Minggu, 14 Juni 2009

Too Much, Too Fast

At some point, the software industry will have to come to terms with the fact that it grew too fast, created too many rapid application development vehicles and expanded code into Operating Systems that just cannot fundamentally withstand concerted attacks from hackers, organized crime, nation state terrrorists, etc. Ultimately, the best defense against intrusion, worms, buffer overflow attempts, etc will be to 'native sentinel' programs that can 'electric fence' every loaded feed, hook, interface, binary,library against suspicious behavior. Current processor memory/development may allow for such sentries. Indeed 'DEP' (Data Execution Protection) could be termed a 'native sentinel' program. However, in many ways there is just too much going on inside a modern OS to be well-protected.This is some Powershell output from my Windows laptop. Notice:
(1) How may modules are (2701) in use by a limited number of applications (64) and
(2) How many modules (515 unique out of 2701 total) are being shared in multiple applications

$ps = ps
$count = $ps.count
$count
64

$all_modules = 0..$count |%{$ps[$_].Modules} | Select BaseAddress,EntryPointAddress,Size,ModuleName,ModuleMemorySize,GetLifetimeService,FileName,FileVersion,Company,Description
$all_modules.count
2701

$unique_all_modules = $all_modules | Select -property ModuleName | Sort -Unique -property ModuleName
$unique_all_modules.count
515

We have a similar situation with Linux (no XWin running here), although notice the process to module count ratio (86:1583) is a little lower than my windows box(64:2701) [As if the two could be realistically compared ;-)]:
ps awx | wc -l
86
/usr/sbin/lsof | wc -l
1583
...

Now look at my OpenBSD box (no Xwin running here either):

# ps -la | wc -l
20
# fstat | wc -l
183
....

Part of "proactive security" employed by creators of OpenBSD are the careful decisions:

(1) to run as few default services as possible
(2) not to support every application on the planet

There's not too much more to say on this type of logic: "The smaller your garden, the more carefully you can attend to each plant." Albeit, one does have to grow enough to feed your family!

0 komentar:

Posting Komentar