Personal site of Spassky Stanislav
Viruses, inevitable disaster or thoughtlessness of system designers?
March 2007, Moscow, Zelenograd, Spassky Stanislav.
Microsoft Corporation has presented its next new OS: Windows Vista. As usual, new improved interface and security tools are promised.
Viruses, worms, Trojan horses… What is it, objectively inevitable disaster or thoughtlessness of system designers? This calamity has arisen simultaneously with the appearance of the internet. According to information from the internet there are more than 50.000 viruses now. Is it the threat for the whole of our informational civilization? Not having better applications thousands of programmers | invent new varieties of dirty tricks which are multiplied by the enormous scale of the phenomenon. Dozens of teams are involved in a protection against new kinds of viruses (by inane seeking their codes in executive programs). The state's computer systems are cracking. Corporations employ virus creators to blow their business rival. A multitude of scientific works are being published. The users feel they are living on the edge of a volcano. There has appeared work for everybody…
Now computers and intenet become devices and services of the common use, like TV set. Their interface and protectability must take into account it. Reinstalling of the systems and software is too troublesome and expensive "pleasure" for an ordinary user.
I have a vision of computer operating systems functioning. But I am acquainted better with the previous versions. Then there just appeared processor with "protected mode", aimed at multitasking, but, alas, not vastly on the protection against viruses. Because the address space of RAM for tasks was not completely separated (separation depends on the task priority levels). At the same time the idea began to be developed to separate the user tasks from the system level. And then the operating systems "Windows" of Microsoft Co began appear. Well, and viruses…
And so I declare that for a long time (since the society became aware of virus danger, of the scale of this phenomenon) the existence of viruses, worms, Trojan horses is simply the imperfection of systems. And, of course, the largest reproach concerns Microsoft Co, the actual monopolist of user systems. But, having a clear idea of a corporation staff, it is difficult to speak about imperfections. In alternative OS Linux the antivirus protection of files is provided, but it is too intricate for average users. And according to available information, it is not always effective. You can also say that virus phenomenon is less expressed in Linux because of its relatively small distribution.
When designing of the above-mentioned "protected mode" the creators of the processor underestimated the importance of anti-virus protection. They realized the possibility of the isolation of user executive programs from the system level. Also was realized the possibility of isolation of user executive programs (codes) one from another in area of RAM, but not completely. The programs of same priority level were not isolated. Moreover the creators of OS Windows didn't realize the isolation of executive programs from foreign files in file structure. So the idea of "complete separation" was not realized. In addition, Windows weakly keeps under control the running processes and tasks. (For example, the system disk with virus, left accidentally in a pocket drive, at casual restart of the system destroys the file system.) If "complete separation" was realized, there would be no viruses.
The idea of opposition to viruses consists of:
More in detail:
First of all, all the conception must be absolutely simple and clear. All its strength is in this. And the understanding, that even an innocent outlet out of the restrictions, even with best intentions, practically always leads to the destruction of a system.
The entrance inside OS must be possible only under a password protection and only by means of OS itself. And of course, the reinstallation of the Operating System must be accompanied by some setting in BIOS under the password.
OS must be maximum authoritarian, that is, it must keep all running processes under full control. And all user programs must carry out all operations of "lower level" only by means of OS or under OS control: both in regarding "hardware" and regarding a file system (operations of creation, modification, reading, writing in files, operations with catalogues).
Besides user programs it is necessary to add all resetting drivers, resetting graphical packages and code interpreters to the programs, "external" in regard to OS. The driver differs from user programs only by having permission of access to some of computer registers. But from the point of view of the virus protection, they must be considered as external.
A "contagion" can penetrate into files through two gaps:
Therefore it is necessary to block both these channels.
All "external" to OS programs (tasks, processes) must be definitely separated from each other in space of RAM in codes. Of course, there must be no dependence of this separation on the priority level of this separation. It may need to carry out some modifications of the processor. The data exchange between tasks and drivers, graphical packages, interpreters can be realized through common zones of RAM in data and under OS control.
It should be specially mentioned that in programs where DLL-files are using, every program must have its own DLL in its directory. The practice of using common DLL must be forgotten. The technical means allow doing it now.
The separation of the tasks in the space of files.
For every running task (every window) the definite zone of limitation in the file structure must be determined. That is some subdirection, or to be more likely, some temp-subdirection, that is specially created for this task and destroyed at ending a task ending. The task cans overcome the bounds of this subdirection only at direct instruction of the operator-person and only through an OS procedure and under its control. The example of such coming out in Word - recording the results in a concrete file by the direct instruction of the operator. There should be no command lines, substituting the operator.
A very important issue is what task and where organizes this temp-subdirectory? It is supposed that it should be organized by the task (window), from which a new task is organized and inside its own zone. But there is one exception. The programs of the type of navigating program, which have access to a file catalogue (even through OS), do not have right to work with contents of files with a view of safety. Therefore in this case the subdirectory must be created in the zone of the program, which is opening the file indicated by an operator.
For example, you received the letter on your e-mail client program with the attached file with .doc - extension. This attachment can contain fragment with executive codes (with viruses). You open this attachment from e-mail client program. Therefore this program a creates new task with temp-subdirectory in own subdirectory and forms the demand for OS to organize passing in Word the reference to the file and address of new subdirectory, as the zone of limitation. The Word starts the process, which runs up to fragment with executive codes and passes to OS the demand to start codes in some RAM zone. So the new task is completely isolated in RAM as well as in the file structure. What can happen, if operator does not do obvious nonsense?
About Trojan programs. How can OS not trace transfer over the Internet, unconnected with any of the opened windows? But if there is a transmission related with the some window, what can Trojan do, completely isolated both in RAM and in file structure?
At opening a new window (process) by browser the information is memorized, which a user consistently looks through in this window. It is memorized in proper subdirectory in space of browser. At closing this window all information must be annihilated. No "trash dumps" must be created. At the present level of technique it is not necessary.
It would be good, if interpreters would be utilized in all of executable fragments of electronic documents only.
Interpreters must not contain in its composition the commands, which can be "dangerous" potentially for the system equipment.
As is generally known, Bill Gates, the head of Microsoft Corporation, sacrifices his money on philanthropy. That is rather well. But nevertheless it would be good for him in mainstream of his activities to do one effective and safe OS for users.
At the first possibility "holes" must be liquidated in transmission line protocols of the internet.
A few words should be said about the internet. It is time to divide the internet into two parts, distinguished by internet searching programs. One part must consist of documents, for the richness of content of which providers are responsible somehow. The internet is "trash dumps" now and searching programs reflect this situation. But again, cynical using of boorish technologies in advancement of sites in the searching programs. Make effort to find information on a question which you well know and you will understand it. If nevertheless you have a desire to rummage in a "trash heap", you will be able to do it by proper setting in the searching program.
It is time to register mailboxes personally, not anonymously. We live in the time of cynical boorish technologies. The heading of the letter must contain a sign, that it is an advertising letter, a spam. A user must have possibility to ask your e-mail agent to barrier him from a spam. If a letter has not this sign, but is such, sending of such a letter must be punished. If for delivery of spam some anonymous server is used, think, at a desire it is possible to localize this server.
Spassky StanislavMain page