Steven M. Bellovin wrote: > The AV decision is more problematic. While a good > security model can prevent system files from being > overwritten, most worms use purely user-level > abilities. It would take a fairly radical OS design > to prevent a user-level worm from spreading.
It is a fairly radical OS design. Programs do not inherit the full authority of the user. They cannot do anything the user can do. For many tasks, they have to call upon a small amount of trusted code. For example the normal way an editor opens a file is that one gives the editor a file name, and the editor, having full user authority to read or change any file in the system, plays nice and opens and changes *only* that file. In this OS, instead the editor asks trusted code for a file handle, and gets the handle to a file chosen by the user, and can modify that file and no other. The nice thing about this OS architecture is that that each executable is loaded and run in its own VM, instead of having access to everything the user has access to. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]