Slashdot Mirror
Hillis' virus solution: Limit OS Usage
robobabe writes "The NY Times today (free login) has a front page article on viruses. The article has a history of the origins of the terms in science fiction, and ends with an interview of Danny Hillis (Connection Machine founder). Hillis argues that the current vulnerability to attacks is due to running a single OS and that a solution is "no government agency should be allowed to run more than 34% of its personal computers on one proprietary operating system."
Well, there was bliss, but that was kind of cheap -- you still needed root permissions. It's doubtful that we'll see any unix virii capable of smashing the stack on their own, as long as code remains open enough that people can nitpick out the simple things (overflows, etc).
;)
Really, the problem with UNIX-style OSes are DOS (denial of service) attacks, which generally don't harm the box -- they just render it useless to the outside world. Which isn't to say this can't be done to any other OS, of course.
First, I think that the frequent problems with viruses are due to places that rely strongly on WinNT/9x, rather than Unixes. (I know there are Unix viruses, but if you are a script kiddie, who are you going to have more fun putting out of commission - a thousand or a billion users?) Worksites that, in general, are unix-run tend to be more secure to virus and other hacks than NT places, only because that unix admin are that much more diligent.
You wonder how people can run unauthorized code without having the source. Again, we're talking Windows-run shops, not unix. Additionally, when I buy Office or Quake from the vendor, I don't have the source, can I trust this code? There *is* a certain degree of trust that vendor-supplied software is virus-free, but....
About pgp-trusted mail: I'm only speaking when it comes to the attachments. Additionally, I'd expect, *especially* in the gov't, that the email is for work-purposes only (even though I know this is naive), and thus, I should only be trusting of attachments that come from my PGP-identified coworkers. The key thing is that unless you've stupidly enabled such an option, the end user *HAS* to initiate the program that launches the virus; just getting does nothing.
About the sysadmin: Yes, more than likely, a virus will go unnoticed until it's too late. However, with both Melissa and Zip.Explorer, *BOTH* were warned about on news.com, here, and other sites that specilize in such info. Yet, the *NEXT* day, the problems got worse. Understandable, there is some lag in the news, but this can be measured in hours with a diligent sysop. If this was truely the case, these problems would not have been as severe. If 100% realiablity and functionality of your systems are required, and your sysadmins are pushed to the bone above and beyond such that virus warnings cannot be monitored, then it would make sense to just hire another sysop for this security, and spend the extra $100k a year compared to the millions lost by the system failure.
About backups: Yes, the backup might be infected, but who doesn't, when restoring from a wipe or crash, doesn't rerun a virus scan on just recovered backup files ? (Again, a virus cannot launch itself by itself). Then, of course, backup again with the clean system.
However, I strongly stand by education at the key way to defeat these viruses. Neither Melissa or Zip.Explorer would have done as much harm if the users were smart enough not to initialize them.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
I can tell that this 34% is going to get a very
strong slam here today, so instead, let's actually
look at the *REAL* solutions:
- Teach users what email is (including basics of email, including POP, IMAP, MIME, and sendmail & friends at a very basic level so they known how their mail gets routed. Teach users that opening an attachment on an insecure OS is asking for trouble, and should never be done unless the source is absolutely trustworthy... which leads to...
- Using PGP/GPG or other secure identification methods to be able to trust the validity of the mail. Just because it's from a co-worker doesn't necessarily mean it's legit.
(These two stand out only because the latest big virii have been email ones, not that this is the only route)...
- Make sure all installations that require it have a quality and up-to-date virus program.
- Have the sysadmin be diligent about reading the various virii advisory lists and visiting the web sites of the makers of the virii programs on a daily basis. I've yet to see any major virii come out (at least in the states) and not have a virus eliminator or such within a 24hr day.
- Um, backup frequently and often. A virus may just eventually get through, but a virii can't do damage to tape backup, only possibly reside on there.
The situation with virii today is that we have a bunch of lusers running around thinking they know everything but end up in these situations, *and* because we have lazy sysops in many places. Fixing both these problems would cost *much* less than reequipping gov't offices with up to 66% in new computers, as opposed to just simple training and effective sysopping.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
If X percent of your users have a given system, than only X percent of your whole system can go down.
Now, this would necessitate the use of open standard or at least multiplatform systems (e.g. StarOffice or *god forbid* pure HTML for word processing).
I don't see too much difficulty sharing documents with that type of issue in place.
--
Ben Kosse
Remember Ed Curry!
"Homogenous" isn't a word in general usage; it's a biological term. The words people are probably thinking of are "homogenized" and "homogeneous".
:)
"Homogenized" means "blended into a uniform mixture". Milk that has been homogenized will not separate into milk and cream.
"Homogeneous" means "all of one kind".
"Heterogeneous" is the opposite of "homogeneous" and means "consisting of dissimilar or diverse ingredients or constituents".
