OS Security Issues.

[Mohanty]

For More Security Purpose, Is it possible to implement a virus (which is helpful for OS) in Operating system, Which will identify the virus. This Virus can be work like another Interrupt. Which will actually help OS.

eg:
Because A thief can catch a thief very well and so on...,

So I thought The Above concept can be possible. Because Every time I found that every Real Life issues are really implemented In OS. Means what we are generally thinking on the base of Real Life then that is the concept in OS.

So I am Thinking it is possibele. My Idea is also based on the base of real life issue.....as above eg:........

Because I found that no operating system is 100% secure....even Linux..

Please submit your thoughts.....

[NickJohnson]

@berkus: Colorless green ideas sleep furiously.

Edit:
I'm guessing that this is going off the biological concept of a vaccine somehow, but otherwise the idea of a virus that somehow prevents other viruses simply makes no sense.

[Mohanty]

I'm guessing that this is going off the biological concept of a vaccine somehow, but otherwise the idea of a virus that somehow prevents other viruses simply makes no sense.

don't u know most biological concepts are also implemented in medical science........then why there is no sence.........Because One thing I know that nothing is impossible.............

Not really, if you install a virus that eats 100% cpu, 100% ram and 100% harddrive there's simply no place for more viruses, here, problem solved.

How it will eat 100% of everything, U r here for make program and for finding solution. we have to make program accordingly so that it will not eat 100%.............

[NickJohnson]

don't u know most biological concepts are also implemented in medical science........then why there is no sence.........Because One thing I know that nothing is impossible.............

The essential concept of a computer virus is that it causes existing software to do something it was not intended to do. Making a virus modify the OS to protect itself is just a really hard way of simply modifying the OS to protect itself. The biological analog doesn't work because an OS does not have an adaptive immune system, unless you count the people who modify it with security patches, and therefore would "learn" nothing about a virus attack by undergoing one.

[gerryg400]

Because One thing I know that nothing is impossible.............

True. At the quantum level everything is possible. However at the macro level most outcomes are very unlikely. So while nothing is impossible, almost every outcome has a probability so close to zero that we may regard its occurance as impossible.

[Solar]

Because One thing I know that nothing is impossible.............

True. At the quantum level everything is possible.

Erm... no. For example, you can't weasel your way out of the first and second law of thermodynamics. Entropy is still going to get you in the end.

@ OP:

The ways to defend against viruses on the OS level are well understood. A good starting point would be grsecurity.net / pax.grsecurity.net. (It's for Linux, but the concepts are sound and easily applied to your OS project. Even easier than applying them to Linux, in fact, since you're working from a clean slate instead of having to patch your way around existing software.)

Biology, on the other hand, won't help you the tiniest bit. (While not being an accredited Biologist myself, I actually studied Biology at the university for several years, so this statement is not guesswork either.)

[gerryg400]

Erm... no. For example, you can't weasel your way out of the first and second law of thermodynamics. Entropy is still going to get you in the end

The first law only applies to biggish systems. And even systems as big as 2 molecules can break the second law. But in fact, I was not really being serious. Just trying to disagree with the OP for the sake of it.

[Solar]

Just trying to disagree with the OP for the sake of it.

Afterglow of a discussion I once had with a guy who believed, very literally, that "nothing is impossible".

His line of reasoning was, in essence, that we needn't bother with conserving energy, because by the time it would become a problem, we'd just "techno-magically" transmute some matter into Uranium to fuel nuclear reactors.

I admit that things get fuzzy at the quantum level, but some things are simply impossible.

[Mohanty]

I admit that things get fuzzy at the quantum level, but some things are simply impossible.

U absolutely correct solar. Actually This Confusion arised due to me becz I maintained that "Everything is possible." But I don't mean like that Actually I told like taht according to the topic..

I also completely agree with u...that something is not possible.

[JamesM]

Just trying to disagree with the OP for the sake of it.

Afterglow of a discussion I once had with a guy who believed, very literally, that "nothing is impossible".

His line of reasoning was, in essence, that we needn't bother with conserving energy, because by the time it would become a problem, we'd just "techno-magically" transmute some matter into Uranium to fuel nuclear reactors.

I admit that things get fuzzy at the quantum level, but some things are simply impossible.

That's not really so far from a popular line of economic belief. Efficiency savings over time due to technological advances have always outweighed the increase in resource usage due to socio-economic shift and population growth.

Extrapolating, there is no need to ever save resources.

[CWood]

I can actually think of a way to secure your operating system, most of the way. Think about it... you don't want executable files being infected. Therefore, theoretically, they shouldn't change. So, add in support for a checksum in your executable format. When the executable is loaded at runtime, the checksum is calculated, and compared against the existing one. If they do not match, the file will not run. This won't protect it forever, however if you use an obscure algorithm, it should be a while (note that this does mean that you have to roll your own compiler/linker as well in order to develop for your operating system. However this can be overcome: create a tool which accepts .bin files for text and data sections, and it wraps the format around it. Thats probably what I will do, at least to start off with.) Also, you could use a changing algorithm - each executable format has its checksum, along with a magic value, to denote which algorithm to use. That way, it can be secured even more, as it is more precise. Of course, on top of that, you could add in more checksums, or check the last modified file date to the installation date, use your head. There are many such ways.

[Brendan]

Hi,

Just setup a special "virus" user (for viruses), and make sure that every piece of software in the entire OS can modify any executable file whenever they want, except for the special "virus" user.

That should fix the problem...


Cheers,

Brendan

[Synon]

Hi,

Just setup a special "virus" user (for viruses), and make sure that every piece of software in the entire OS can modify any executable file whenever they want, except for the special "virus" user.

That should fix the problem...


Cheers,

Brendan

That's a good idea.

Code: Select all

$ addgroup virus
Adding group `virus' (GID 1001) ...
Done.
 $ adduser --ingroup virus virus
Adding user `virus' ...
Adding new user `virus' (1001) with group `virus' ...
Creating home directory `/home/virus' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: HAXXOR
Retype new UNIX password: HAXXOR
passwd: password updated successfully
Changing the user information for virus
Enter the new value, or press ENTER for the default
	Full Name []: 
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] y

Do you think it will work?

[Artlav]

Why not just add a naughty flag to your executable format?
If the flag is set, then it's a virus, and should not be executed.
Simple.

[Combuster]

Even simpler: just do not implement program loading in your OS.