Windows virus?

This is a discussion on Windows virus? within the A Brief History of Cprogramming.com forums, part of the Community Boards category; Originally Posted by cyberfish I like the nice core and UI separation in Linux. All the UI stuff are just ...

  1. #61
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,138
    Quote Originally Posted by cyberfish View Post
    I like the nice core and UI separation in Linux. All the UI stuff are just graphical wrappers around lower level stuff (eg, gksudo for sudo, iptables has several GUI frontends, file permissions can be changed in Nautilus, etc). In a sense, UI stuff is bound by lower level security features (the user priv system, sudo, etc). That makes the task of securing the OS easier. They only need to make sure the system is secure at the core level, as what one can do with UI is strictly a subset of what one can do at any lower level. There's a nice hierarchy here, and only the base needs to be secured.
    Can you list something in Windows (NT and up) that had security only in the UI layer and not in the core ? Because this concept is great, but not unique to Linux.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  2. #62
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,145
    No I can't. There are too many things I can do in UI that I can't do directly (command line), but that is probably just due to my lack of knowledge. As you can see, I am not familiar with Windows at all . My feeling with Vista, though, is that it's patchy. Even if everything that can be done in the UI can be done in core, I have a feeling that the OS is centered a lot more on the UI. The hierarchy is not as strict. Either that or there is some extremely good integration going on here. For example, can you configure the firewall without the UI? how about changing file permissions (I have a feeling this can be done)? or UAC?

    But of course, I have not analyzed Windows to any great extent, so feel free to correct me.

  3. #63
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,170
    It is unlikely you can do that via command line simply because Windows is built around simplicity and casual users who are scared of command lines or don't know how to use them.
    It's possible to add some file permissions such as read-only via command line, though.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.
    For information on how to enable C++11 on your compiler, look here.
    よく聞くがいい!私は天才だからね! ^_^

  4. #64
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,892
    Windows is a GUI-oriented OS. When there's something to configure, a GUI is written for it. You can maybe modify the registry or some hidden config files to do the configuration manually, but you won't find a CLI for the settings, because it's unnecessary extra effort to provide one. (Unless, that is, it's something people will want to control from a batch file.)

    I don't see how that is relevant to the security issue, though.

    Interestingly enough, the equivalent of UAC would not be possible in Linux. The OS is not set up to bring things at this level to the attention of the user. Its layers are too strictly separated, and any cross-layer communication that exists would be potentially compromised in the situations UAC is made for.
    But then, UAC is an absurd concept anyway, from a design standpoint.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  5. #65
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,584
    UAC is an Unbelievably Annoying Concept.

    And Windows Update is like that guy on your team that submits his changes without telling anyone and ends up breaking the whole branch.

  6. #66
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,145
    Of course CLI and GUI are both UIs, so I guess my explanation was not good. What I was trying to say is the strict layers, where the kernel would expose its functions through a simple interface (POSIX functions), and GUI security interfaces will only interact with the kernel using that interface. It shouldn't do things like directly access the filesystem to change file permissions for example. That would be crossing layers. With such a strict layering system, as mentioned above, some cool things won't be possible to do. However, in return, one gets hardened security. No matter how badly designed the interfaces are, as long as the OS interface is bug-free, security cannot be compromised. The UI basically just issue commands for the user. If the user running the UI doesn't have the right to do something, nor will the UI. It's certainly easier to keep the kernel and the simple interface bug free, than trying to keep the whole thing, including the UIs, bug-free.

    But of course, I have no idea how Windows does it, as people who have seen the source are not likely to share their findings .

  7. #67
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,584
    No matter how badly designed the interfaces are, as long as the OS interface is bug-free, security cannot be compromised.
    Nothing is 100% secure. If it's written in code it can be thwarted with code. And your bug-free statement is a huge if and a bit unrealistic.

  8. #68
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,145
    Sorry I have to disagree.

    The trick lies in "as long as the OS interface is bug-free".

    It's like saying, if Windows is bug-free, no program can crash it.

    Sure, it is unrealistic. Nothing can be bug free. I was just saying that it is a lot easier to keep the core and POSIX interface bug free, than the whole system including the UI. As a result, Linux is more secure.

  9. #69
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,584
    Sure, it is unrealistic. Nothing can be bug free. I was just saying that it is a lot easier to keep the core and POSIX interface bug free, than the whole system including the UI. As a result, Linux is more secure.
    Actually nothing you are saying is easy nor sensible. 100% bug free in a 5 million lines of code just doesn't happen. MSVC 2005 was reportedly released with over 20,000 bugs according to some dev blogs and that is just a compiler. Whether or not that is 100% accurate is up for debate but saying that bug-free apps ensure security is a bit of a stretch. Some bugs have nothing to do with security and some security flaws are not bugs but design flaws. And guess what...as long as a human designs the system there will always be flaws. But some of them are not flaws as much as tradeoffs. Using one approach may warrant some tradeoffs but be eaiser and less time consuming than another approach. In the end bug fixing is far from just making an application secure. So your statements about bugs somehow magically introducing a huge level of security are lacking a bit.

  10. #70
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,145
    What I meant is, it's certainly easier to maintain 5000 lines of code vs 5 million lines of code. As a result, the 5000 lines of code will be more bug-free, given the same amount of man-hour/effort put into the code.

  11. #71
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,170
    But what code is only 5000 lines? Certainly no kernel I've heard of.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.
    For information on how to enable C++11 on your compiler, look here.
    よく聞くがいい!私は天才だからね! ^_^

  12. #72
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,145
    It's an exaggeration...

    The Linux kernel is orders of magnitude smaller than the whole Windows codebase.

  13. #73
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,170
    Somehow I doubt that.
    Don't think that the Linux kernel is anything less complex than the Windows kernel.
    If you count the drivers which are embedded in the kernel, the Linux kernel easily surpasses the Windows kernel.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.
    For information on how to enable C++11 on your compiler, look here.
    よく聞くがいい!私は天才だからね! ^_^

  14. #74
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,892
    The Minix kernel is less than 5000 lines.

    Of course, that's a micro kernel, and there's a lot of room in the user space support programs (drivers) for bugs, but they can only compromise part of the system, since they're user space programs. That's the whole point of micro kernel architectures, of course.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  15. #75
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,145
    Somehow I doubt that.
    Don't think that the Linux kernel is anything less complex than the Windows kernel.
    If you count the drivers which are embedded in the kernel, the Linux kernel easily surpasses the Windows kernel.
    It's not, but I meant the WHOLE Windows codebase. The security layers are not as strict in Windows, and UIs are allowed to do low level stuff. That makes bugs in the UIs potential security holes, too. In Linux, one needs to exploit the core of the OS, as UIs are more or less just wrappers, and only do low level stuff through the simple interface the OS exposes. That is to say, if one cannot break the system on the command line, one cannot break it through UI programs.

Page 5 of 7 FirstFirst 1234567 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Trojan horse generic
    By crvenkapa in forum Tech Board
    Replies: 8
    Last Post: 06-04-2007, 08:49 PM
  2. how to make a windows application
    By crvenkapa in forum C++ Programming
    Replies: 3
    Last Post: 03-26-2007, 09:59 AM
  3. Question..
    By pode in forum Windows Programming
    Replies: 12
    Last Post: 12-19-2004, 06:05 PM
  4. IE 6 status bar
    By DavidP in forum Tech Board
    Replies: 15
    Last Post: 10-23-2002, 05:31 PM
  5. Manipulating the Windows Clipboard
    By Johno in forum Windows Programming
    Replies: 2
    Last Post: 10-01-2002, 09:37 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21