Dear Fedora Community, what do you want?

George N. White III aa056 at chebucto.ns.ca
Fri Jun 4 18:08:37 UTC 2004 

On Fri, 4 Jun 2004, James Wilkinson wrote:

> George N. White III wrote:
>> One problem area that needs to be addressed in open standards is how to
>> remain open and still support intelligent devices in a secure fashion. One
>> can imagine worms and viruses that program graphics interfaces to display
>> commercial messages, printers to add p0rn images to documents, wireless
>> cards to broadcase commercial messages to devices operating on other
>> frequencies, etc.  Some vendors are using "security by obscurity" as an
>> excuse for keeping interfaces hidden, but since we know that
>> obscurity has marginal security benefits, so must doubt the
>> sincerity of those vendors.
>
> Yes, I can imagine that.
>
> But I can also imagine viruses that do that by hooking into the OS
> interface (I'm thinking of a number of Amiga viruses that displayed
> obscene messages on-screen fifteen years ago).
>
> The whole point of drivers is to present a (relatively) hardware-
> independent standard to the rest of the operating system. Once that
> happens, virus writers, just like any other programmer, can address
> the driver API, and the question of whether it's an open standard API
> or not is not one that taxes your average virus writer.

Programs running on the host leave tracks, but 
viral code running inside a device becomes harder to deal with and could 
be "installed" by a small, transient program that would be harder to 
detect, so you have to think about controlling who/what is allowed
to communicate with a device as well as designing protocols that
don't permit changing device settings/firmware without effective access
controls (passwords or physical access to a hardware interlock).

Future device interfaces need to address not only the protocols 
required to use the device, but must also support access controls, 
maintenance, debugging, etc.

> Those viruses on the Amiga tended not to spread too well, as it was
> too obvious that a machine was infected, so users tended to do
> something about it before they could spread. (In those days, the
> main transmission vector was infected floppies and infected programs
> on floppies).

Virus writers have figured out that viruses spread faster when system 
owners don't noticed that they are infested.  One aspect of improving 
security is making anomalies "visible".  We need security tools with the 
ability to check the status of devices for both hardware faults and "soft" 
problems such as a wireless card configured to use an "illegal" 
frequency/power setting.

--
George N. White III  <aa056 at chebucto.ns.ca>
   Head of St. Margarets Bay, Nova Scotia, Canada

More information about the fedora-list mailing list