worms are more active
and often use vulnerabilities to propagate, but virii primarily
just use the current user's privilege.  It helps that a lot
of users are running with full system privilege (root, administrator,
whatever), but it would still work if most people did not.

> You could argue that a virus capable of infecting each and every user in the 
> system (one that was present in the text editor, for instance) would be 
> reasonably effective at accomplishing some missions (e.g., denial of 
> service).  Thus, the value of an intact TCB in the face of an otherwise 
> completely infected user population is moot.

Yes :)  I would argue just that :)

> it is here, if anywhere that we may find some solace in operating systems 
> such as OSX, Linux and BSD.  Not because of their (lack of) mainstream 
> popularity,  but more because they are not chock-full of a large number of 
> legacy security issues, all of which not only leave the barn door open to 
> potential infection, but also remain unfixed, because fixing them would wreck 
> havoc in the installed base.

OSX and Linux arent chock full of legacy security issues, they're
chock full of brand new ones :)

BSD on the other hand has the legacy kind :)

Seriously, they all have bugs, some in varying quantities.  However, of 
all the vendors around these days I would have to say that Microsoft is 
putting a lot more money and focus on computer security.  This wasn't the 
case as recently as four years ago, but they've put some serious resources 
into it.

> jim

Tim Newsham
http://www.lava.net/~newsham/

[ps: we didnt even discuss the usability of MAC-based systems.]

More information about the LUAU mailing list