On Sat, 10 Aug 2019 11:30:00 +0200, Axel Berger wrote:

> The Natural Philosopher wrote:
>> ...for Virus writers...
>
> There are lots of kinds of protection against malware. The only reliable
> one could I ever find was Brain 1.0. So far it has kept me safe and
> never failed me once. All the others cause lots of hassle and extra
> effort, but none of them is reliable. On the contrary, by making
> everything more complicated and harder to grasp and keep on top of, they
> make it easier for unintended immigrants to slip through.

Adding a well-thought-out file ownership and access permission system
helps a lot, provided users don't do terminally stupid things like
assigning superuser properties to their normal login. This is where Unix
introduced a sensible access control system, which Linux also uses, while
Windows in inherently insecure by design.

The only major item missing from *nix implementations is more rigorous
hardware implemented controls on memory access by running processes.
Intel has a minimal, but seemingly adequate set of hardware protection
rings but no current operating systems appear to make full use of it:
among other things, proper use of the hardware rings of protection would
prevent scripted nasties, etc in e-mails and web pages from accessing any
memory outside their immediate environment.

I've used mainframe operating systems that could do exactly what I've
described, so know it can be done and, what's more, do that without
interfering with legitimate users doing what they need to do.


--
Martin    | martin at
Gregorie  | gregorie dot org

--- SoupGate-Win32 v1.05