Re: Virus Resistive Software

Re: Virus Resistive Software

[Dmytry Lavrov]

Robert C. Leif wrote:
> 
> It appears from the latest news reports, that present commercial
> software, particularly email programs, is susceptible to attack by
> viruses. A question with a very big payoff is could software written
> in Ada and perhaps in part in XML be made significantly more virus
> resistant than present commercial software, such as MicrosoftО©╫
> OutlookО©╫? For instance, would the strong type checking of both Ada and
> XML schema help. As a point of information, it is possible to create
> XML schemas that are semantically very similar to Ada type and object
> declarations. Would the use of an Ada protected type with a single
> entry for reading addresses in a user?s phone book be of any help?
> 
> 
> 
> I believe the present practice of providing the source text should
> decrease the vulnerability of the system. However, I hope that this
> discussion can focus on technical feasibility, as opposed to an
> argument about ?free? vs. entrepreneurial software.
> 
> 
> 
> Bob Leif
> 
> Robert C. Leif, Ph.D.
> 
> Email rleif@rleif.com
> 
> 
Heh,don't run viruses.And don't write to code area(EVEN TO JAVA SCRIPT
CODE BY SCRIPT),check for [and stack] overflow,etc.If programm is not
buggy(read:at least stable) it's can't be hacked or infected!.

ADA programs is more stable ==> more defence against everything.
BUT
If ada program will run mashine code,it will be as hackable as C++ are.
Also,if here will be special "codes" (like "029382FormatHardDisc" in
header of mail ;-),it will be hackable .

If i remember correctly,virus attack(if user does not run virus) called
worm attack.
If this attack is possible,it's mean software bug.Only Bug.It's not
about viruses,it's about bugs.
If prog causes reboots sometimes,it's mean that this prog can
be(read:WILL BE) hacked (heh,if F22 need reboots,it's mean that possible
to send a signal that will cause this reboot,and mean that possible to
control plane remotely via hack!).

Main problem of outlook(and IE) that outlook by default does RUN
code(and does not ask user) for target processor if idiotic
"sertificate" are right. MS sells sertificates to access your
computer(ex.to spy email addresses for spamming)!
----------------
For example,if i'm sorts data via quicksort,in c++ or ada,with special
input it's possible to cause stack overflow!also if heap model are
bad,it's possible to fragment all heap.

There are _too_many_ things called by one word:"hack"
0: Changing program(game) to work W/O disk in CD ;-).
1: decoding publically avaliable encrypted data.(why it's
outlawed???Everyone can do what he want in his head or on his paper ,why
not on computer???)
2: Composing encoded,verified message if you shouldn't compose this
message.
3: Sending something that causes bad things to non-your
computer(including 2). 
3b:Sending a message that causes bad things on many computers.
And there are outlawed so called "unauthorised access to computer".
What's they mean  by this STRANGE words? Who authorises access? What is
access?What is "authorised access"?
(i'm is not a native english speaker,but russian version of this laws
are as strange)
 No one know! No explanations!(except trivial:"unauthorised access to
computer is a unauthorised access to computer")

By laws,if your computer have virus and virus are self-copying,YOU are
OUTLAWED.

Why computer communications need new laws? Federal Laws shouldn't be
changed so frequently.Heh,_first_time_in_history_after_money_ new laws
added for new tool(cars  not about it:there still be good-old laws about
murdering,no new laws ;-)

Instead of spending money to lawyers,let's make software more STABLE.
Program is a only set of well-defined laws for computer.If these laws
ALLOW hack,there will be a hack.
Thanks God,first virus was written before "internet age".

Hackable/infectable progs is a problem of fool with a tool.With better
tool(ada) fool is a same fool.Maybe results of fool's work are better
with ada.

Re: Virus Resistive Software

[Jeffrey Carter]

Robert C. Leif wrote:
 > It appears from the latest news reports, that present commercial
 > software, particularly email programs, is susceptible to attack by
 > viruses. A question with a very big payoff is could software written
 > in Ada and perhaps in part in XML be made significantly more virus
 > resistant than present commercial software, such as Microsoft�
 > Outlook�? For instance, would the strong type checking of both Ada
 > and XML schema help.

The problem is more the insistence on using software that is known to be 
vulnerable and faulty, such as Outlook, despite the availability of 
better software. For example, I use Mozilla, and have had no problems 
with the current crop of viruses and worms. Outlook is probably the most 
vulnerable mail program out there; at least when I had to use it, by 
default it installed with most of its protections turned off, and most 
of its most vulnerable features turned on. Nevertheless, it is probably 
the most widely used mail program. No amount of decent engineering can 
solve this problem.

-- 
Jeff Carter
"If a sperm is wasted, God gets quite irate."
Monty Python's the Meaning of Life
56

Re: Virus Resistive Software

[Preben Randhol]

Jeffrey Carter wrote:

> Outlook is probably the most vulnerable mail program out there; at
> least when I had to use it, by default it installed with most of its
> protections turned off, and most of its most vulnerable features
> turned on. 