Hence, for operating systems at a site to be homogenized would mean that regardless of their different origin, they were indistinguishably and inseparably mixed together. This might be accomplished by having a common user interface. A site with Windows and Linux systems, where both were running Netscape Navigator and StarOffice and the Linux systems were running fvwm95, might be the beginning of a homogenized site.
For operating systems to be homogeneous would mean for them to all be the same in origin and appearance. An all-Windows site is homogeneous.
And a heterogeneous site would be one which had diverse, clearly distinct, yet intermixed systems -- for instance, one where Linux, Windows, Unix, and MacOS systems all shared data over common protocols.
IMHO, a heterogeneous site is a much better approach than a homogenized or a homogeneous one.
Actually, I don't think it's scary. In fact, it may be the one good thing M$ has taight us.
Unix and its clones are very powerful, stable operating systems. This is a Good Thing. However, the stability itself tends to create a problem: the sysadmins get too cocky and never think about possible problems, simply because "they'll never happen; this is Unix."
Well, the thing is, they do happen. The law of averages (to say nothing of Murphy's Law) demands it; eventually something is going to happen. The fact that it happens with Windows and especially MacOS so often has led to one thing: they tend to recover from crashed in a relatively graceful manner; seldom in more than fifteen minutes for MacOS and a day or two for Windoze. No Unix-related problem I've ever seen has ever taken fewer than four days to fix, due to various combination of user-hostility on the OS's part, a lack of tools to help get the system back up (particularly in the Open-Source OS's but in all Unix-like systems to some degree), and other factors.
You can understand the reasoning behind this: if errors never happen, why plan for them? But the fact is, errors do happen. The worst-case scenario is that everything is always broken, and this scenario must be planned for, because at some future point it will pop up. It's like the proverb goes: "Hope for the best, prepare for the worst."
The security is better in unix, but its nowhere near insurmountable. Once a user is compromised, even through their own stupidity, its very possible to wreak havoc outside of the scope of that users account. Even disregarding the potential of denial of service attacks a bored script kiddie could implement a number of scripts from rootshell.org.
I'm not knocking Linux or other unix, I use them at home and work, but anybody who thinks migrating the world to a unix quality system would stop these attacks needs to think it through a bit more carefully.
It's easier to grab control of a Windows box because of its lack of security, but bored malcontents would quickly adapt. It's more attractive to attack these because there are a buttload of them out there, but as the status quo changes so will the targets. The recent increase of the MacOS is a case in point as was pointed out by somebody else. MacOS users used to brag about the lack of virii when in reality it was just a result of the lack of market share.
I'm not sure how Art Amolsh expects OS diversity would help things. Essentially right now the other OSes are somewhat safer from viral or worm attacks than other OSes. Not necessarily by design or the capabilities of the operating system, but by having a small market share. The wastes of flesh who code these things target Windows systems because they can then nail greater than 90% of the systems with knowledge of one code base. If other systems were more popular more virii and worms would appear for them as well.
In order to really use diversity to hamper the spread of worms and virii you'd have to go to much wider extremes anyway. Not only would you have to have different operating systems, but users would have to use a variety of different packages for storing information complete with different file formats. Of course that would diminish the benefits of having a shared network: interchange of information would now be much more difficult.
In reality until software is developed which can detect and respond to software threats autonomously people will always be susceptible to the whims of worm and virii coders. You can minimize the risk somewhat by using a robust OS or a non-mainstream OS. Once that OS becomes mainstream you've lost the 'protection'.
"Here's a better rule - simply strip binary attachments from email automatically on the mail server"
Communication systems exist so that people ("users", or in other words the people who pay the bills) can communicate. Solutions which destroy the capability of the system to communicate, for the convenience of the system administrator, will be rejected by the user (that is, customer) base.
Yes, I know the pain-in-the-ass consequences of the above statement: I have been doing this kind of work for 12 years. But (IMHO) that's reality and we have to deal with it.
sPh
The problem is *not* that they use a single OS, but that they use a *single-user* OS. Ever since I started using Linux, the concept of single-user OS seems totaly stupid to me, esp. in a company or government agency. It's kinda like running every single application as root.
The key to defeating viruses is not in limiting the percentage of machines running a particular OS, but in limiting user's permissions. Not only is it an excelent way to get rid of any virus problem, but also a great way to prevent stupid users from doing stupid thing, subsequently cutting on support costs.
This is guaranteed to solve 90% of the problems, and frequent backup will solve the remaining 10%.
I haven't heard of any Linux viruses, btw... I know there are troyans, but they are harmless unless ran by root.
___
If you think big enough, you'll never have to do it.
If 34% of my computers that I manage went down due to a virus I'm reletively sure I would still have a major problem, and I'm no government agency by far. As I now think about it what would we have to do to justify different os's, do different distributions of Linux count?
matguy
Net. Admin.
matguy(.com)
Consider a live, naturally-evolved plant. It can't be too picky about the kind of soil it's planted in, the temperature of its surroundings, the amount of sunlight it gets each day, the amount of rain that falls on it, the chemical content of the rain, etc. It has to convert whatever resources it has available into forms of matter and energy that it can use for growth, reproduction, and defense against predators.
