10101001 10101001's Journal: MS vs the World

Through some fluke or post of another person on slashdot (I don't know recall), I recently stumbled across a rather interesting book hosted on MIT: The Hacker Crackdown. Having read through all four chapters and being in the "Afterword", something striking occurred to me that probably should have occurred to others before. That is, why exactly is it that viruses and worms of today are much weaker/simpler than of many years past?

"What?", you ask. You obvious realize that worms and viruses seem to be everywhere and tons of exploited machines are in use all over the place. They certainly don't seem weaker. But, while the large mass of machines are together strong, each individually is quite weak. But, the weakness is not only in its singleness. The weakness is at core in the design of its payload designed to infect others.

The simple reason for this striking weakness is clearly one company's fault: Microsoft. How could they possibly be to blame? Why would I even call it blame? It's not really blame, now, but this is the calm before the storm.

In the past, viruses were transmitted by floppies (and networks, for those lucky few). Over time, BBSs became a major transit though good sysops made sure they didn't keep such badies. This "centralized" control meant more than anything, you were pretty safe even without a virus scanner. But, e-mail introduced the need for person virus scanners, which the public was woefully unprepared for (as well as MS's Outlook Express) and for which virus scanners even now only do a lack luster success at stopping.

This is primarily because viruses spread like word of mouth, much faster than anti-virus makers have time to disect and block their "nasty" payload. In a blink of an eye, millions of systems can be infected and turned into zombies.

The situation isn't much better with worms but for a different reason. Where the first Internet worm took advantage of several unpatched exploits in a few Unix variants, most all since worms have targetted the Windows platform. And partly because of unpatched systems and the sheer near unending need to patch yet another security flaw, many machines become infected and spread on their disease.

These two methods of transmission are so great in fact, just about any programmer can do the work. And with them comes the rapid anti-virus team to remove them. There's no time nor any strong need to make a resistant worm or virus. There is sure to be a new vulnerability or a new way to trick people through some new hole than to labor for a worm or virus designed for attrition.

But, that's the fatal rub. Today, XP SP2 is being rapidly deployed across many XP machines. And while pre-XP machines and various people who never do patch when there are patches available are out there, the new line of Windows will quickly move forward. And assuming the whole user-verifications to e-mail are perfected to everyone's happiness and as generally users become more aware (or at least, the programs they use do), that anonymous and word of mouth virus will slowly die away from a flood to a trickle.

But what does this mean? An end to viruses and worms? Of course not. Some will get through, and the sheer labor and unlikeness of getting through will make the worms and viruses more virulent. Today, most businesses don't give a second thought to installing a security patch to their system without doing a company wide audit of all systems. They know that most worms are harmless, they're not exactly quiet, and though it's possible, it's improbable someone exploited the security flaw prior to the patch.

But in the future, where worms are one in a million, every patch will have to include an audit. Maybe even weekly audits may be necessary. Once a machine is compromised, the author will *not* want to give up his new "0wnage". Techniques like that of Ken Thompson and the infamous login hack will undoubted be duplicated, compromising a system in a way to leave the administrator unware there ever was a problem.

As a result, the security costs will dramatically rise to scour all those systems to make sure they're safe. And the same will be true for Mac OS X and Linux. In a brave new world, having hardware digital signing and no true system-wide administrator account will begin to be the only hope to keep costs down. Are we prepared for this new world?