And the reason is that it is much more userfriendly if the viruses can
install themselves so the user isn't burden to do it manually.

-- 
�I think fish is nice, but then I think that rain is wet.
 So who am I to judge.�
                 - The Hitch Hiker's Guide to the Galaxy (radioplay)

Re: Virus Resistive Software

[chris]

Jeffrey Carter wrote:

> The problem is more the insistence on using software that is known to be 
> vulnerable and faulty, such as Outlook, despite the availability of 
> better software. For example, I use Mozilla, and have had no problems 
> with the current crop of viruses and worms. Outlook is probably the most 
> vulnerable mail program out there; at least when I had to use it, by 
> default it installed with most of its protections turned off, and most 
> of its most vulnerable features turned on. Nevertheless, it is probably 
> the most widely used mail program. No amount of decent engineering can 
> solve this problem.

I agree.

<rant on>

I also don't think their is a need for yet another mail client.  There 
are free ones that don't suffer the ills of M$s big mistakes, and they 
are open source.  Fairdoes they're not written in Ada, but what is and 
why does it matter?  (You can't sell on the basis of language or 
technical superiority, Mozilla tried "use this it's driven by a C++ 
gecko toolkit and it'll allow you to do xyz"... if you're a geek you 
might care - and they failed... and now this is recognised just when 
they lose their major backer).  They work and some are very nice.

The problem is, as Jeff points out, people don't use them.  They don't 
want to know.  M$ hath given them a mail client and it giveth them mail. 
   It's convienant, does what they want, *there* and it costs money so 
it must be good ("you get what you pay for").  I'm using Thunderbird 
0.2a (it's good... I didn't want to touch it because it's 0.1 but 
Firebird was good so temptation won.  It's a faster Mail with a better 
interface and interface bugs ;) ) right now and will never ever touch 
Outlook or it's little brother again.  What idiot allows scripts to run 
willy nilly?  No-one except...  and they made HTML mail a no no on the 
internet!

The best way to get rid of Outlook, is to yank it out or disable it, pop 
something like Mozilla Mail in.  If that's too bizzarre skin it to look 
like outlook and see how it goes.  It's got to configure out the box, do 
what they want, and do more than that.  Mozilla Mail and Thunderbird do 
many things that Outlook does, it does more like Junk filtering and not 
open stupid executables but still has some problems.  A few people tell 
me they would use them i.f.f. they provided better mass and offline 
mailing facilities (for businesses).  This is something users want. 
It's no good as an extension, or atleast one that comes with the 
installation.  It has to be there!!!  Thunderbird doesn't even install 
out of the box, despite being fully functional and more issues being UI 
related than functionally related.  It's at the start of it's journey 
but it won't do any damage unless it get's installed by ordinary folk!

<rant off>

Sorry, but this mail client business hit a nerve...


Chris

Re: Virus Resistive Software

[Wes Groleau]

> The best way to get rid of Outlook, is to yank it out or disable it, pop 
> something like Mozilla Mail in.  If that's too bizzarre skin it to look 
> like outlook and see how it goes.  It's got to configure out the box, do 

It has to WORK out of the box AND be EASY to install.
I spent seven hours on the phone talking my mother
through the settings before she could even _get_ any mail.

Then I sent her Norton Anti-Virus for Christmas,
and she won't attempt to install it until I get back
on the phone with her to talk her through that.

It's not that she's stupid--but she didn't even
give up her manual typewriter [1] until five
years ago, so a computer is a major culture shift! [2]

My father's not stupid either--has a master's in
education--but he never even typed in his life until
they bought that thing.

And there are thousands like them.  It's very likely
they are hosting a virus or two.  And will be, until
I get down there and clean it for them.  I'd tell them
to get somebody who knows computers to stop in, but
unfortunately, most of the people who are able to
_use_ a computer have not a clue about security.

[1] For you young folks, that's a typewriter
     that functions only by physical force--no
     electricity.

[2] I can't say "close the window," I have to say
     "See the little 'X' in the upper right corner
      of the window?"  "Window?  Is that the big
      rectangle?"  "Yes, move the mouse until the
      arrow points to the X in the corner of it
      and press and release the left button"

-- 
Wes Groleau
http://freepages.rootsweb.com/~wgroleau/Wes

Re: Virus Resistive Software (talk about Ada Advocacy)

[James A. Krzyzanowski]

Is it possible that if Outlook never existed and Mozilla was the de facto
standard used by millions of people around the world that the creators of
viruses & worms would seek out the possible vulnerabilities that exist in
Mozilla but have not yet be exploited?

Is it possible that Outlook is simply analogous to "VHS" in the "VHS vs.
Beta Wars"?