Since it's competing with other plants for survival, it has to make engineering trade-offs. For example, a plant may secrete a bad-tasting chemical, protecting it from predators -- but the raw materials for that chemical may restrict the plant to certain soil chemistries, or the extra energy necessary to produce it may restrict it to environments with a certain minimal level of sunlight.
By contrast, our computers are designed to "live" in a tightly controlled environment. If a CPU is running a binary program, and comes across an instruction that makes no sense, it doesn't have to try "digesting" the program into a more sensible form. If a network router gets a packet with a syntactically incorrect header, it doesn't have to send the packet any farther.
Security-related protocols add to the level of control; they are filters between sensitive and untrusted parts of a computer system. Since our computers "live" off of electricity, not programs, they can be as picky as we want them to be about what programs they execute and what permissions they execute under. Since our operating systems are designed by (occasionally) intelligent humans, not evolved by natural selection, humans can design better operating systems, in which security against untrusted code is a fundamental part of the architecture.
send all spam to theotherwhitemeat@ropine.com
"Some computer scientists believe that in the rise of the Internet and the World Wide Web, society has struck a Faustian bargain...."
:)
Yeah, and I'm sure some computer scientists believe that JFK was a space alien.
Here's a handy rule:
#ifdef REPORTER_SPEAK
#define SOME_PEOPLE ALMOST_NO_ONE_CREDIBLE
#endif
Remember the handy guide to thesis paper jargon? ("It is generally acknowledged that...." means "I think that....")
The comparisons between a real-life virus and a malicious computer program are quaint and romantic. It's just too bad they're not real accurate.
/* Sorry I'm so grumpy. I forgot BOTH my St. John's Wort AND my coffee this morning. */
Save the whales. Feed the hungry. Free the mallocs.
Arrrrrgh! Four semesters of Latin and you're giving me flashbacks!
sharpei diem -- seize the wrinkled dog
sharpie diem -- seize the felt-tip marker
Save the whales. Feed the hungry. Free the mallocs.
While I am extremely supportive of any corporation that decides to limit its Microsoft usage for "anything else" (tm), doing it for the sole purpose of escaping viruses is both silly and doesn't solve the real problem. The acronym PEBKAC applies here (Problem exists between keboard and chair).
.exe files to other users, viruses don't spread.
I see 3 reasonable solutions to this issue:
1 - Don't use any combination of programs that can facilitate the uncontrolled spread of any program, worm, virus, word macro virus, trojan, etc without direct authorization by the user. In this case, don't use Word and outlook express together if the two can be used together for the uncontrolled replication of viruses and other nasties.
2 - Limit the damage a single user can do. If a user receives a virus, fine. That's done. However, if that user doesn't share write permission on executable directories, then the virus won't be able to spread over a network without copying files. If the user is not able to forward
And 3, the most effective, yet most difficult:
EDUCATE THE USERS! Users have no business whatsoever sending executables to others which is traditionally how viruses spread. Teach them how to turn off those options which facilitate this madness. If you're going to stick an idiot in front of a computer, you had better damned well make sure that computer is idiot proof, or these problems will continue to happen.
Will switching a corporation over to all linux prevent this problem? Sure, or it will at least slow it down. But even on *nix boxes there have been worms in the past. Script kiddies enjoy easy access to well written exploit code, and while it is simple to patch this code up, most corporations are probably so mired down in procedure that these patches would take a great deal of time to get implemented, and any user that can gain root access, or any virus/worm for that matter, can do just as much damage regardless. And there will always be the users that only use the root account on their private systems, and one day will download a malicious program and wipe out their system. It happens, and it will continue to do so. Until computer users take proper care of their systems, viruses will continue to spread. Use a bit of intelligence, or in appropriate situations a raincoat, and viruses will become far less prevalant.
-Restil
Play with my webcams and lights here
Biologically, a virus is a microscopic organism that reproduces (in layman's terms, I'm not a bio person :) ) by invading host cells an restructuring the cell's DNA to essentially "make" it a virus. These converted virii then go and find other non-infected cells to invade.
Biologically, a worm is a macroscopic organism that crawls slowly along the ground, eating any food it happens to smell nearby--at a much slower rate.
In the computer world, a worm, as the author correctly surmises, is self-propelling, that is, a program sent within the attachment can then send itself along without any action by the person who receives it.
In the computer world, virii have been (as the author again correctly surmises), software codes that infect computers by attaching themselves to documents or programs that are passed along.
It seems to me we have our definitions reversed. A computer worm is much closer to a "self-propelling" object than a computer virus, and a computer virus is much slower (with a geometric, not exponential expansion rate) than it's worm counterpart.
-