> So, how about changing the operating system to allow or even encourage > such behaviour? "Sure, just run anything, it's safe. If it's a virus, > operating system clearly warns about it." > > Linux desktop isn't currently much better in security than Windows is. > Linux viruses are still possible, although they can mess "only" your > data rather than the whole system. But if it just deleted the document > you had been working on for weeks, it doesn't help much. A couple of thoughts. Some viruses are not viruses per-se, but legitimate programs acting in a way that is undesirable. IE: something that opens up a connection to IRC, or a mail relay, or a login. This is something that could be wanted, but it's when it's started without knowledge of the user it becomes a problem. This is why things like gator are out there, people blindly click "I agree" and it goes off and does it's thing. How do these programs differ from a virus, as the user is fully aware (if they read the fine print) of what it's doing and what they are doing. Running programs in a sandbox or letting the OS decide what is or is not a virus would require some sort of database for the os to look up a binary fingerprint, or do some sort of heuristic check to see what the app or docuement is doing, and if it's allowed. It would have to know that ssh starting up is different than a user (or root) executed program that opens up a port that allows incoming connections. The big issue would be network/internet access, not normal I/O (at least these days it is). Maybe something that allows the OS to intercept any port calls (ie: open(), bind(), etc) and check to see if they are allowed, or allowed by the particular application (which is in turn checked against an md5sum fingerprint kept in a central location). Starting ssh would look something like: - hey, I see a bind() call for port 22 - is /usr/bin/ssh, with fingerprint [hash] allowed to do this? - yup - is port 22 a port that this systems security policy allows binding to? - yup - ok, let it bind() Starting malware would look like: - hey, I see a bind() call on port 22222 - is /home/alan/tmp/blah.bin with fingerprint [hash] allowed to do this? - I don't see blah.bin in my allowed apps, log it and prompt the user (or) - is port 22222 a port that this systems security policy allows binding to? - nope the action for undetermined bind()s is [prompt/deny], log it and prompt the user or deny. I know there is a system in development by a friend of mine for windows which has similar functionality to this. Now that all said, this is more an OS function than anything to do with gnome, unless you're going to build this functionality into gnome itself (hard to do I think without OS support). Course, I'm just talking out of the side of my head here :) -- Alan <alan@xxxxxxxxx> - http://arcterex.net -------------------------------------------------------------------- "There are only 3 real sports: bull-fighting, car racing and mountain climbing. All the others are mere games." -- Hemingway
Attachment:
signature.asc
Description: Digital signature
