* Re: Virus Resistive Software [not found] <mailman.7.1061782606.318.comp.lang.ada@ada.eu.org> @ 2003-08-25 15:55 ` Dmytry Lavrov 2003-08-25 19:29 ` Jeffrey Carter 2003-08-28 5:56 ` Virus Resistive Software Bobby D. Bryant 2 siblings, 0 replies; 8+ messages in thread From: Dmytry Lavrov @ 2003-08-25 15:55 UTC (permalink / raw) Robert C. Leif wrote: > > It appears from the latest news reports, that present commercial > software, particularly email programs, is susceptible to attack by > viruses. A question with a very big payoff is could software written > in Ada and perhaps in part in XML be made significantly more virus > resistant than present commercial software, such as MicrosoftО©╫ > OutlookО©╫? For instance, would the strong type checking of both Ada and > XML schema help. As a point of information, it is possible to create > XML schemas that are semantically very similar to Ada type and object > declarations. Would the use of an Ada protected type with a single > entry for reading addresses in a user?s phone book be of any help? > > > > I believe the present practice of providing the source text should > decrease the vulnerability of the system. However, I hope that this > discussion can focus on technical feasibility, as opposed to an > argument about ?free? vs. entrepreneurial software. > > > > Bob Leif > > Robert C. Leif, Ph.D. > > Email rleif@rleif.com > > Heh,don't run viruses.And don't write to code area(EVEN TO JAVA SCRIPT CODE BY SCRIPT),check for [and stack] overflow,etc.If programm is not buggy(read:at least stable) it's can't be hacked or infected!. ADA programs is more stable ==> more defence against everything. BUT If ada program will run mashine code,it will be as hackable as C++ are. Also,if here will be special "codes" (like "029382FormatHardDisc" in header of mail ;-),it will be hackable . If i remember correctly,virus attack(if user does not run virus) called worm attack. If this attack is possible,it's mean software bug.Only Bug.It's not about viruses,it's about bugs. If prog causes reboots sometimes,it's mean that this prog can be(read:WILL BE) hacked (heh,if F22 need reboots,it's mean that possible to send a signal that will cause this reboot,and mean that possible to control plane remotely via hack!). Main problem of outlook(and IE) that outlook by default does RUN code(and does not ask user) for target processor if idiotic "sertificate" are right. MS sells sertificates to access your computer(ex.to spy email addresses for spamming)! ---------------- For example,if i'm sorts data via quicksort,in c++ or ada,with special input it's possible to cause stack overflow!also if heap model are bad,it's possible to fragment all heap. There are _too_many_ things called by one word:"hack" 0: Changing program(game) to work W/O disk in CD ;-). 1: decoding publically avaliable encrypted data.(why it's outlawed???Everyone can do what he want in his head or on his paper ,why not on computer???) 2: Composing encoded,verified message if you shouldn't compose this message. 3: Sending something that causes bad things to non-your computer(including 2). 3b:Sending a message that causes bad things on many computers. And there are outlawed so called "unauthorised access to computer". What's they mean by this STRANGE words? Who authorises access? What is access?What is "authorised access"? (i'm is not a native english speaker,but russian version of this laws are as strange) No one know! No explanations!(except trivial:"unauthorised access to computer is a unauthorised access to computer") By laws,if your computer have virus and virus are self-copying,YOU are OUTLAWED. Why computer communications need new laws? Federal Laws shouldn't be changed so frequently.Heh,_first_time_in_history_after_money_ new laws added for new tool(cars not about it:there still be good-old laws about murdering,no new laws ;-) Instead of spending money to lawyers,let's make software more STABLE. Program is a only set of well-defined laws for computer.If these laws ALLOW hack,there will be a hack. Thanks God,first virus was written before "internet age". Hackable/infectable progs is a problem of fool with a tool.With better tool(ada) fool is a same fool.Maybe results of fool's work are better with ada. