ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] viral worms, wormy viruses, and design vs. software

2003-06-25 18:22:38
from [Dave Crocker] [Permanent Link] 
Barry,



Worms existed on the Internet and DECNet long before Windows


BS> Worms are not viruses.

BS> The first internet worm, I believe the one the term was created for,
BS> was the Morris worm which would be October 1988.

Xerox PARC created the first worm.  They did some research on the topic,
I believe in the mid-70s.


BS> I suppose you could quibble semantics on what's a worm and what's a
BS> virus and so forth to fit your pre-conceived conclusions.

Actually, I think the definitions are nicely overlapping.  Worms are
about network communication.  Viruses are about taking over a computer.

One can argue that a hostile worm needs to have a viral component, to
get enough control for replicating, but I would rather simply view that
as a carrier/parasite (symbiotic?) relationship between a virus and a
worm...



Worms and viruses will always do better if they attack a common platform
than a rare one for the simple reason that to propagate a virus need only
pass the infection on to an average of more than one new host per host
infected.


BS> That sounds reasonable, except that's not the problem.

Correct.


BS> The problem is a memory and protection architecture in windows which
BS> allows programs run by any non-privileged user to infect boot blocks
BS> etc.

right.


BS> Most other OS's (of any note) don't allow this.

some OS's have superior security architectures, but that does not
prevent them from being run badly.  it has often been true that actual
unix configuration and operations have sucked.  on the other hand, unix
is often far more amenable to fixing the problem than are some other os's.


BS> The problem is there is nothing you can do with any current windows
BS> system to make it secure from viruses, short of active avoidance (shut
BS> it off and it won't ever get a virus, proceed from there to your risk
BS> comfort level.)

Beyond configuration and operation, the other critical issue is software
quality, starting with the operating system.  If the design is good, but
the software coding is bad, the game is over.

Operating system software that requires constant security patches
probably was not written with very good quality assurance procedures.
This is not surprising, since most of the industry has a focus on
creating new features, rather than taking the considerable extra effort
to ensure software quality.  Quality takes time.  This means fewer
features or later delivery to market.


d/
--
 Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Weird spam, Yakov Shafranovich
Next by Date:  [Asrg] Fwd: Major E-mail Delivery for FTC DNCR Launch, Eric Brunner-Williams in Portland Maine
Previous by Thread:  RE: [Asrg] News Article - Editorial on spam by Bill Gates, Barry Shein
Next by Thread:  Re: [Asrg] viral worms, wormy viruses, and design vs. software, Eric Brunner-Williams in Portland Maine
Indexes:  [Date] [Thread] [Top] [All Lists]