Is it possible that developers with the best of intentions have allowed a
"bug" similar to the way Congress allows loopholes in the Tax Code?  Until
the loopholes are exploited, it is sometimes not obvious that they even
exist, but once they are found they are fixed if possible.

Oops...none of this really relates to Ada anymore - except that I see Ada
going the way of Beta in this country despite Ada proponents like myself
advising our upper management that Ada is the best language for large
software projects.  Somewhere along the line, our biggest customer has been
led to believe or desire the latest novelty languages out there despite
their lack of conformance to any universal standard.

Fast & cheap rules the day - damned be those who caution long term
reliability is more likely with up front cost and investment...remember the
old Fram Oil Filter commercials? - "pay me now or pay me later"

I used to own an Amiga...

...is it possible to be an "Ada proponent" yet be one who has succumbed to
the MicroSoft dark side?

Jeffrey Carter wrote:

> Robert C. Leif wrote:
>  > It appears from the latest news reports, that present commercial
>  > software, particularly email programs, is susceptible to attack by
>  > viruses. A question with a very big payoff is could software written
>  > in Ada and perhaps in part in XML be made significantly more virus
>  > resistant than present commercial software, such as Microsoft�
>  > Outlook�? For instance, would the strong type checking of both Ada
>  > and XML schema help.
>
> The problem is more the insistence on using software that is known to be
> vulnerable and faulty, such as Outlook, despite the availability of
> better software. For example, I use Mozilla, and have had no problems
> with the current crop of viruses and worms. Outlook is probably the most
> vulnerable mail program out there; at least when I had to use it, by
> default it installed with most of its protections turned off, and most
> of its most vulnerable features turned on. Nevertheless, it is probably
> the most widely used mail program. No amount of decent engineering can
> solve this problem.
>
> --
> Jeff Carter
> "If a sperm is wasted, God gets quite irate."
> Monty Python's the Meaning of Life
> 56

Re: Virus Resistive Software

[Bobby D. Bryant]

On Sun, 24 Aug 2003 20:34:55 -0700, Robert C. Leif wrote:

> It appears from the latest news reports, that present commercial
> software, particularly email programs, is susceptible to attack by
> viruses. A question with a very big payoff is could software written in
> Ada and perhaps in part in XML be made significantly more virus
> resistant than present commercial software, such as MicrosoftR OutlookR?
> For instance, would the strong type checking of both Ada and XML schema
> help. As a point of information, it is possible to create XML schemas
> that are semantically very similar to Ada type and object declarations.
> Would the use of an Ada protected type with a single entry for reading
> addresses in a user's phone book be of any help?

One of the most prevalent problems is with the software's design rather
than with its implementation.  I.e., if your e-mail client will execute
attachments at the click of a cl00bie, there isn't going to be any
salvation found in an Ada/XML implementation.


> <html xmlns:o="urn:schemas-microsoft-com:office:office"
> xmlns:w="urn:schemas-microsoft-com:office:word"
> xmlns:st1="urn:schemas-microsoft-com:office:smarttags"
> xmlns="http://www.w3.org/TR/REC-html40">
> 
> <head>
> <meta http-equiv=Content-Type content="text/html; charset=us-ascii">
> <meta name=Generator content="Microsoft Word 11 (filtered medium)">

Speaking of bad software design, you posted 810 lines to convey 13 lines
of content.  You might want to consider switching to a Usenet-friendly
newsreader.

-- 
Bobby Bryant
Austin, Texas

Re: Virus Resistive Software (talk about Ada Advocacy)

[Randy Brukardt]

"James A. Krzyzanowski" <James_A_Krzyzanowski@raytheon.com> wrote in message
news:3F4D0C25.CFF0E38F@raytheon.com...
> Is it possible that if Outlook never existed and Mozilla was the de facto
> standard used by millions of people around the world that the creators of
> viruses & worms would seek out the possible vulnerabilities that exist in
> Mozilla but have not yet be exploited?
>
> Is it possible that Outlook is simply analogous to "VHS" in the "VHS vs.
> Beta Wars"?

Exactly.

> ...is it possible to be an "Ada proponent" yet be one who has succumbed to
> the MicroSoft dark side?

Of course. I like to eat and have a roof. Thus we built Claw and Janus/Ada
on and for Windows. I don't know if I'd say "succumbed", but there is only
so much tilting at windmills that one can do. Ada by itself provides plenty
of that...

---

In any case, my opinion is that the mail client is irrelevant. The junk
should never get to the client in the first place. We do all of our
filtering on the mail server (much of the filtering software is written in
Ada as a plugin for our server), and the choice of mail clients don't matter
much.

If more people (and ISPs) filtered this junk at the server, we'd have a lot
less of it, because people would learn not to send it. Now, I see
"newsletters" that are so stuffed with graphics and scripts and junk that
you can hardly find the message.

Sigh. But that will never happen -- people want lots of pretty pictures, not
matter what it does to their systems.

                            Randy.