There is a reason why Microsoft is moving to .net.
Sad part is that it is only curing part of the problem that should have been cured years ago. Problem is coming from OS design and compliers lack of means to handle it.
Gcc is a pretty bad offender. llvm one of gcc relations does a far better job at finding secuirty flaws. Simple little flaw http://gcc.gnu.org/wiki/LinkTimeOptimization . Lack of Link time optimistation. Optimisation engines where added to Gcc to detect buffer overflows and other defects problem is they are basically rendered usless when the problem crosses 2 object files.
Even llvm and MSVC are not perfect. Instead of being like gcc where defect exists between 2 object files that make up an executable. There defect exists between the .so/.dll and the executable. It is basically the same problem. Complier building the executable cannot inspect the code in the .so/.dll to make sure that code is not going to malfunction.
All 3 so far stated llvm gcc, MSVC all offer runtime buffer overflow protection optional build option. Problem with runtime buffer overflow detection it basically equals crash in case of buffer overflow poor users lose what they are working on.
Now of course someone here will think java and .net are the save all. There design has the same defect as what executables and .dlls normally have. You have executable and loaded part. Code audit in java and .net is done when the application is converted to bytecode that process does not inspect again for reactions between the dependancies and the application leading to unwanted events.
Now what happens if a dependancy changes between build of the application there is no way at moment to effectively audit to see if the change has created a new secuirty hole.
No complier system in existance is currenty taking the problem of dynamic parts causing failures. Now you might say why don't .net or java just do it on first run. Problem with auditing applications it is slow. Most users are not going to put up with a 5 min delay as the application gets checked for defects when they want to use it now. Bytecode that stays bytecode hits a wall.
Should application+depenancy reaction checking been a feature Anti-virus firms tried to develop yes. Detecting new secuirty flaws before they can be used would shutdown a lot of problems.
Should the same feature be in the development tools yes. We cannot expect programmers to know every out come of every function they call in a thrid party library. Complier saying ok this is wrong gives developer chance to fix it.
This now causes a major problem. How do you provide enough information to the complier that it can audit if calling X function with Y options will cause a secuirty defect or not. This is why open source get loved by people developing highly secure systems. You can run auditing engines over it. Black box's of closed source reduce the effectiveness of automatic defect detecting tools like http://www.coverity.com/ .
.Net and Java with there partly reversable bytecode may provide a way for closed source developers to stay in game.
Yes closed source developers try to dispute the simple audit issue. Really solution needs to be developed for Linux, Windows and OS X. Part gets updated and everything that uses gets inspected to make sure it did not cause a secuirty flaw our problems would be far less.
Trying to design a New OS without facing this problem is only going to cause the same problems in time.
People said what convity does was impossible. Reason they though scanning a complete program as a hole was too complex. Scaning segment by segment is impossable. Scanning need to be done over the complete program at once with it broken down into segments that react with each other.
Now here is the rub. Since developer are the only ones that use Development tools there is normally not that much interest in fixing them. Numbers of developers are small. Market of end users is huge. So guess where the money is. Remember Development tools are the fountation of all applications out there. If they don't work to the best everything on top risks falling in.
Subscribe to:
Post Comments (Atom)
4 comments:
An interesting idea. It would mean one more advantage for open source if the money goes to the users and not to development tools, since most opens source doesn't require that kind of big money to be made and it's already being thought for and by developers.
Its not exactly the advantage.
Its not only money either. If you want you ego stroked having 1000 of users who praise you for good work. Working for developers is a pain in but as well they just love pulling apart what you do.
Users don't mean just end users. It means all forms like super computers runners and so on.
Open Source world is already effected by it. If you look at the layout of developers more are working on tools to go to end users than tools to simplify or make development secure.
Application Recovery and Restart
http://msdn.microsoft.com/en-us/library/aa373342(VS.85).aspx
Hmm aren't they kind of useful? I know the newer MS Office suites use them. So far it worked okay for me.
There are downsides to automatic to restore like that for servers.
Lets just say by pure bad luck the recovered data causes service to crash again. This can lead to a never ending loop of data recovery splat. Also can lead server overload. Yes self caused Denial of Service.
So they are always to be used with due care. OpenOffice and Firefox both have cross platform versions of restore functions like that. Both are just exception hander catch alls.
Yes really odd feature of Posix programming given a new name basically issues are still the same.
Post a Comment