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Virus Resistive Software [not found] <mailman.7.1061782606.318.comp.lang.ada@ada.eu.org> 2003-08-25 15:55 ` Virus Resistive Software Dmytry Lavrov @ 2003-08-25 19:29 ` Jeffrey Carter 2003-08-26 9:32 ` Preben Randhol ` (2 more replies) 2003-08-28 5:56 ` Virus Resistive Software Bobby D. Bryant 2 siblings, 3 replies; 8+ messages in thread From: Jeffrey Carter @ 2003-08-25 19:29 UTC (permalink / raw) Robert C. Leif wrote: > It appears from the latest news reports, that present commercial > software, particularly email programs, is susceptible to attack by > viruses. A question with a very big payoff is could software written > in Ada and perhaps in part in XML be made significantly more virus > resistant than present commercial software, such as Microsoft� > Outlook�? For instance, would the strong type checking of both Ada > and XML schema help. The problem is more the insistence on using software that is known to be vulnerable and faulty, such as Outlook, despite the availability of better software. For example, I use Mozilla, and have had no problems with the current crop of viruses and worms. Outlook is probably the most vulnerable mail program out there; at least when I had to use it, by default it installed with most of its protections turned off, and most of its most vulnerable features turned on. Nevertheless, it is probably the most widely used mail program. No amount of decent engineering can solve this problem. -- Jeff Carter "If a sperm is wasted, God gets quite irate." Monty Python's the Meaning of Life 56 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Virus Resistive Software 2003-08-25 19:29 ` Jeffrey Carter @ 2003-08-26 9:32 ` Preben Randhol 2003-08-26 19:15 ` chris 2003-08-27 19:53 ` Virus Resistive Software (talk about Ada Advocacy) James A. Krzyzanowski 2 siblings, 0 replies; 8+ messages in thread From: Preben Randhol @ 2003-08-26 9:32 UTC (permalink / raw) Jeffrey Carter wrote: > Outlook is probably the most vulnerable mail program out there; at > least when I had to use it, by default it installed with most of its > protections turned off, and most of its most vulnerable features > turned on. And the reason is that it is much more userfriendly if the viruses can install themselves so the user isn't burden to do it manually. -- �I think fish is nice, but then I think that rain is wet. So who am I to judge.� - The Hitch Hiker's Guide to the Galaxy (radioplay) ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Virus Resistive Software 2003-08-25 19:29 ` Jeffrey Carter 2003-08-26 9:32 ` Preben Randhol @ 2003-08-26 19:15 ` chris 2003-08-27 3:47 ` Wes Groleau 2003-08-27 19:53 ` Virus Resistive Software (talk about Ada Advocacy) James A. Krzyzanowski 2 siblings, 1 reply; 8+ messages in thread From: chris @ 2003-08-26 19:15 UTC (permalink / raw) Jeffrey Carter wrote: > The problem is more the insistence on using software that is known to be > vulnerable and faulty, such as Outlook, despite the availability of > better software. For example, I use Mozilla, and have had no problems > with the current crop of viruses and worms. Outlook is probably the most > vulnerable mail program out there; at least when I had to use it, by > default it installed with most of its protections turned off, and most > of its most vulnerable features turned on. Nevertheless, it is probably > the most widely used mail program. No amount of decent engineering can > solve this problem. I agree. <rant on> I also don't think their is a need for yet another mail client. There are free ones that don't suffer the ills of M$s big mistakes, and they are open source. Fairdoes they're not written in Ada, but what is and why does it matter? (You can't sell on the basis of language or technical superiority, Mozilla tried "use this it's driven by a C++ gecko toolkit and it'll allow you to do xyz"... if you're a geek you might care - and they failed... and now this is recognised just when they lose their major backer). They work and some are very nice. The problem is, as Jeff points out, people don't use them. They don't want to know. M$ hath given them a mail client and it giveth them mail. It's convienant, does what they want, *there* and it costs money so it must be good ("you get what you pay for"). I'm using Thunderbird 0.2a (it's good... I didn't want to touch it because it's 0.1 but Firebird was good so temptation won. It's a faster Mail with a better interface and interface bugs ;) ) right now and will never ever touch Outlook or it's little brother again. What idiot allows scripts to run willy nilly? No-one except... and they made HTML mail a no no on the internet! The best way to get rid of Outlook, is to yank it out or disable it, pop something like Mozilla Mail in. If that's too bizzarre skin it to look like outlook and see how it goes. It's got to configure out the box, do what they want, and do more than that. Mozilla Mail and Thunderbird do many things that Outlook does, it does more like Junk filtering and not open stupid executables but still has some problems. A few people tell me they would use them i.f.f. they provided better mass and offline mailing facilities (for businesses). This is something users want. It's