All those utilities people pay so much for are worthless! They only detect the known malware, but nobody knows about the undetected hacks.
One area of active reasearch in intrusion detection looks at detecting malware by examining the behavior of applications. The behavior patterns (network connections, system calls, file accesses, etc.) of a program can be compared against a list of known-bad actions. If a program acts like malware, it's malware, regardless of how what vulnerability (known or unknown) compromised it.
Also, it is possible for some programs to detect when a specific vulnerability is triggered and take preventative action. This will stop previously-unseen exploits from using an established vulnerability to compromise a system. Still, the vulnerability must be discovered first for this to work.
An technique called anomaly detection seeks to get around this limitation by building a profile of "normal" behavior for a program and flagging any deviant behavior. This still can't catch all malware, since the malware could have the infected application act within its normal boundaries, but it does severely limit what malware can do with a hijacked process. Hopefully, the malware is limited enough that it can't really harm the system.
There are two different ideas here. One concerns how the rootkit hides itself in a system, and the other concerns how the rootkit stays infected on a machine across reboots. The rootkit would only modify the boot sector if it wanted to reload itself on a reboot. From the article, this appears to be unnecessary to compromise a system. It's plausable that a rootkit could be resident only in memory, perhaps because it wants to avoid detection (by examining the disk from another computer) or because it can't (local media is read-only, maybe a CD boot). When the computer did reboot, it could just be infected again.
I was thrilled when I saw FFX use voice acting. It meant when I got to a cutscene, I could drop the controller and go do something else while the scene played out, instead of hanging around hitting X every now and then.
For a while now, I've been connected to the internet through a DSL connection. My computer has been running ddclient, a daemon that scans my DSL router every 2 hours to get my external IP address. When it finds a different public IP address, it adjusts my DynDNS link. Importantly (for us), it also notes each change in a log file.
I can say with confidence that over a 9 month period, my computer has been assigned 49 different IP addresses. Average: 5.4 IPs / month.
This is a low estimate, since my computer could have missed some changes. It doesn't run continuously, and it updates only every 2 hours. Still, this figure shouldn't be too far off.
This seems to be a good overview of clockless chips. I can't vouch for its accuracy (not my area), but the source - IEEE Computer Magazine - should be good. The article was published March 2005.
It is fact that Pen and Paper RPGs form a large, important industry. Friend Computer cares for this industry. Loyal citizens always enjoy playing RPGs and buying more D&D books. It is treasonous to spread rumors that this industry is suffering in any way.
By boosting the sector size up to 4KB, the OS is forced to access the disk in increments of 4KB instead of 512 bytes. Yes, if you only need 512 bytes, you're now transferring 8x the data you used to. But most modern filesystems use a block size (determined by the file system) of at least 4KB, and the entire block would be read into memory on a read operation. It won't matter if this happens lines up with the sector size (determined by the disk). The common-case access will stay the same.
This is just an interface change. It does not mean that disks suddenly grew 8x in capacity overnight. Then again, there has to be some change to prompt this...
The big difference is that when you set up a chroot jail, you can fool a user-level process by changing its VFS namespace. File access went through the VFS anyway, so there is no big difference in the sysytem view presented to a non-privileged user-level application. With kernel access, it would be trivial to erase the chroot.
With virtualization, the kernel is fooled into thinking it's running in a privileged access mode and talking straight to hardware when it isn't really. No instructions can be run to reveal the VM layer, but you could still expose it through timing analysis.
To be fair, "Rendezvous Browser" doesn't come with OS X. Presumably, one gets this application only by looking for a Bonjour née Rendezvous Browser. Users won't just stumble across this app. Another question might be: why would someone download Rendezvous Browser when they don't know what Rendezvous is? Plus, I think Apple has made some attempt at making "Rendezvous"/"Bonjour" a well-known Apple technology. It's referred to by name in at least Safari and iChat, though you do have to dig a little to find it on Apple's web site.
Don't forget, Apple too has exciting names such as "Mail" and "Address Book."
The purpose of an ISOS is not to go back to mainframes. Mainframes are central locations to house data and run applications that are used by dumb clients that don't run anything for themselves. An ISOS would be practically the opposite. Rather than having all programs running on a central server, each program could conceivably run off of several different computers. One computer would still control the data that is on a "terminal", except in the ISOS view, that computer is the terminal itself.
In this system, each computer is effectively renting out space on other people's computers. When you need extra CPU cycles for a massive Bryce rendering you just created, the work can be distributed among multiple computers which have allowed your computer to rent out their cpu cycles in exchange for the future possibility of using your cycles when you're not. Believe it or not, your processor isn't at 100% utilization as you type messages to Slashdot.
