Viridium.ro

Have you read any of Frederick Cohen’s books on computer viruses? I for one have read his “Computer Viruses”, (the title here is taken from the Romanian translation of the book) and was henceforth fascinated by the idea of creating an operating system immune to viruses. The idea was by no means new. Dr. Cohen himself had already gone through the trouble of proving that there is no such thing as perfect anti-virus defense. The foundation of Dr. Cohen’s argument was based on the observation that the virus can inspect the answer of the anti-virus tool and act such that the answer becomes false.

Here’s an illustration. Let AV be the anti-virus program heroically defending your system and V be the virus program that just sailed on to your domain, in other words, the culprit. When V executes, it asks AV “do you, deep in your heart, feel that I am this bad, nasty program that they call a virus?” AV may be in a really bad mood and reply “Yes! you are a mean nasty bad virus, you!”. V’s strategy being to cause AV to report a false situation and make our tasks of detecting all viruses difficult, it will say to itself “You know what, I’m fed up with this stigma that I have to carry, I refuse to replicate any further.” Thus AV has reported a non-virus.

But AV may well feel happy due to recent events of which the nature reaches the beyondness of this article and reply “Nah, ye’r but an occasional pain in the butt, mate, arrr!”, in other words, “No, this program is not a virus”. But V still being nasty, will decide to go ahead and infect programs, again fooling good ol’ AV.

This is all nice, but in practice we need not perfect detection in an inherently imperfect system. Virus programs should not have unconditional access to your average antivirus. The computer environment is not a soup in which all components can become conjoined or come into contact. On the contrary. We define and employ policies that limit access to the system for all but the most important programs. And in time we have learned to choose those policies which have matured the best. Computer security is continuously improving.

So with all the techniques we have at our disposal, where should we look for the panaceum? There’s scanners, integrity tools, heuristic scanners, vaccines, resident shields. Unfortunately, scanners are bound to fail in the face of novelty. Heuristics are a leap forward, but not nearly one big enough. Short of the artificial human brain itself, the heuristic tool is open to treachery by a smarter virus, and smarter viruses are not an issue as long as it’s humans writing them. Evolution unfolds in the arena of malware’s and defense’s deadly dance as well.

What about the operating system that prevents executables from accessing other executables’ data. I remember the moment I told Jolly about my idea, while on a crowded bus number 35 in Cluj-Napoca, bound for Zorilor neighborhood and his question equally well: “Why would you not allow this? Why? I want to be able to do all this with my files.” And although I could not articulate the answer, I knew at that moment that the computer is not meant to be a soup, except maybe for a select few. Instead we look for and try to endorse structure. I still believe the idea is feasible, and there is software out there implementing forms of access control. The resident shield restricts access to various types of files and warns the user when a program performs dubious actions. The shield, I believe, is on its way to becoming the antivirus solution. The more advanced versions of the resident shield will grow to encompass principles of automatic access control. Some maturing will be in order, in particular, one must automate the decision process and make this an integral part of the operating system.

Some implementation issues remain. First, how to address those mini-operating systems generated by macro languages, such as Excel, or interpreted languages, running and infecting directly source code. Second, how to treat files with dual purpose — files serving both as programs and writable data containers. Perhaps this feature serves better as the proverbial exception rather than a pragmatic problem and we should dismiss such files altogether. After all, we are moving away from the primordial soup, and have learned how to cook.