FUNGEN4.CVP 910819 Hiding in System Layers One additional use that viral programs can make of operating systems is as a source of hiding places. Anyone who has ever tried to manage accounts on mainframes or local area networks will recognize that there is a constant battle between the aspects of security and "user friendliness" in computer use. This tension arises from the definition of the two functions: if a computer is easy to use, it is easy to misuse. If a password is hard to guess, it is hard to remember. If access to information is simple for the owner, it is simple for the "cracker". (This axiom often gives rise to two false "corollaries". First, the reverse; that those systems which are difficult to use must therefore be more secure; does not hold. Secondly, many assume that restricting the availability of information about a system will make that system secure. While this strategy will work in the short term, its effectiveness as protection is limited. Indeed, it often has the unfortunate side effect of restricting information to those who should have it, such as systems managers, while slowing the "attackers" only marginally.) "User friendly" programs and operating systems tend to hide information from the user. There are two reasons for this. In order to reduce "clutter", and the amount of information that a user needs to operate a given system, it is necessary to remove options, and therefore, to a certain extent, functionality. A user friendly system is also more complex in terms of it's own programming. In order for the computer to behave "intuitively", it must be able to provide for the many "counter-intuitive" ways that people work. Therefore the most basic levels of a graphical user interface system tend to be more complex than the corresponding levels of a command line interface system, and are hidden from the user by additional intervening layers (which also tend to add more complexity.) The additional layers in an operating system, and the fact that a great deal of management takes place automatically, without the user's awareness, is an ideal situation for a viral program. Since many legitimate and necessary operations and changes are performed without the user being aware of it, viral operations can also proceed at a level completely hidden from the user. Also, because the user is basically unaware of the structure and operations of the computer, changes to that structure and operation are difficult to detect. copyright Robert M. Slade, 1991 FUNGEN4.CVP 910819 ============== Vancouver ROBERTS@decus.ca | "If you do buy a Institute for Robert_Slade@sfu.ca | computer, don't Research into rslade@cue.bc.ca | turn it on." User p1@CyberStore.ca | Richards' 2nd Law Security Canada V7K 2G6 | of Data Security