Hillis' virus solution: Limit OS Usage

robobabe writes "The NY Times today (free login) has a front page article on viruses. The article has a history of the origins of the terms in science fiction, and ends with an interview of Danny Hillis (Connection Machine founder). Hillis argues that the current vulnerability to attacks is due to running a single OS and that a solution is "no government agency should be allowed to run more than 34% of its personal computers on one proprietary operating system."

Yes, what an intelligent solution (NOT)

[Masem]

I can tell that this 34% is going to get a very
strong slam here today, so instead, let's actually
look at the *REAL* solutions:
- Teach users what email is (including basics of email, including POP, IMAP, MIME, and sendmail & friends at a very basic level so they known how their mail gets routed. Teach users that opening an attachment on an insecure OS is asking for trouble, and should never be done unless the source is absolutely trustworthy... which leads to...
- Using PGP/GPG or other secure identification methods to be able to trust the validity of the mail. Just because it's from a co-worker doesn't necessarily mean it's legit.
(These two stand out only because the latest big virii have been email ones, not that this is the only route)...
- Make sure all installations that require it have a quality and up-to-date virus program.
- Have the sysadmin be diligent about reading the various virii advisory lists and visiting the web sites of the makers of the virii programs on a daily basis. I've yet to see any major virii come out (at least in the states) and not have a virus eliminator or such within a 24hr day.
- Um, backup frequently and often. A virus may just eventually get through, but a virii can't do damage to tape backup, only possibly reside on there.
The situation with virii today is that we have a bunch of lusers running around thinking they know everything but end up in these situations, *and* because we have lazy sysops in many places. Fixing both these problems would cost *much* less than reequipping gov't offices with up to 66% in new computers, as opposed to just simple training and effective sysopping.

Re:Yes, what an intelligent solution (NOT)

[Raindog]

I agree, but there are some problems with this that need to be addressed.

1. I've done tech support, I have no faith in the idea of eductation of users. It would be nice, but I'm not holding my breath.

2. Some viruses are spreading fast than the AV vendors and sysadmins can catch up. This worm had hit millions of computers before the AV software had a fix. The same applies for sysadmins, and most are overloaded as is.

3. PGP and backups, definetly, now, no excuses.

I dont think that anyone is recomending the 34% thing seriously (I could be wrong), but it is a good point. Greater OS diversity would slow these puppies down, but I dont think windows users should go throw out their OS for viral reasons....after all there are enough other reasons.

It's a flawed argument

[substrate]

I'm not sure how Art Amolsh expects OS diversity would help things. Essentially right now the other OSes are somewhat safer from viral or worm attacks than other OSes. Not necessarily by design or the capabilities of the operating system, but by having a small market share. The wastes of flesh who code these things target Windows systems because they can then nail greater than 90% of the systems with knowledge of one code base. If other systems were more popular more virii and worms would appear for them as well.

In order to really use diversity to hamper the spread of worms and virii you'd have to go to much wider extremes anyway. Not only would you have to have different operating systems, but users would have to use a variety of different packages for storing information complete with different file formats. Of course that would diminish the benefits of having a shared network: interchange of information would now be much more difficult.

In reality until software is developed which can detect and respond to software threats autonomously people will always be susceptible to the whims of worm and virii coders. You can minimize the risk somewhat by using a robust OS or a non-mainstream OS. Once that OS becomes mainstream you've lost the 'protection'.

Re:It's a flawed argument

[hawkfish]

In the last six months there has been a noticable increase in MacOS viri. Same old lame deployment schemes (MBDF in a Sherlock plugin was the last one I saw) but I took it as a good sign - the Mac has to be back if teenage wankers who can't find porn on the net start writing viri for MacOS.

Communication systems exist to communicate

[sphealey]

"Here's a better rule - simply strip binary attachments from email automatically on the mail server"
Communication systems exist so that people ("users", or in other words the people who pay the bills) can communicate. Solutions which destroy the capability of the system to communicate, for the convenience of the system administrator, will be rejected by the user (that is, customer) base.
Yes, I know the pain-in-the-ass consequences of the above statement: I have been doing this kind of work for 12 years. But (IMHO) that's reality and we have to deal with it.

sPh

*multi-user* is the right solution

[RelliK]

The problem is *not* that they use a single OS, but that they use a *single-user* OS. Ever since I started using Linux, the concept of single-user OS seems totaly stupid to me, esp. in a company or government agency. It's kinda like running every single application as root.
The key to defeating viruses is not in limiting the percentage of machines running a particular OS, but in limiting user's permissions. Not only is it an excelent way to get rid of any virus problem, but also a great way to prevent stupid users from doing stupid thing, subsequently cutting on support costs.
This is guaranteed to solve 90% of the problems, and frequent backup will solve the remaining 10%.

I haven't heard of any Linux viruses, btw... I know there are troyans, but they are harmless unless ran by root.

Limits aren't the solution

[Restil]

While I am extremely supportive of any corporation that decides to limit its Microsoft usage for "anything else" (tm), doing it for the sole purpose of escaping viruses is both silly and doesn't solve the real problem. The acronym PEBKAC applies here (Problem exists between keboard and chair).

I see 3 reasonable solutions to this issue:

1 - Don't use any combination of programs that can facilitate the uncontrolled spread of any program, worm, virus, word macro virus, trojan, etc without direct authorization by the user. In this case, don't use Word and outlook express together if the two can be used together for the uncontrolled replication of viruses and other nasties.

2 - Limit the damage a single user can do. If a user receives a virus, fine. That's done. However, if that user doesn't share write permission on executable directories, then the virus won't be able to spread over a network without copying files. If the user is not able to forward .exe files to other users, viruses don't spread.

And 3, the most effective, yet most difficult:
EDUCATE THE USERS! Users have no business whatsoever sending executables to others which is traditionally how viruses spread. Teach them how to turn off those options which facilitate this madness. If you're going to stick an idiot in front of a computer, you had better damned well make sure that computer is idiot proof, or these problems will continue to happen.

Will switching a corporation over to all linux prevent this problem? Sure, or it will at least slow it down. But even on *nix boxes there have been worms in the past. Script kiddies enjoy easy access to well written exploit code, and while it is simple to patch this code up, most corporations are probably so mired down in procedure that these patches would take a great deal of time to get implemented, and any user that can gain root access, or any virus/worm for that matter, can do just as much damage regardless. And there will always be the users that only use the root account on their private systems, and one day will download a malicious program and wipe out their system. It happens, and it will continue to do so. Until computer users take proper care of their systems, viruses will continue to spread. Use a bit of intelligence, or in appropriate situations a raincoat, and viruses will become far less prevalant.

-Restil

Definitions reversed?

[RimRod]

Biologically, a virus is a microscopic organism that reproduces (in layman's terms, I'm not a bio person :) ) by invading host cells an restructuring the cell's DNA to essentially "make" it a virus. These converted virii then go and find other non-infected cells to invade.

Biologically, a worm is a macroscopic organism that crawls slowly along the ground, eating any food it happens to smell nearby--at a much slower rate.

In the computer world, a worm, as the author correctly surmises, is self-propelling, that is, a program sent within the attachment can then send itself along without any action by the person who receives it.

In the computer world, virii have been (as the author again correctly surmises), software codes that infect computers by attaching themselves to documents or programs that are passed along.

It seems to me we have our definitions reversed. A computer worm is much closer to a "self-propelling" object than a computer virus, and a computer virus is much slower (with a geometric, not exponential expansion rate) than it's worm counterpart.