We want a very clear sense of "This is my computer" and "This is my data". I can do what I like with it.
An ISOS wouldn't affect this any. The idea behind the ISOS is to pool the unallocated resources of the collective computers on a network. If the local machine needs a resource (long-term storage, memory, cycles) it can use its own resources without question. In the ISOS model, it can even get resources in excess of what it is capable of. Who wouldn't like to have 120 GB of storage when one only posesses a 60 GB hard drive? On the other end, suppose your drive is full of other people's data. If you need more space, just delete the other people's data. It won't affect them (thanks to the miracles of redundant disribution).
As far as data goes, nothing should change either. A particular user will be the only one who has the ability to access a specific piece of information. It's not like a use will be able to just browse other people's files that are stored on your computer. Before you cry out "I can't even look at the files on my computer!", stay the thought. Technically, you can look at the files, but since they're encrypted, you won't see much. And if this annoys you, you can just delete them.
What I've said earlier isn't exactly true. I said that you could delete other user's file backup fragments, or that you could request CPU time, etc., implying that the user can do this. These are operations that should be handles by the ISOS. Suppose your hard drive is fully utilized, between local applications and other people's files. If you really need to store something locally, the shared space will automatically be shrunk, the excess returning to the local system.
I don't want my work computer to be my home computer. My employer and I definitely want a strong sense of separation on that front thank you.
Why is this separation necessary? Obviously, the hardware will exist in two separate areas. But other than that, how is it detrimental that the desktop "at work" be disconnected from the desktop "at home"? In the network created from ISOS, this idea of separation by use is irrelevant. Each computer is simply a resource user and supplier. Some computers might be specialized at doing one type of computation better than others, so it will get appropriate work.
In another scenario, the ISOS Resource Pool at your job could be completely separate from a global Resource Pool (internet). So each computer at work would share resources only with other computers at work.
I liken the ISOS to the idea of any public resource, like roads or parks, monuments, etc. The world would be much less friendly were you required to personally own everything you used.
An ISOS isn't about control of a single computer, it's about effective use of the aggregate resources that computers in general can provide. It's all about the resources. Your computer is simply a resource that can be used to accomplish something.
I personally challenge the view that one can "own" the resources of the computer. Most certainly I own my hardware, but can anyone own the ability to compute that is inherent in everything? But this straying off topic. Perhaps in another discussion group...
Slashdot Mirror
All those utilities people pay so much for are worthless! They only detect the known malware, but nobody knows about the undetected hacks.
One area of active reasearch in intrusion detection looks at detecting malware by examining the behavior of applications. The behavior patterns (network connections, system calls, file accesses, etc.) of a program can be compared against a list of known-bad actions. If a program acts like malware, it's malware, regardless of how what vulnerability (known or unknown) compromised it.
Also, it is possible for some programs to detect when a specific vulnerability is triggered and take preventative action. This will stop previously-unseen exploits from using an established vulnerability to compromise a system. Still, the vulnerability must be discovered first for this to work.
An technique called anomaly detection seeks to get around this limitation by building a profile of "normal" behavior for a program and flagging any deviant behavior. This still can't catch all malware, since the malware could have the infected application act within its normal boundaries, but it does severely limit what malware can do with a hijacked process. Hopefully, the malware is limited enough that it can't really harm the system.
There are two different ideas here. One concerns how the rootkit hides itself in a system, and the other concerns how the rootkit stays infected on a machine across reboots. The rootkit would only modify the boot sector if it wanted to reload itself on a reboot. From the article, this appears to be unnecessary to compromise a system. It's plausable that a rootkit could be resident only in memory, perhaps because it wants to avoid detection (by examining the disk from another computer) or because it can't (local media is read-only, maybe a CD boot). When the computer did reboot, it could just be infected again.
I was thrilled when I saw FFX use voice acting. It meant when I got to a cutscene, I could drop the controller and go do something else while the scene played out, instead of hanging around hitting X every now and then.
Note to self: exception + exemption = exeption
Correct me if I'm wrong, but doesn't the Library of Congress have an exeption from the DMCA?
For a while now, I've been connected to the internet through a DSL connection. My computer has been running ddclient, a daemon that scans my DSL router every 2 hours to get my external IP address. When it finds a different public IP address, it adjusts my DynDNS link. Importantly (for us), it also notes each change in a log file.
I can say with confidence that over a 9 month period, my computer has been assigned 49 different IP addresses. Average: 5.4 IPs / month.