no good as an extension, or atleast one that comes with the installation. It has to be there!!! Thunderbird doesn't even install out of the box, despite being fully functional and more issues being UI related than functionally related. It's at the start of it's journey but it won't do any damage unless it get's installed by ordinary folk! <rant off> Sorry, but this mail client business hit a nerve... Chris ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Virus Resistive Software 2003-08-26 19:15 ` chris @ 2003-08-27 3:47 ` Wes Groleau 0 siblings, 0 replies; 8+ messages in thread From: Wes Groleau @ 2003-08-27 3:47 UTC (permalink / raw) > The best way to get rid of Outlook, is to yank it out or disable it, pop > something like Mozilla Mail in. If that's too bizzarre skin it to look > like outlook and see how it goes. It's got to configure out the box, do It has to WORK out of the box AND be EASY to install. I spent seven hours on the phone talking my mother through the settings before she could even _get_ any mail. Then I sent her Norton Anti-Virus for Christmas, and she won't attempt to install it until I get back on the phone with her to talk her through that. It's not that she's stupid--but she didn't even give up her manual typewriter [1] until five years ago, so a computer is a major culture shift! [2] My father's not stupid either--has a master's in education--but he never even typed in his life until they bought that thing. And there are thousands like them. It's very likely they are hosting a virus or two. And will be, until I get down there and clean it for them. I'd tell them to get somebody who knows computers to stop in, but unfortunately, most of the people who are able to _use_ a computer have not a clue about security. [1] For you young folks, that's a typewriter that functions only by physical force--no electricity. [2] I can't say "close the window," I have to say "See the little 'X' in the upper right corner of the window?" "Window? Is that the big rectangle?" "Yes, move the mouse until the arrow points to the X in the corner of it and press and release the left button" -- Wes Groleau http://freepages.rootsweb.com/~wgroleau/Wes ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Virus Resistive Software (talk about Ada Advocacy) 2003-08-25 19:29 ` Jeffrey Carter 2003-08-26 9:32 ` Preben Randhol 2003-08-26 19:15 ` chris @ 2003-08-27 19:53 ` James A. Krzyzanowski 2003-09-04 0:51 ` Randy Brukardt 2 siblings, 1 reply; 8+ messages in thread From: James A. Krzyzanowski @ 2003-08-27 19:53 UTC (permalink / raw) Is it possible that if Outlook never existed and Mozilla was the de facto standard used by millions of people around the world that the creators of viruses & worms would seek out the possible vulnerabilities that exist in Mozilla but have not yet be exploited? Is it possible that Outlook is simply analogous to "VHS" in the "VHS vs. Beta Wars"? Is it possible that developers with the best of intentions have allowed a "bug" similar to the way Congress allows loopholes in the Tax Code? Until the loopholes are exploited, it is sometimes not obvious that they even exist, but once they are found they are fixed if possible. Oops...none of this really relates to Ada anymore - except that I see Ada going the way of Beta in this country despite Ada proponents like myself advising our upper management that Ada is the best language for large software projects. Somewhere along the line, our biggest customer has been led to believe or desire the latest novelty languages out there despite their lack of conformance to any universal standard. Fast & cheap rules the day - damned be those who caution long term reliability is more likely with up front cost and investment...remember the old Fram Oil Filter commercials? - "pay me now or pay me later" I used to own an Amiga... ...is it possible to be an "Ada proponent" yet be one who has succumbed to the MicroSoft dark side? Jeffrey Carter wrote: > Robert C. Leif wrote: > > It appears from the latest news reports, that present commercial > > software, particularly email programs, is susceptible to attack by > > viruses. A question with a very big payoff is could software written > > in Ada and perhaps in part in XML be made significantly more virus > > resistant than present commercial software, such as Microsoft� > > Outlook�? For instance, would the strong type checking of both Ada > > and XML schema help. > > The problem is more the insistence on using software that is known to be > vulnerable and faulty, such as Outlook, despite the availability of > better software. For example, I use Mozilla, and have had no problems > with the current crop of viruses and worms. Outlook is probably the most > vulnerable mail program