Overanalyzed

On Security of Operating systems

December 29, 2008 at 11:12 am | In Technology | No Comments
by Chris Davenport

I was reading about yet another zero day exploit for IE and Windows, on the heels of a security update for same because of an existing unpatched vulnerability that’s been causing pain to many over the past few weeks.

Honestly, you could write the above two lines any time over the past 12 years, and it wouldn’t look out of place.

Security is an ongoing concern, which is weird, because it doesn’t seem to be solved. A lot of times it’s an afterthought, and security is challenging enough to begin with. I’m regularly amazed by the utter lack of security that exists for convenience’s sake. The two do tend to contradict, but so often are pitted opposite through accident, afterthought, or intent.

So why must there be patches? I understand generally that if there’s a bug, it needs to be fixed, so patch it. But to take another tack, if word wrecks my formatting, then all I do is reformat it. If an app crashes or doesn’t work the way I want, deletes my files, I don’t run it, don’t use it. If I install it and it turns out badly, I uninstall it.

I wonder if similar approaches can be used with OS or DLL or standard library calls?

Basically, the OS should allow you to hook those calls, check the parameters, and do something else. Windows and others already have syscall hooks for auditing purposes, that’s where we get strace output and the like, so security can be maintained, and the mechanisms are there. It hasn’t been extended to the dynamic loader, however, and there isn’t any way for you, as an administrator, to change something so that word, specifically, doesn’t have the ability to open a socket to ha.cx, write to the boot.ini file, call GetObjectEx with a bad CLSID, or some other evil act.

Seems like it would be pretty easy to isolate the bad behavior in that way, at the OS level, and give you back a little control over what these applications do with your system.