This is a low estimate, since my computer could have missed some changes. It doesn't run continuously, and it updates only every 2 hours. Still, this figure shouldn't be too far off.
This seems to be a good overview of clockless chips. I can't vouch for its accuracy (not my area), but the source - IEEE Computer Magazine - should be good. The article was published March 2005.
(warning: PDF)0 18.pdf
http://csdl2.computer.org/comp/mags/co/2005/03/r3
It is fact that Pen and Paper RPGs form a large, important industry. Friend Computer cares for this industry. Loyal citizens always enjoy playing RPGs and buying more D&D books. It is treasonous to spread rumors that this industry is suffering in any way.
By boosting the sector size up to 4KB, the OS is forced to access the disk in increments of 4KB instead of 512 bytes. Yes, if you only need 512 bytes, you're now transferring 8x the data you used to. But most modern filesystems use a block size (determined by the file system) of at least 4KB, and the entire block would be read into memory on a read operation. It won't matter if this happens lines up with the sector size (determined by the disk). The common-case access will stay the same.
This is just an interface change. It does not mean that disks suddenly grew 8x in capacity overnight. Then again, there has to be some change to prompt this...
With virtualization, the kernel is fooled into thinking it's running in a privileged access mode and talking straight to hardware when it isn't really. No instructions can be run to reveal the VM layer, but you could still expose it through timing analysis.
To be fair, "Rendezvous Browser" doesn't come with OS X. Presumably, one gets this application only by looking for a Bonjour née Rendezvous Browser. Users won't just stumble across this app. Another question might be: why would someone download Rendezvous Browser when they don't know what Rendezvous is? Plus, I think Apple has made some attempt at making "Rendezvous"/"Bonjour" a well-known Apple technology. It's referred to by name in at least Safari and iChat, though you do have to dig a little to find it on Apple's web site.
Don't forget, Apple too has exciting names such as "Mail" and "Address Book."
In this system, each computer is effectively renting out space on other people's computers. When you need extra CPU cycles for a massive Bryce rendering you just created, the work can be distributed among multiple computers which have allowed your computer to rent out their cpu cycles in exchange for the future possibility of using your cycles when you're not. Believe it or not, your processor isn't at 100% utilization as you type messages to Slashdot.
We want a very clear sense of "This is my computer" and "This is my data". I can do what I like with it.
An ISOS wouldn't affect this any. The idea behind the ISOS is to pool the unallocated resources of the collective computers on a network. If the local machine needs a resource (long-term storage, memory, cycles) it can use its own resources without question. In the ISOS model, it can even get resources in excess of what it is capable of. Who wouldn't like to have 120 GB of storage when one only posesses a 60 GB hard drive? On the other end, suppose your drive is full of other people's data. If you need more space, just delete the other people's data. It won't affect them (thanks to the miracles of redundant disribution).
As far as data goes, nothing should change either. A particular user will be the only one who has the ability to access a specific piece of information. It's not like a use will be able to just browse other people's files that are stored on your computer. Before you cry out "I can't even look at the files on my computer!", stay the thought. Technically, you can look at the files, but since they're encrypted, you won't see much. And if this annoys you, you can just delete them.
What I've said earlier isn't exactly true. I said that you could delete other user's file backup fragments, or that you could request CPU time, etc., implying that the user can do this. These are operations that should be handles by the ISOS. Suppose your hard drive is fully utilized, between local applications and other people's files. If you really need to store something locally, the shared space will automatically be shrunk, the excess returning to the local system.
I don't want my work computer to be my home computer. My employer and I definitely want a strong sense of separation on that front thank you.
Why is this separation necessary? Obviously, the hardware will exist in two separate areas. But other than that, how is it detrimental that the desktop "at work" be disconnected from the desktop "at home"? In the network created from ISOS, this idea of separation by use is irrelevant. Each computer is simply a resource user and supplier. Some computers might be specialized at doing one type of computation better than others, so it will get appropriate work.
In another scenario, the ISOS Resource Pool at your job could be completely separate from a global Resource Pool (internet). So each computer at work would share resources only with other computers at work.
I liken the ISOS to the idea of any public resource, like roads or parks, monuments, etc. The world would be much less friendly were you required to personally own everything you used.
An ISOS isn't about control of a single computer, it's about effective use of the aggregate resources that computers in general can provide. It's all about the resources. Your computer is simply a resource that can be used to accomplish something.
I personally challenge the view that one can "own" the resources of the computer. Most certainly I own my hardware, but can anyone own the ability to compute that is inherent in everything? But this straying off topic. Perhaps in another discussion group...