Re: Virus free desktop

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> So, how about changing the operating system to allow or even encourage
> such behaviour? "Sure, just run anything, it's safe. If it's a virus,
> operating system clearly warns about it."
> 
> Linux desktop isn't currently much better in security than Windows is.
> Linux viruses are still possible, although they can mess "only" your
> data rather than the whole system. But if it just deleted the document
> you had been working on for weeks, it doesn't help much.

A couple of thoughts.  Some viruses are not viruses per-se, but
legitimate programs acting in a way that is undesirable.  IE: something
that opens up a connection to IRC, or a mail relay, or a login.  This is
something that could be wanted, but it's when it's started without
knowledge of the user it becomes a problem.  This is why things like
gator are out there, people blindly click "I agree" and it goes off and
does it's thing.  How do these programs differ from a virus, as the user
is fully aware (if they read the fine print) of what it's doing and what
they are doing.

Running programs in a sandbox or letting the OS decide what is or is not
a virus would require some sort of database for the os to look up a
binary fingerprint, or do some sort of heuristic check to see what the
app or docuement is doing, and if it's allowed.  It would have to know
that ssh starting up is different than a user (or root) executed program
that opens up a port that allows incoming connections.

The big issue would be network/internet access, not normal I/O (at least
these days it is).  Maybe something that allows the OS to intercept any 
port calls (ie: open(), bind(), etc) and check to see if they are
allowed, or allowed by the particular application (which is in turn
checked against an md5sum fingerprint kept in a central location).

Starting ssh would look something like:
 - hey, I see a bind() call for port 22
 - is /usr/bin/ssh, with fingerprint [hash] allowed to do this?
 - yup
 - is port 22 a port that this systems security policy allows binding to?
 - yup
 - ok, let it bind()

Starting malware would look like:
 - hey, I see a bind() call on port 22222
 - is /home/alan/tmp/blah.bin with fingerprint [hash] allowed to do
   this?
 - I don't see blah.bin in my allowed apps, log it and prompt the user
  (or)
 - is port 22222 a port that this systems security policy allows binding
   to?
 - nope the action for undetermined bind()s is [prompt/deny], log it and prompt the user or deny.

I know there is a system in development by a friend of mine for windows 
which has similar functionality to this.

Now that all said, this is more an OS function than anything to do with
gnome, unless you're going to build this functionality into gnome itself
(hard to do I think without OS support).  Course, I'm just talking out
of the side of my head here :)

-- 
Alan <alan@xxxxxxxxx> - http://arcterex.net
--------------------------------------------------------------------
"There are only 3 real sports: bull-fighting, car racing and mountain 
climbing. All the others are mere games."                -- Hemingway

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Fedora Desktop]     [Trinity Users]     [KDE]     [Gimp]     [Yosemite News]

  Powered by Linux