On Fri, 4 Jun 2004, James Wilkinson wrote:
George N. White III wrote:One problem area that needs to be addressed in open standards is how to remain open and still support intelligent devices in a secure fashion. One can imagine worms and viruses that program graphics interfaces to display commercial messages, printers to add p0rn images to documents, wireless cards to broadcase commercial messages to devices operating on other frequencies, etc. Some vendors are using "security by obscurity" as an excuse for keeping interfaces hidden, but since we know that obscurity has marginal security benefits, so must doubt the sincerity of those vendors.
Yes, I can imagine that.
But I can also imagine viruses that do that by hooking into the OS interface (I'm thinking of a number of Amiga viruses that displayed obscene messages on-screen fifteen years ago).
The whole point of drivers is to present a (relatively) hardware- independent standard to the rest of the operating system. Once that happens, virus writers, just like any other programmer, can address the driver API, and the question of whether it's an open standard API or not is not one that taxes your average virus writer.
Programs running on the host leave tracks, but viral code running inside a device becomes harder to deal with and could be "installed" by a small, transient program that would be harder to detect, so you have to think about controlling who/what is allowed
to communicate with a device as well as designing protocols that
don't permit changing device settings/firmware without effective access
controls (passwords or physical access to a hardware interlock).
Future device interfaces need to address not only the protocols required to use the device, but must also support access controls, maintenance, debugging, etc.
Those viruses on the Amiga tended not to spread too well, as it was too obvious that a machine was infected, so users tended to do something about it before they could spread. (In those days, the main transmission vector was infected floppies and infected programs on floppies).
Virus writers have figured out that viruses spread faster when system owners don't noticed that they are infested. One aspect of improving security is making anomalies "visible". We need security tools with the ability to check the status of devices for both hardware faults and "soft" problems such as a wireless card configured to use an "illegal" frequency/power setting.
-- George N. White III <aa056@xxxxxxxxxxxxxx> Head of St. Margarets Bay, Nova Scotia, Canada
