Thanks, Richard. That was interesting. -----Original Message----- From: Richard Loosemore [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 8:22 PM To: agi@v2.listbox.com Subject: Re: Hacker intelligence level [WAS Re: [agi] Funding AGI research]
Ed Porter wrote: > Richard, > > What ever happen to the Java concept of the sandbox, that totally safe play > space for code from over the web. I assume it proved to be a pipe dream, or > was it that the market placed demanded to break free of the sandbox, so the > concept never got a chance. Well, what I was talking about were macroviruses: they are macros inside Microsoft word (and similar in Outlook etc). So if you pick up a word document from somewhere, and it has virus macros in it, they can get copied to your main template and sit there waiting for the day when they are triggered. That avoids the Java sandbox entirely. The viruses in Outlook are worse because they are so fast acting. The last I heard Microsoft had made sure that these could run with as little restriction as possible, but I do not know if these can do something like format your hard drive. Microsoft has consistently ignored the appeals of the AntiVirus community to stop putting features in their apps that look tailor-made for virus writers. At the largest AV conference in the world in 1997, which I attended, there was only one delegate from Microsoft - he was a junior level systems admin guy, and he was there (he said) to learn about the best techniques for defending Microsoft headquarters from virus attacks. There are some who believe that the main reason that Microsoft inserts so many powerful, virus-friendly mechanisms into its products is because the U.S. government has an urgent need for trapdoor mechanisms that let them build various interesting pieces of software (e.g. key loggers) so they can monitor people who are not fascists. Richard Loosemore > -----Original Message----- > From: Richard Loosemore [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 28, 2007 5:53 PM > To: agi@v2.listbox.com > Subject: Re: Hacker intelligence level [WAS Re: [agi] Funding AGI research] > > Ed Porter wrote: >> Richard, >> >> To the uninformed like me, can you explain why it would be so easy for an >> intelligent person to cause great harm on the net. What are the major >> weaknesses of the architectures of virtually all operating systems that >> allow this. It is just lots of little bugs. > > It would be possible to write a macrovirus with a long incubation > period, which did nothing to get it noticed until D-Day, then erase the > hard drive. > > It only needs a lot of people to be using Microsoft Word: this by > itself is (or was: I am out of touch) the main transport mechanism. > > There are some issues with how that would work, but since I don't want > to end up in Azkhaban, I'll keep my peace if you don't mind. > > The only thing that might save us is the fact that Microsoft's > implementation of its own code is so incredibly bad that when it > duplicates macros, it has an alarmingly high screw-up rate, which means > the macros get distorted, which then means that the virus goes wrong. A > really bad virus would then show up, because broken viruses (called > 'variants') can cause damage prematurely. Then, it would get noticed. > > > > Richard Loosemore. > > ----- > This list is sponsored by AGIRI: http://www.agiri.org/email > To unsubscribe or change your options, please go to: > http://v2.listbox.com/member/?&; > > ----- > This list is sponsored by AGIRI: http://www.agiri.org/email > To unsubscribe or change your options, please go to: > http://v2.listbox.com/member/?&; > ----- This list is sponsored by AGIRI: http://www.agiri.org/email To unsubscribe or change your options, please go to: http://v2.listbox.com/member/?&; ----- This list is sponsored by AGIRI: http://www.agiri.org/email To unsubscribe or change your options, please go to: http://v2.listbox.com/member/?member_id=8660244&id_secret=70032346-da5452
