Linked by David Adams on Fri 10th Jun 2005 15:25 UTC, submitted by tm
Bugs & Viruses Many virus attacks aren't really exploiting weaknesses in your operating sytem: they're simply tricking you into telling the OS to do things that it shouldn't do. The OS is just doing its job, executing code when you say so. Researchers at HP Labs are working on a solution to this problem using the Principle of Least Authority, or POLA -- "limiting the rights of each program to only the ones needed for the job the user wants done"
Permalink for comment
To read all comments associated with this story, please click here.
No system weaknesses?
by ADAXL on Fri 10th Jun 2005 16:22 UTC

"Many virus attacks aren't really exploiting weaknesses in your operating sytem: they're simply tricking you into telling the OS to do things that it shouldn't do."

There are many ways virus writers exploit weaknesse in system design:

** Remember the attachments thta Outlook would execute automatically? If that wasn't a system weakness, what is?

** Crummy software management that permits malware to install itself in a way that is becomes hard to dislodge. Write an OS where software cannot hide. No registry; a mandatory install log that allows the OS to remove any file that came with the install, no matter where it went; a strict system for programs that can launch at startup; etc.

** The OS should recognize how an executable entered the system and react accordingly. If the file came by a channel that is typical for malware (e-mail, IM), the OS should ask that extra question on install.