[cap-talk] High level dissonance
krstic at solarsail.hcs.harvard.edu
Sun Feb 24 02:26:37 EST 2008
On Feb 23, 2008, at 7:10 PM, Karp, Alan H wrote:
> It's a bit general because there are some attacks that are not on
> users, e.g., some viruses.
I submit anyone making this statement is thinking about the problem
incorrectly, or at the very least, not sufficiently thoroughly.
Every computer attack is an attack on the user. If it weren't so, we
wouldn't much care about the attack. Viruses that destroy data are an
attack on the user's data; viruses that render the machine inoperable
are an attack on the user's ability to get her work done. Viruses and
trojans that zombify a machine and join a botnet are an attack on
_some other_ user's ability to get her work done.
We can differentiate between malware that harms the user of the
machine it infects and that which harms the user of some other
machine, but ultimately it's _all_ about the user. This goes for
understanding defense as well as offense. The reasons viruses never
took off widely on UNIX is because the software installation model is
different: most software is installed (and owned, in terms of file
permissions) by the administrator, not the individual user. Viruses
executing with the user's permissions thus rarely have binaries to
infect. On Windows, this wasn't the case; the model had users in
charge of installing software because it provided _the user_ the
convenience of not having to switch to a different account to perform
those actions. If this wasn't the case, Windows could simply prohibit
any non-system binaries from modifying any other binaries or DLLs and
the concept of viruses would, overnight, cease to work.
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
More information about the cap-talk