out there; at least when I had to use it, by > default it installed with most of its protections turned off, and most > of its most vulnerable features turned on. Nevertheless, it is probably > the most widely used mail program. No amount of decent engineering can > solve this problem. > > -- > Jeff Carter > "If a sperm is wasted, God gets quite irate." > Monty Python's the Meaning of Life > 56 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Virus Resistive Software (talk about Ada Advocacy) 2003-08-27 19:53 ` Virus Resistive Software (talk about Ada Advocacy) James A. Krzyzanowski @ 2003-09-04 0:51 ` Randy Brukardt 0 siblings, 0 replies; 8+ messages in thread From: Randy Brukardt @ 2003-09-04 0:51 UTC (permalink / raw) "James A. Krzyzanowski" <James_A_Krzyzanowski@raytheon.com> wrote in message news:3F4D0C25.CFF0E38F@raytheon.com... > Is it possible that if Outlook never existed and Mozilla was the de facto > standard used by millions of people around the world that the creators of > viruses & worms would seek out the possible vulnerabilities that exist in > Mozilla but have not yet be exploited? > > Is it possible that Outlook is simply analogous to "VHS" in the "VHS vs. > Beta Wars"? Exactly. > ...is it possible to be an "Ada proponent" yet be one who has succumbed to > the MicroSoft dark side? Of course. I like to eat and have a roof. Thus we built Claw and Janus/Ada on and for Windows. I don't know if I'd say "succumbed", but there is only so much tilting at windmills that one can do. Ada by itself provides plenty of that... --- In any case, my opinion is that the mail client is irrelevant. The junk should never get to the client in the first place. We do all of our filtering on the mail server (much of the filtering software is written in Ada as a plugin for our server), and the choice of mail clients don't matter much. If more people (and ISPs) filtered this junk at the server, we'd have a lot less of it, because people would learn not to send it. Now, I see "newsletters" that are so stuffed with graphics and scripts and junk that you can hardly find the message. Sigh. But that will never happen -- people want lots of pretty pictures, not matter what it does to their systems. Randy. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Virus Resistive Software [not found] <mailman.7.1061782606.318.comp.lang.ada@ada.eu.org> 2003-08-25 15:55 ` Virus Resistive Software Dmytry Lavrov 2003-08-25 19:29 ` Jeffrey Carter @ 2003-08-28 5:56 ` Bobby D. Bryant 2 siblings, 0 replies; 8+ messages in thread From: Bobby D. Bryant @ 2003-08-28 5:56 UTC (permalink / raw) On Sun, 24 Aug 2003 20:34:55 -0700, Robert C. Leif wrote: > It appears from the latest news reports, that present commercial > software, particularly email programs, is susceptible to attack by > viruses. A question with a very big payoff is could software written in > Ada and perhaps in part in XML be made significantly more virus > resistant than present commercial software, such as MicrosoftR OutlookR? > For instance, would the strong type checking of both Ada and XML schema > help. As a point of information, it is possible to create XML schemas > that are semantically very similar to Ada type and object declarations. > Would the use of an Ada protected type with a single entry for reading > addresses in a user's phone book be of any help? One of the most prevalent problems is with the software's design rather than with its implementation. I.e., if your e-mail client will execute attachments at the click of a cl00bie, there isn't going to be any salvation found in an Ada/XML implementation. > <html xmlns:o="urn:schemas-microsoft-com:office:office" > xmlns:w="urn:schemas-microsoft-com:office:word" > xmlns:st1="urn:schemas-microsoft-com:office:smarttags" > xmlns="http://www.w3.org/TR/REC-html40"> > > <head> > <meta http-equiv=Content-Type content="text/html; charset=us-ascii"> > <meta name=Generator content="Microsoft Word 11 (filtered medium)"> Speaking of bad software design, you posted 810 lines to convey 13 lines of content. You might want to consider switching to a Usenet-friendly newsreader. -- Bobby Bryant Austin, Texas ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2003-09-04 0:51 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <mailman.7.1061782606.318.comp.lang.ada@ada.eu.org> 2003-08-25 15:55 ` Virus Resistive Software Dmytry Lavrov 2003-08-25 19:29 ` Jeffrey Carter 2003-08-26 9:32 ` Preben Randhol 2003-08-26 19:15 ` chris 2003-08-27 3:47 ` Wes Groleau 2003-08-27 19:53 ` Virus Resistive Software (talk about Ada Advocacy) James A. Krzyzanowski 2003-09-04 0:51 ` Randy Brukardt 2003-08-28 5:56 ` Virus Resistive Software Bobby D. Bryant
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox